Hi Adam,
Nice to hear that it is not malicious, and certainly also to get ridge of all that anoying adware! :-)
I ran the tools you told me, and I believe that I got correctly through all the steps. My only comment is that I could not find MyPC Backup in Revo's list of programmes - what a nice tool by the way! :-) - As far as I can tell all the programmes uninstalled as they should.
Here comes my logs:
AdwCleaner[So].log:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# AdwCleaner v4.103 - Report created 02/12/2014 at 21:51:03
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Elisabeth - ELISABETH-PC
# Running from : C:\Users\Elisabeth\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : BackupStack
[#] Service Deleted : LPTSystemUpdater
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\GoSave
Folder Deleted : C:\ProgramData\SaleItCoupon
Folder Deleted : C:\ProgramData\714821c3375fd8b5
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\topdeal
Folder Deleted : C:\Program Files (x86)\GoSave
Folder Deleted : C:\windows\SysWOW64\WNLT
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ELISAB~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\ELISAB~1\AppData\Local\Temp\Unitech LLC
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Elisabeth\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Elisabeth\AppData\Local\torch
Folder Deleted : C:\Users\Elisabeth\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Elisabeth\AppData\LocalLow\Unitech LLC
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\WebExtend
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Elisabeth\Documents\Optimizer Pro
Folder Deleted : C:\Users\Gæst\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Gæst\AppData\Local\torch
Folder Deleted : C:\Users\Public\Util
Folder Deleted : C:\Users\Valdemar\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Valdemar\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Valdemar\AppData\Local\torch
Folder Deleted : C:\Users\Valdemar\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Valdemar\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\7xF@iGLk3.net
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\InCKP@j.net
Folder Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\Extensions\InCKP@j.net
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\M7Cb9e@f.net
Folder Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\Extensions\M7Cb9e@f.net
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\uy_cpqu@tevwyczzmkq.net
Folder Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\Extensions\uy_cpqu@tevwyczzmkq.net
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef
Folder Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Gæst\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpkmednhafcdnkbcfnohficagkkkala
Folder Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpkmednhafcdnkbcfnohficagkkkala
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Gæst\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Valdemar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Elisabeth\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Elisabeth\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\searchplugins\SafeFinder Search.xml
File Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\searchplugins\SafeFinder Search.xml
File Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\user.js
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elchiiiejkobdbblfejjkbphbddgmljf_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elchiiiejkobdbblfejjkbphbddgmljf_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
***** [ Scheduled Tasks ] *****
Task Deleted : DTChk
Task Deleted : DTReg
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{685F23D9-FCFD-475C-B56A-362645945C5A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FF948BE-E81B-4295-9AA0-24180CDE91C1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5D51793B-FF8C-4679-A4C7-1D17DC71373A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\iVIDI Plugin
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Unitech LLC
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\Unitech LLC
Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17420
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v30.0 (da)
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzx2jfxN3MZe[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.15pwp.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumoro[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", false);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageDay", 27);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1414212539148");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.barcodeid", "150032");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "dk");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "irssf200");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/az412617.vo.msecnd.net\\\\\\/scripts\\\\\\/crt.js\\\",\\\"hxxpsInje[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "2723d5f0-3254-4fd9-5fbc-eacf92e6f570");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "23/10/2014");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.iswinxp", "false");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1414123939");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1417036908274");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "irssf");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.mtpWQEkRoFVHBPMD.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.pqgkVW3QCR8AVW9y.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.qZujXrEIRzwlT01f.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxsk2Ly1tzOAMu2Xf[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "SafeFinder Search");
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzx2jfxN3MZe[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("extensions.15pwp.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumoro[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("extensions.mtpWQEkRoFVHBPMD.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("extensions.qZujXrEIRzwlT01f.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNl[...]
-\\ Google Chrome v
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=58&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&q={searchTerms}&SSPV=
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=58&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&q={searchTerms}&SSPV=
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=55&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&SSPV=
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=55&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&SSPV=
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&babsrc=HP_clro_pr&s=web&rlz=0&as=0&ac=0
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.kelkoo.dk/ctl/do/search?siteSearchQuery={searchTerms}&from=colibri
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kpdhgpkkloealnjnmepfhanpcleldbef
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : febofpodjlkgfmljjonnhpghpgcpfldi
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : djpkmednhafcdnkbcfnohficagkkkala
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.claro-search.com/?affID=114508&tt=4312_8&babsrc=HP_clro&mntrId=3ccdf288000000000000000000000000
-\\ Comodo Dragon v
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=58&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&q={searchTerms}&SSPV=
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=58&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&q={searchTerms}&SSPV=
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&babsrc=HP_clro_pr&s=web&rlz=0&as=0&ac=0
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.kelkoo.dk/ctl/do/search?siteSearchQuery={searchTerms}&from=colibri
*************************
AdwCleaner[R0].txt - [28689 octets] - [02/12/2014 21:43:51]
AdwCleaner[S0].txt - [27076 octets] - [02/12/2014 21:51:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27137 octets] ##########
JTR.txt:
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Elisabeth on 02-12-2014 at 21:59:54,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{047AF3A9-C3D0-4227-8346-17D29CA78D62}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{0648C5CD-091F-4D19-B1CB-37CAA1C662B5}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{0FF1F229-941C-4C55-9EED-082931999E0A}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{12D5014B-B009-4A85-92F0-BC3D77DE63F5}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{13A15CF1-1577-4D62-A372-2DA2A76AC1C2}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{15C5B287-9488-4699-8C87-D37CED559BBF}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{1A4398A4-50D9-4A88-8FC1-83F391F6BFD7}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{1FAE4B19-433F-4EC4-A77A-E6B818396B8D}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{23D9AA67-2E83-420A-B617-542ACE66CE9C}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{371DA743-71AF-44AD-84A9-5512A28F77C2}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{3744B272-C7EE-4325-8630-808C4CDE9F9D}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{43B59605-7F19-4AB6-B540-EA2426EC6673}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{4E13F267-149C-47E4-9D15-9112E136ED7A}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{4F0BB11B-57AB-4ECF-8993-4F38F71DED98}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{57954AD6-4B82-4C17-AA83-05B4F7E66DD0}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{687CF08E-AD1B-4F84-97CC-0F1E917A6111}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{70AD1F95-4EB5-4B80-AB95-80FC2F336ED0}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{74151456-29BA-452C-9675-2AF58EBC50C7}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{762B3F04-FD2B-4A8B-A7D8-A1CDAFC2EF7A}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{8617BD05-E9AC-45A5-B323-45CCE5C46FC7}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{88F0CB53-500D-4C7E-B9FA-DE87B0A84E27}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{9AC6833B-8FD1-4DA9-ACBA-D298A93EBD78}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{9FF725C4-DA2C-4F82-B6A5-7971ED0535CA}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A066C883-B0EA-4E60-9DA8-09DE15562416}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A4702CE3-1CE2-4690-A646-7F8AF4664BE2}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A4C001AD-20F2-481A-9E08-B5B74B551011}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A5A7898A-B175-446D-9D87-B366253A026C}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A6519127-2308-45A1-96DF-0CD2F77F3586}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{B1187265-12D9-42B8-8BEB-68BBD9707E9B}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{BD790FDD-665D-4564-B9EC-1ACDDA7B667B}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{C1E948CC-EF68-43D2-98D7-010146E89FB5}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{C45D4D11-8414-4D64-B01A-ED4834412717}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{D235686E-8842-4FA2-94E6-03F2B8DE66DD}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{D5834EED-CB5A-49F7-84AF-C8693A938BF6}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{DDA9E801-ABCD-4901-86CC-D5BD5B81A415}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{DDF3BC30-DB36-449D-BD25-0E8FA8BF8F1C}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{F705BB6D-059B-4FFC-BED0-83F6600F4F22}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{F7374D99-655B-4EFA-9059-CB89F82F4AE9}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{FE26F720-562E-4539-9BB1-A4D24352C066}
~~~ FireFox
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\speedtest4354@bestoffers
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02-12-2014 at 22:08:13,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MBAM scan log:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 02-12-2014
Scan Time: 23:15:34
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.12.02.09
Rootkit Database: v2014.12.02.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Elisabeth
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398344
Time Elapsed: 53 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 22
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [19f54e101c605ed8071af40eba498d73],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [997526380a72e74f79958a4254ae49b7],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [997526380a72e74f79958a4254ae49b7],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [997526380a72e74f79958a4254ae49b7],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [997526380a72e74f79958a4254ae49b7],
PUP.Optional.SpeedTest.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, Quarantined, [15f9fe603448e2541838be0aa06255ab],
PUP.Optional.SpeedTest.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, Quarantined, [15f9fe603448e2541838be0aa06255ab],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, Quarantined, [5ab45b03b6c6ce689cbeb21613ef659b],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, Quarantined, [5ab45b03b6c6ce689cbeb21613ef659b],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DEDAF650-12B8-48F5-A843-BBA100716106}, Quarantined, [8e80f9652d4fd660d1636b61659d629e],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, Quarantined, [8e80f9652d4fd660d1636b61659d629e],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, Quarantined, [040af16d2e4e280e0f4c874115ed857b],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, Quarantined, [040af16d2e4e280e0f4c874115ed857b],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [58b63a2428545bdbbd5403c940c22ed2],
PUP.Optional.SweetPacks, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [58b63a2428545bdbbd5403c940c22ed2],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, Quarantined, [2be358068fed1f178e533d8eab57639d],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, Quarantined, [13fbf7677309b77f2fb339924cb6cd33],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [4bc33e20df9d4ceae16fedd0f50f8f71],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [57b7431bbebe3cfa054ab9040ef642be],
PUP.Optional.SavingsSidekick.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Sidekick, Quarantined, [818d0757641883b3cbab2248ca392dd3],
PUP.Optional.PCPerformer.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT\PC Performer, Quarantined, [13fbadb10d6f78be41e96b2f1de78779],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [ce402f2f4a326acc82de2949c43f0000],
Registry Values: 2
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3664937432-39338335-2934514172-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [f41ad886e09c56e034cf3329eb181be5]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [f21c69f56f0d41f50bf8a4b85aa9ae52]
Registry Data: 6
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[6da1f06ec2ba0e28d01e361c52b36d93]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.safefind...o7OsMM74nLQKyQQ, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzx2jfxN3MZeHVU_vrVSDvCZH8RhJf5OGHAgdkh7AICdOygbE7MjW8lM4g5Km9gU_0cr37Sjo7OsMM74nLQKyQQ,),Replaced,[a569ea74b0cca6902ac1aea4ad588080]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[1fef243a027a0135d51b2d25d62f40c0]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[49c581dd700cc47233c07ed4d72ee719]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[0fff6bf317654beb0ee6aca6fc09af51]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[f519322c6a12f54166909eb4b15457a9]
Folders: 6
PUP.Optional.Extutil.A, C:\Users\Elisabeth\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [de3039254b311125be7070bae02313ed],
PUP.Optional.Managera.A, C:\Users\Elisabeth\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [13fb49154933d75ff738e94127dc0df3],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
Files: 83
PUP.Optional.OpenCandy, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$RB1EJQ2.exe, Quarantined, [42cc90ce116bf5414fbb42422cd98080],
PUP.Optional.VOPackage.Gen, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$RVUVYVE.exe, Quarantined, [d93566f81f5d3ef899092bbbd52cde22],
PUP.Optional.MultiPlug, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$R4CXNWU\euamQKlEXRIElY.exe, Quarantined, [53bb530bf8847bbb048901c054ade31d],
PUP.Optional.MultiPlug, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$R82R1MI\eu.exe, Quarantined, [c549bca22755ff37484513ae0cf50df3],
PUP.Optional.Montiera, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$RKU2XIY.0\ividi4ffx.exe, Quarantined, [0fffb8a65527c17578cb3213c43d57a9],
PUP.Optional.Montiera, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$RKU2XIY.0\ividi4ie.exe, Quarantined, [b15deb73ccb087af093a32132fd2f40c],
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe, Quarantined, [97773826bfbd7fb74259770cd134a15f],
PUP.Optional.Softonic.A, C:\Users\Elisabeth\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe, Quarantined, [1fefbca26418181ec6dcb20a936e6a96],
PUP.Optional.SweetPacks.A, C:\Users\Elisabeth\AppData\Local\Temp\spacksyahoo_717_active.exe, Quarantined, [20ee67f7423a3afcb119f24620e18f71],
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\bundlesweetimsetup.exe, Quarantined, [f6183f1f106cdf57f3a8dba8966f41bf],
PUP.Optional.InstallMonetizer, C:\Users\Elisabeth\AppData\Local\Temp\nsgB099.tmp, Quarantined, [cf3f233bd1ab3afc5d6678487c86d828],
PUP.Optional.Perion.A, C:\Users\Elisabeth\AppData\Local\Temp\WSSetup.exe, Quarantined, [fe10ee70225a49edf6dcf119d62f0ef2],
PUP.Optional.InstallBrain, C:\Users\Elisabeth\AppData\Local\Temp\Zoola Games314483.exe, Quarantined, [21ed92ccaece70c6808d52e340c0d828],
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\1380375175_15691875_872_4.tmp, Quarantined, [9777c5995f1d74c2b6e585fe8b7a58a8],
PUP.Optional.MyPCBackup.A, C:\Users\Elisabeth\AppData\Local\Temp\BackupSetup.exe, Quarantined, [10fe0e5028548da93ba99e427e83f10f],
PUP.Optional.DefaultTab.A, C:\Users\Elisabeth\AppData\Local\Temp\DefaultTabSetup2.exe, Quarantined, [11fde5794d2f0a2c058642eaf907d729],
PUP.Optional.InstallCore.A, C:\Users\Elisabeth\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe, Quarantined, [f41ae876ec9034020a39a7810afb14ec],
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\mgsqlite3.7z, Quarantined, [41cde579aece8fa7cbd0d4af34d1837d],
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\mgsqlite3.dll, Quarantined, [739be17df48877bf1784533090759868],
PUP.Optional.InstallMonetizer, C:\Users\Elisabeth\AppData\Local\Temp\nsg94C1.tmp\nsManeshWeb.dll, Quarantined, [ab630d51cab2af87457e229e0cf651af],
PUP.Optional.Installcore, C:\Users\Elisabeth\AppData\Local\Temp\nsg94C1.tmp\nsvmd.dll, Quarantined, [68a6c39bdca062d4fc5bb546d42dc23e],
PUP.Optional.Wajam, C:\Users\Elisabeth\AppData\Local\Temp\nsg94C1.tmp\OurChecker.exe, Quarantined, [f717332bb9c3df57e6a96352b949cc34],
PUP.Optional.EZDownloader.A, C:\Users\Elisabeth\AppData\Local\Temp\{0948F5B9-25F7-4A90-A87B-6DD5D2ABD74F}\Addons\EzDownloader_setup.exe, Quarantined, [a46a5707502cfc3aca136ab508f81be5],
PUP.Optional.Montiera, C:\Users\Elisabeth\AppData\Local\Temp\nsoBFE7.tmp\ividi_1.8.23.0.exe, Quarantined, [e12dd78778048ea8f74c3b0ad42dc937],
PUP.Optional.SkyTech.A, C:\Users\Valdemar\AppData\Local\Temp\adks_awesomehp.exe, Quarantined, [8a842a34453778bef50ab2bf966b36ca],
PUP.Optional.DomaIQ, C:\Users\Elisabeth\Downloads\Setup.exe, Quarantined, [c8466cf2cfad2c0a53d5df7afe02c739],
PUP.Optional.Bandoo, C:\Users\Elisabeth\Downloads\iLividSetup-r342-n-bc.exe, Quarantined, [a866d08ef389092d1b71061f1de4bf41],
PUP.Optional.Softonic, C:\Users\Valdemar\Downloads\SoftonicDownloader_for_acoustica-mixcraft.exe, Quarantined, [4cc2ca94a9d37cba21799cbe1ae63bc5],
PUP.Optional.InstalleRex, C:\Users\Valdemar\Downloads\® - Danish movie.exe, Quarantined, [4fbfda84b0cc8aac7a0da42da25f27d9],
PUP.Optional.PremiumInstaller, C:\Users\Valdemar\Downloads\setup (1).exe, Quarantined, [ed2196c8a1db95a11da6d775e0253ac6],
PUP.Optional.PremiumInstaller, C:\Users\Valdemar\Downloads\setup (2).exe, Quarantined, [62ac5a04700c7abc952e3b11e81d8e72],
PUP.Optional.PremiumInstaller, C:\Users\Valdemar\Downloads\setup (3).exe, Quarantined, [e12d233ba6d692a406bded5fd233b14f],
PUP.Optional.OptimunInstaller, C:\Users\Valdemar\Downloads\setup (4).exe, Quarantined, [848a1e40fd7f1a1c5f89e5644db30af6],
PUP.Optional.PremiumInstaller, C:\Users\Valdemar\Downloads\setup.exe, Quarantined, [58b665f99ddfd264f8cbff4d56af8b75],
PUP.Optional.ToolBarInstaller.A, C:\Users\Valdemar\Downloads\Zend.Technologies.Ltd.Zend.Studio.v10.1.Incl.Keygen-Lz0 (1).exe, Quarantined, [d638c29cd6a6d363518b06589f6220e0],
PUP.Optional.ToolBarInstaller.A, C:\Users\Valdemar\Downloads\Zend.Technologies.Ltd.Zend.Studio.v10.1.Incl.Keygen-Lz0.exe, Quarantined, [d33b8bd32b51d75fa53707579071af51],
PUP.Optional.InstallBrain, C:\Users\Valdemar\Downloads\ZoolaGamesSetup (1).exe, Quarantined, [11fd92cc2755ef47818cd2630bf505fb],
PUP.Optional.InstallBrain, C:\Users\Valdemar\Downloads\ZoolaGamesSetup.exe, Quarantined, [5eb0cd913c403ef80ffe52e3b34ded13],
PUP.Optional.OptimumInstaller.A, C:\Users\Valdemar\Downloads\Mandela_Long_Walk_To_Freedom_2013_720p_Bluray_DTS_x264-RARBG.exe, Quarantined, [d13df76764182a0cceb1e287f40d43bd],
PUP.Optional.InstallCore.A, C:\Users\Valdemar\Downloads\FirefoxSetup.exe, Quarantined, [20ee1f3ff884c175ac9777b126dfdd23],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, Quarantined, [6ba35905512b0135237c07a16899f20e],
PUP.Optional.VeriStaff, C:\Windows\Installer\2c4ef6.msi, Quarantined, [f11de07ea0dc48ee74f4c09d7090768a],
PUP.Optional.CrossRider.A, C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0.localstorage-journal, Quarantined, [0509fb63314b15211c874926fc07e51b],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [6f9f1747d6a6b97d1c377845a064b34d],
PUP.Optional.ReMarkable.A, C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [e42a421cec90c76fa198f5c9ad57ba46],
PUP.Optional.ReMarkable.A, C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [33db530ba1dba78f15246d51b84cf30d],
PUP.Optional.Extutil.A, C:\Users\Elisabeth\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [de3039254b311125be7070bae02313ed],
PUP.Optional.Extutil.A, C:\Users\Elisabeth\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [de3039254b311125be7070bae02313ed],
PUP.Optional.Extutil.A, C:\Users\Elisabeth\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [de3039254b311125be7070bae02313ed],
PUP.Optional.Managera.A, C:\Users\Elisabeth\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [13fb49154933d75ff738e94127dc0df3],
PUP.Optional.Managera.A, C:\Users\Elisabeth\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [13fb49154933d75ff738e94127dc0df3],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome.manifest, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\icon.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\install.rdf, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\background.html, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.xml, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\config.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\content.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.xul, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\options.xul, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\rjs.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\settings.json, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\subscriptloader.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin\framework.css, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],
PUP.Optional.Trovi.A, C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "new_tab_url": "https://www.trovi.co...8D4F54&SAT=CNTS",), Replaced,[5eb098c6cfadda5c6277177fb84d13ed]
Physical Sectors: 0
(No malicious items detected)
(end)
FRST.txt:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014
Ran by Elisabeth (administrator) on ELISABETH-PC on 03-12-2014 00:35:24
Running from C:\Users\Elisabeth\Desktop
Loaded Profile: Elisabeth (Available profiles: Elisabeth & Valdemar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dansk (Danmark)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\SysWOW64\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek Computer Inc.) C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotkeyService.exe
() C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AsusTek Computer Inc.) C:\Program Files (x86)\Asus\USBChargeSetting\iSeriesCharge.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files (x86)\Asus\CapsHook\CapsHook.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92456 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [LiveUpdate] => C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe [1086888 2010-11-22] (AsusTek Computer Inc.)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [461488 2011-01-07] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-27] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-02-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169264 2007-09-06] (Maxtor Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NokiaInternetModem_AppStart.exe] => C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe [248448 2011-06-17] (Nokia)
HKLM-x32\...\Run: [iSeriesCharge] => C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe [99792 2012-06-28] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [Google Update] => "C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {13452e23-6e74-11e1-8843-f46d04bd7f4c} - E:\application\Nokia_Internet_Modem.exe
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {22df2162-20e9-11e3-ba20-f46d04bd7f4c} - E:\AutoRun.exe
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {2f3cc459-1ecc-11e3-b885-f46d04bd7f4c} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Clipper and Launcher til OneNote 2007.lnk
ShortcutTarget: Screen Clipper and Launcher til OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3664937432-39338335-2934514172-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Hjælp til logon til Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.127.127.11 81.27.221.146 81.27.221.179
FireFox:
========
FF ProfilePath: C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3664937432-39338335-2934514172-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3664937432-39338335-2934514172-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-co-uk.xml
FF Extension: Sites - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} [2014-10-24]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-10-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Just Pin It) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe [2014-10-10]
CHR Extension: (Dictionary Bubble Instant Dictionary) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfembjnmeainjncdflaoclcjadfhpoim [2014-10-21]
CHR Extension: (My Exact Time) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpkbdnmkoemdpgjepafpcgidkikhmpm [2014-10-30]
CHR StartMenuInternet: Google Chrome - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsusService; C:\windows\SysWOW64\AsusService.exe [224680 2010-12-07] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-15] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-15] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AiDriver; C:\Windows\System32\DRIVERS\AiDriver.sys [17152 2012-05-07] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-06-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-03] (Symantec Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-02-03] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 nokia_cs1x_cdc_acm; C:\Windows\System32\DRIVERS\nokia_cs1x_cdc_acm.sys [98304 2010-04-22] (Nokia)
S3 nokia_cs1x_cdc_ecm; C:\Windows\System32\DRIVERS\nokia_cs1x_cdc_ecm.sys [53760 2010-04-22] (Nokia)
S3 nokia_cs1x_cpo; C:\Windows\System32\DRIVERS\nokia_cs1x_cpo.sys [13824 2010-04-22] (Nokia)
R3 nokia_cs1x_dc_enum; C:\Windows\System32\DRIVERS\nokia_cs1x_dc_enum.sys [97280 2010-04-22] (Nokia)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 22:11 - 2014-12-03 00:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 22:10 - 2014-12-02 22:10 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 22:10 - 2014-12-02 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-02 22:10 - 2014-12-02 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-02 22:10 - 2014-12-02 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-02 22:10 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-02 22:10 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-02 22:10 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-02 22:09 - 2014-12-02 16:50 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Elisabeth\Desktop\mbam-setup-2.0.3.1025.exe
2014-12-02 22:08 - 2014-12-02 22:08 - 00005675 _____ () C:\Users\Elisabeth\Desktop\JRT.txt
2014-12-02 21:59 - 2014-12-02 21:59 - 00000000 ____D () C:\windows\ERUNT
2014-12-02 21:56 - 2014-12-02 16:44 - 01707646 _____ (Thisisu) C:\Users\Elisabeth\Desktop\JRT.exe
2014-12-02 21:43 - 2014-12-02 21:51 - 00000000 ____D () C:\AdwCleaner
2014-12-02 21:43 - 2014-12-02 16:42 - 02154496 _____ () C:\Users\Elisabeth\Desktop\AdwCleaner.exe
2014-12-02 21:16 - 2014-12-02 21:16 - 00001160 _____ () C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-02 21:10 - 2014-12-02 21:10 - 00000000 ____D () C:\Program Files (x86)\ProShopper
2014-12-02 20:58 - 2014-12-02 20:58 - 00000000 ____D () C:\Program Files (x86)\leess2paeye
2014-12-02 20:53 - 2014-12-02 20:53 - 00000000 __SHD () C:\Users\Elisabeth\AppData\Local\EmieBrowserModeList
2014-12-02 20:23 - 2014-12-02 20:23 - 00001264 _____ () C:\Users\Elisabeth\Desktop\Revo Uninstaller.lnk
2014-12-02 20:23 - 2014-12-02 20:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-01 20:13 - 2014-12-01 20:16 - 00041380 _____ () C:\Users\Elisabeth\Desktop\Addition.txt
2014-12-01 20:08 - 2014-12-03 00:36 - 00020971 _____ () C:\Users\Elisabeth\Desktop\FRST.txt
2014-12-01 20:08 - 2014-12-03 00:35 - 00000000 ____D () C:\FRST
2014-12-01 20:07 - 2014-11-29 14:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Elisabeth\Desktop\tdsskiller.exe
2014-12-01 20:07 - 2014-11-26 15:32 - 02118144 _____ (Farbar) C:\Users\Elisabeth\Desktop\FRST64.exe
2014-11-26 23:10 - 2014-11-26 23:10 - 00007604 _____ () C:\Users\Elisabeth\AppData\Local\Resmon.ResmonCfg
2014-11-26 22:17 - 2014-11-26 15:29 - 05198336 _____ (AVAST Software) C:\Users\Elisabeth\Desktop\aswMBR.exe
2014-11-26 22:11 - 2014-11-26 22:11 - 00015667 _____ () C:\Users\Elisabeth\Desktop\hijackthis.log
2014-11-26 22:09 - 2014-11-26 15:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Elisabeth\Desktop\HiJackThis.exe
2014-11-23 14:02 - 2014-11-23 14:02 - 00007977 _____ () C:\Users\Valdemar\Desktop\opgave 5.xlsx
2014-11-22 08:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-22 08:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-22 08:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-22 08:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-20 12:00 - 2011-10-21 16:35 - 00000680 _____ () C:\Users\Valdemar\Desktop\Mixcraft 5.lnk
2014-11-15 17:18 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-15 17:18 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-15 17:18 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-15 17:18 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-15 17:17 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-15 17:17 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-15 17:17 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-15 17:17 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-15 17:17 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-15 17:17 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-15 17:17 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-15 17:17 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-15 17:17 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-15 17:16 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-15 17:16 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-15 17:16 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-15 17:16 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-15 17:16 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-15 17:16 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-15 17:16 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-15 17:16 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-15 17:16 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-15 17:16 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-15 17:16 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-15 17:16 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-15 17:16 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-15 17:16 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-15 17:16 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-15 17:16 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-15 17:16 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-15 17:16 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 17:16 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-15 17:16 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-15 17:16 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-15 17:16 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-15 17:16 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-15 17:16 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-15 17:16 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-15 17:16 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-15 17:15 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-15 17:15 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-15 17:15 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-15 17:15 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-15 17:15 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-15 17:15 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-15 17:15 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-15 17:15 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-15 17:15 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-15 17:15 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-15 17:15 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-15 17:15 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-15 17:15 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-15 17:15 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-15 17:15 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-15 17:15 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-15 17:15 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-15 17:15 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-15 17:15 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-15 17:15 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-15 17:15 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-15 17:15 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-15 17:15 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-15 17:15 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-15 17:15 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-15 17:15 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-15 17:15 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-15 17:15 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-15 17:15 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-15 17:15 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-15 17:14 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-15 17:14 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-15 17:14 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-15 17:14 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-15 17:14 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-15 17:14 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-15 17:13 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-15 17:12 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-15 17:12 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-15 17:11 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-15 17:11 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-15 17:09 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-15 17:09 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-03 00:31 - 2012-01-19 09:41 - 01701060 _____ () C:\windows\WindowsUpdate.log
2014-12-03 00:28 - 2009-07-14 05:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 00:28 - 2009-07-14 05:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 00:23 - 2012-01-22 12:49 - 00000000 ____D () C:\Users\Elisabeth\AppData\Roaming\Skype
2014-12-03 00:19 - 2012-01-22 08:13 - 00126118 _____ () C:\windows\PFRO.log
2014-12-03 00:19 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-03 00:19 - 2009-07-14 05:51 - 00145967 _____ () C:\windows\setupact.log
2014-12-03 00:18 - 2012-06-23 08:43 - 00000000 ____D () C:\windows\en
2014-12-03 00:15 - 2013-09-16 07:31 - 00000954 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA.job
2014-12-03 00:07 - 2012-01-23 17:16 - 00000958 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA.job
2014-12-02 20:08 - 2013-09-16 07:31 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core.job
2014-12-02 20:08 - 2012-01-23 17:16 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core.job
2014-11-26 22:12 - 2010-08-13 05:13 - 00635850 _____ () C:\windows\system32\perfh006.dat
2014-11-26 22:12 - 2010-08-13 05:13 - 00142908 _____ () C:\windows\system32\perfc006.dat
2014-11-26 22:12 - 2009-07-14 06:13 - 00006264 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-26 14:52 - 2013-10-07 06:14 - 00000000 ____D () C:\Users\Valdemar\AppData\Roaming\Spotify
2014-11-25 17:06 - 2013-10-07 06:16 - 00000000 ____D () C:\Users\Valdemar\AppData\Local\Spotify
2014-11-25 16:50 - 2014-08-21 19:21 - 00000000 ____D () C:\ProgramData\OnlineUpdate
2014-11-22 08:54 - 2013-09-15 18:33 - 00000000 ____D () C:\Users\Valdemar\AppData\Local\Microsoft Help
2014-11-21 19:03 - 2014-05-07 15:24 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-21 18:43 - 2012-01-22 09:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-21 18:28 - 2009-07-14 05:45 - 00449384 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-20 12:05 - 2013-09-15 14:53 - 00000000 ____D () C:\windows\system32\MRT
2014-11-20 12:05 - 2012-01-23 19:53 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Elisabeth\AppData\Local\Temp\08262B00.dll
C:\Users\Elisabeth\AppData\Local\Temp\0827DCB1.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C87DC03.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C88B50D.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C8F8506.dll
C:\Users\Elisabeth\AppData\Local\Temp\0FA8179E.dll
C:\Users\Elisabeth\AppData\Local\Temp\0FAB7DE7.dll
C:\Users\Elisabeth\AppData\Local\Temp\1313F3B7.dll
C:\Users\Elisabeth\AppData\Local\Temp\13174420.dll
C:\Users\Elisabeth\AppData\Local\Temp\13194905.dll
C:\Users\Elisabeth\AppData\Local\Temp\131EA72E.dll
C:\Users\Elisabeth\AppData\Local\Temp\189F81F0.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A6F102.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A7EC3A.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A8CEFC.dll
C:\Users\Elisabeth\AppData\Local\Temp\18B4C934.dll
C:\Users\Elisabeth\AppData\Local\Temp\1ACA8ACC.dll
C:\Users\Elisabeth\AppData\Local\Temp\1B1E1ADC.dll
C:\Users\Elisabeth\AppData\Local\Temp\1DD2D47D.dll
C:\Users\Elisabeth\AppData\Local\Temp\1DD41755.dll
C:\Users\Elisabeth\AppData\Local\Temp\2502F169.dll
C:\Users\Elisabeth\AppData\Local\Temp\25E25309.dll
C:\Users\Elisabeth\AppData\Local\Temp\266FA216.dll
C:\Users\Elisabeth\AppData\Local\Temp\28C2B0B2.dll
C:\Users\Elisabeth\AppData\Local\Temp\28C9043F.dll
C:\Users\Elisabeth\AppData\Local\Temp\28CA8E96.dll
C:\Users\Elisabeth\AppData\Local\Temp\28DD61A8.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8B8929.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8CF45A.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8DB5C7.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D97A068.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D9E6708.dll
C:\Users\Elisabeth\AppData\Local\Temp\2ED693D7.dll
C:\Users\Elisabeth\AppData\Local\Temp\2ED7E783.dll
C:\Users\Elisabeth\AppData\Local\Temp\313725B9.dll
C:\Users\Elisabeth\AppData\Local\Temp\3304E8F9.dll
C:\Users\Elisabeth\AppData\Local\Temp\33065BE9.dll
C:\Users\Elisabeth\AppData\Local\Temp\3306A192.dll
C:\Users\Elisabeth\AppData\Local\Temp\3308EBBE.dll
C:\Users\Elisabeth\AppData\Local\Temp\330A7937.dll
C:\Users\Elisabeth\AppData\Local\Temp\3316A806.dll
C:\Users\Elisabeth\AppData\Local\Temp\33186155.dll
C:\Users\Elisabeth\AppData\Local\Temp\3321B4A7.dll
C:\Users\Elisabeth\AppData\Local\Temp\3394286C.dll
C:\Users\Elisabeth\AppData\Local\Temp\3395F5EA.dll
C:\Users\Elisabeth\AppData\Local\Temp\33982639.dll
C:\Users\Elisabeth\AppData\Local\Temp\34E3098B.dll
C:\Users\Elisabeth\AppData\Local\Temp\3D71D5BB.dll
C:\Users\Elisabeth\AppData\Local\Temp\45536553.dll
C:\Users\Elisabeth\AppData\Local\Temp\45559048.dll
C:\Users\Elisabeth\AppData\Local\Temp\45577D6F.dll
C:\Users\Elisabeth\AppData\Local\Temp\455E8146.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D2E0AF.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D3E8DA.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D8301C.dll
C:\Users\Elisabeth\AppData\Local\Temp\692A03C3.dll
C:\Users\Elisabeth\AppData\Local\Temp\69AB00C8.dll
C:\Users\Elisabeth\AppData\Local\Temp\69AECE29.dll
C:\Users\Elisabeth\AppData\Local\Temp\6A7C1DF4.dll
C:\Users\Elisabeth\AppData\Local\Temp\717B172F.dll
C:\Users\Elisabeth\AppData\Local\Temp\7347BFD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\73837ACA.dll
C:\Users\Elisabeth\AppData\Local\Temp\753BD18A.dll
C:\Users\Elisabeth\AppData\Local\Temp\753E2994.dll
C:\Users\Elisabeth\AppData\Local\Temp\756665F6.dll
C:\Users\Elisabeth\AppData\Local\Temp\7567ABD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\77D392B8.dll
C:\Users\Elisabeth\AppData\Local\Temp\77DF78F5.dll
C:\Users\Elisabeth\AppData\Local\Temp\77E03432.dll
C:\Users\Elisabeth\AppData\Local\Temp\78B538F7.dll
C:\Users\Elisabeth\AppData\Local\Temp\847925A2.dll
C:\Users\Elisabeth\AppData\Local\Temp\847B9AB6.dll
C:\Users\Elisabeth\AppData\Local\Temp\847D1A21.dll
C:\Users\Elisabeth\AppData\Local\Temp\848255E6.dll
C:\Users\Elisabeth\AppData\Local\Temp\89541DA0.dll
C:\Users\Elisabeth\AppData\Local\Temp\89590875.dll
C:\Users\Elisabeth\AppData\Local\Temp\895CF41A.dll
C:\Users\Elisabeth\AppData\Local\Temp\895FF552.dll
C:\Users\Elisabeth\AppData\Local\Temp\896AA2C4.dll
C:\Users\Elisabeth\AppData\Local\Temp\896B5D79.dll
C:\Users\Elisabeth\AppData\Local\Temp\896ED55E.dll
C:\Users\Elisabeth\AppData\Local\Temp\8BA45656.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F281819.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F2914CA.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F2A6E50.dll
C:\Users\Elisabeth\AppData\Local\Temp\903C04C1.dll
C:\Users\Elisabeth\AppData\Local\Temp\90417395.dll
C:\Users\Elisabeth\AppData\Local\Temp\904389B4.dll
C:\Users\Elisabeth\AppData\Local\Temp\90490DF9.dll
C:\Users\Elisabeth\AppData\Local\Temp\906E7671.dll
C:\Users\Elisabeth\AppData\Local\Temp\90B91D7D.dll
C:\Users\Elisabeth\AppData\Local\Temp\92D8BD96.dll
C:\Users\Elisabeth\AppData\Local\Temp\92DBFFBB.dll
C:\Users\Elisabeth\AppData\Local\Temp\92E658BF.dll
C:\Users\Elisabeth\AppData\Local\Temp\92E93FD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\997C0D2C.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B68B4BA.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B6B13AF.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B6CDAE5.dll
C:\Users\Elisabeth\AppData\Local\Temp\9EFC3C87.dll
C:\Users\Elisabeth\AppData\Local\Temp\A551D832.dll
C:\Users\Elisabeth\AppData\Local\Temp\A9AB66C5.dll
C:\Users\Elisabeth\AppData\Local\Temp\acufutls.dll
C:\Users\Elisabeth\AppData\Local\Temp\AEC5A5FE.dll
C:\Users\Elisabeth\AppData\Local\Temp\APNSetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\AskSLib.dll
C:\Users\Elisabeth\AppData\Local\Temp\B16402AB.dll
C:\Users\Elisabeth\AppData\Local\Temp\B1688715.dll
C:\Users\Elisabeth\AppData\Local\Temp\B61ED455.dll
C:\Users\Elisabeth\AppData\Local\Temp\B61FEBC7.dll
C:\Users\Elisabeth\AppData\Local\Temp\B622DD43.dll
C:\Users\Elisabeth\AppData\Local\Temp\B63F5897.dll
C:\Users\Elisabeth\AppData\Local\Temp\B6418605.dll
C:\Users\Elisabeth\AppData\Local\Temp\B687F76C.dll
C:\Users\Elisabeth\AppData\Local\Temp\B68962EE.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA368BF2.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA3986B4.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA3BE705.dll
C:\Users\Elisabeth\AppData\Local\Temp\BullGuard Internet Security Setup.exe
C:\Users\Elisabeth\AppData\Local\Temp\C30F542C.dll
C:\Users\Elisabeth\AppData\Local\Temp\C7DAECF5.dll
C:\Users\Elisabeth\AppData\Local\Temp\CD3561FA.dll
C:\Users\Elisabeth\AppData\Local\Temp\CF72D401.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEAACD0.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEB9881.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEDED44.dll
C:\Users\Elisabeth\AppData\Local\Temp\D3FF30FC.dll
C:\Users\Elisabeth\AppData\Local\Temp\D56C7138.dll
C:\Users\Elisabeth\AppData\Local\Temp\down.2340.setupytb.exe
C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Elisabeth\AppData\Local\Temp\E398114C.dll
C:\Users\Elisabeth\AppData\Local\Temp\eauninstall.exe
C:\Users\Elisabeth\AppData\Local\Temp\F2A4CBED.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2A84183.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2AB49A8.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2CC24D7.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2CCF170.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2D11615.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9B3F91.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9D3707.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9DD4B0.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9E5940.dll
C:\Users\Elisabeth\AppData\Local\Temp\FF967752.dll
C:\Users\Elisabeth\AppData\Local\Temp\GUR20E8.exe
C:\Users\Elisabeth\AppData\Local\Temp\hlar-uab.dll
C:\Users\Elisabeth\AppData\Local\Temp\jeDC4.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.dll
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.exe
C:\Users\Elisabeth\AppData\Local\Temp\mixcraft6-b216-setup.exe
C:\Users\Elisabeth\AppData\Local\Temp\oct1BA3.tmp.exe
C:\Users\Elisabeth\AppData\Local\Temp\octB50A.tmp.exe
C:\Users\Elisabeth\AppData\Local\Temp\optprosetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\patch-series-216-217.exe
C:\Users\Elisabeth\AppData\Local\Temp\PokkiInstaller.exe
C:\Users\Elisabeth\AppData\Local\Temp\Quarantine.exe
C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Elisabeth\AppData\Local\Temp\SimBundD.exe
C:\Users\Elisabeth\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Elisabeth\AppData\Local\Temp\sqlite3.dll
C:\Users\Elisabeth\AppData\Local\Temp\Tsu9BF0D1D9.dll
C:\Users\Elisabeth\AppData\Local\Temp\tzholwz1.dll
C:\Users\Elisabeth\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Elisabeth\AppData\Local\Temp\ZoolaGames.exe
C:\Users\Valdemar\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Valdemar\AppData\Local\Temp\killtask.exe
C:\Users\Valdemar\AppData\Local\Temp\l0cvzduv.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-28 16:55
==================== End Of Log ============================
Addition.txt:
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014
Ran by Elisabeth at 2014-12-03 00:37:20
Running from C:\Users\Elisabeth\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Acoustica Effects Pack (HKLM-x32\...\Acoustica Effects Pack) (Version: 1.0 - Acoustica, Inc)
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: Build b217 - Acoustica)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScreensaver (HKLM-x32\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.05 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{CFC92B54-04CB-55F7-A230-D5563A3A439F}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom Wireless Network Adapter (HKLM-x32\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
CapsHook (HKLM-x32\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
ccc-core-static (x32 Version: 2010.1110.1539.28046 - ATI) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
E-Cam (HKLM-x32\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.2.9 - AzureWave)
Eee Docking 3.8.2 (HKLM\...\Eee Docking_is1) (Version: 3.8.2 - ASUSTek Computer Inc.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
FontResizer (HKLM-x32\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (x32 Version: 1.01.0011 - ASUSTek) Hidden
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.34.0 - International GeoGebra Institute)
Google Chrome (HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen)
Hotkey Service (HKLM-x32\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.37 - AsusTek Computer Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LiveUpdate (HKLM-x32\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.25 - AsusTek Computer Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Maxtor Manager (HKLM-x32\...\InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: 4.01.0227 - Seagate Technology)
Maxtor Manager (x32 Version: 4.01.0227 - Seagate Technology) Hidden
Microsoft .NET Framework 4.5.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.007.09.02.26 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 30.0 (x86 da) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 da)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nokia Internet Modem (HKLM-x32\...\{A35EF357-F7DF-4B8A-B4D6-9F9C91AA8D83}) (Version: 1.2.277.3 - SmartCom)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Opdatering til Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0406-0000-0000000FF1CE}_ENTERPRISE_{7304A9DD-2F95-4147-8CD4-E135168C61E6}) (Version: - Microsoft)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0406-0000-0000000FF1CE}_ENTERPRISE_{0C315122-B0FA-428D-A3BB-6F6510F866FF}) (Version: - Microsoft)
Opdatering til Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0406-0000-0000000FF1CE}_ENTERPRISE_{EA60117C-C535-4A3F-AED1-C888F5114210}) (Version: - Microsoft)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6293 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM-x32\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.18 - AsusTek Computer)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Trend Micro Titanium (x32 Version: 1.0 - Trend Micro Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USBCharge+ (HKLM-x32\...\{8165EFD2-0EB8-4C4F-A0E4-0E641B117ED2}) (Version: 1.0.0.23 - AsusTek Computer)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
WordMat v. 1.07 (HKLM-x32\...\{301A8257-D5EF-48B4-AAC2-E86700DDA6FE}_is1) (Version: - Eduap)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
23-11-2014 18:01:06 Windows Sikkerhedskopiering
26-11-2014 21:18:36 Windows Update
01-12-2014 19:07:23 Windows Sikkerhedskopiering
02-12-2014 19:25:53 Revo Uninstaller's restore point - BlockAndSurf
02-12-2014 19:29:57 Revo Uninstaller's restore point - ConvertAd
02-12-2014 19:32:53 Revo Uninstaller's restore point - DealsFactor
02-12-2014 19:36:10 Revo Uninstaller's restore point - DefaultTab
02-12-2014 19:41:50 Revo Uninstaller's restore point - EZDownloader
02-12-2014 19:43:43 Revo Uninstaller's restore point - GoSave
02-12-2014 19:51:25 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.9 by SweetPacks
02-12-2014 19:52:34 Removed Internet Explorer Toolbar 4.9 by SweetPacks
02-12-2014 19:57:59 Revo Uninstaller's restore point - leess2paeye
02-12-2014 20:01:21 Revo Uninstaller's restore point - LPT System Updater Service
02-12-2014 20:06:12 Revo Uninstaller's restore point - Performance Optimizer
02-12-2014 20:07:22 Revo Uninstaller's restore point - Pokki
02-12-2014 20:10:06 Revo Uninstaller's restore point - ProShopper
02-12-2014 20:14:19 Revo Uninstaller's restore point - Remote Desktop Access (VuuPC)
02-12-2014 20:15:42 Revo Uninstaller's restore point - SafeFinder Smartbar
02-12-2014 20:18:14 Revo Uninstaller's restore point - Savings Sidekick
02-12-2014 20:19:53 Revo Uninstaller's restore point - Search App by Ask
02-12-2014 20:21:08 Revo Uninstaller's restore point - Search Protect
02-12-2014 20:22:35 Revo Uninstaller's restore point - Shopping App by Ask
02-12-2014 20:23:49 Revo Uninstaller's restore point - SweetPacks Updater Service
02-12-2014 20:25:08 Revo Uninstaller's restore point - topdEal
02-12-2014 20:27:02 Revo Uninstaller's restore point - TuneUp Utilities 2014
02-12-2014 20:27:39 Fjernede TuneUp Utilities 2014
02-12-2014 20:28:49 Fjernede TuneUp Utilities 2014 (en-GB)
02-12-2014 20:31:21 Revo Uninstaller's restore point - Unitech LLC toolbar
02-12-2014 20:34:41 Revo Uninstaller's restore point - VideoPerformer
02-12-2014 20:36:02 Revo Uninstaller's restore point - Bing Bar
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1646D2CD-408E-48BD-9310-1271BEE8250D} - System32\Tasks\Norton Security Scan for Elisabeth => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {17142E0A-13D4-4E81-99DF-D52A60367319} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {4A10B15F-9C54-4CED-9CD0-E28D2CACDB1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A48D2692-923F-4903-9C6D-CD8A322C9FBD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D33085CA-FA00-4444-8A38-3F571D800F3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core.job => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA.job => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core.job => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA.job => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for Elisabeth.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
==================== Loaded Modules (whitelisted) =============
2012-01-22 10:27 - 2009-11-05 08:40 - 00085504 _____ () C:\windows\System32\cpwmon64.dll
2011-02-28 16:59 - 2010-12-07 18:19 - 00224680 _____ () C:\windows\SysWOW64\AsusService.exe
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2012-01-22 10:25 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-16 13:38 - 2011-12-23 11:03 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2010-05-21 14:38 - 2010-05-21 14:38 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00138368 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
2010-11-11 00:38 - 2010-11-11 00:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-27 00:51 - 2010-08-27 00:51 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-16 13:38 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-09-16 13:38 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-09-16 13:38 - 2010-05-14 10:57 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-09-16 13:38 - 2010-02-10 15:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-09-16 13:38 - 2011-12-23 08:52 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-09-16 13:38 - 2010-02-10 15:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-11-22 20:12 - 2010-11-22 20:12 - 00181664 _____ () C:\Program Files (x86)\Asus\LiveUpdate\Parser.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00059312 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\DriveDetector.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00508848 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Toolkit.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00147888 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\pcre3.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00775600 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\UIToolkit.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00090544 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ComCore.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00049584 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Preferences.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00247216 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\DB.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00125872 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Discovery.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00311728 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Device.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00028160 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryGeneric.plugin
2011-06-17 11:22 - 2011-06-17 11:22 - 00017408 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryNdis.plugin
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3664937432-39338335-2934514172-500 - Administrator - Disabled)
Elisabeth (S-1-5-21-3664937432-39338335-2934514172-1000 - Administrator - Enabled) => C:\Users\Elisabeth
Gæst (S-1-5-21-3664937432-39338335-2934514172-501 - Limited - Disabled)
Valdemar (S-1-5-21-3664937432-39338335-2934514172-1001 - Limited - Enabled) => C:\Users\Valdemar
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (12/03/2014 00:31:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
Ny signaturversion:
Tidligere signaturversion: 113.28.0.0
Opdateringskilde: %NT AUTHORITY51
Opdateringsstadie: 4.6.0305.00
Kildesti: 4.6.0305.01
Signaturtype: %NT AUTHORITY602
Opdateringstype: %NT AUTHORITY604
Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
Nuværende programversion: %NT AUTHORITY605
Tidligere programversion: %NT AUTHORITY606
Fejlkode: %NT AUTHORITY607
Fejlbeskrivelse: %NT AUTHORITY608
Error: (12/03/2014 00:31:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
Ny signaturversion:
Tidligere signaturversion: 1.189.768.0
Opdateringskilde: %NT AUTHORITY51
Opdateringsstadie: 4.6.0305.00
Kildesti: 4.6.0305.01
Signaturtype: %NT AUTHORITY602
Opdateringstype: %NT AUTHORITY604
Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
Nuværende programversion: %NT AUTHORITY605
Tidligere programversion: %NT AUTHORITY606
Fejlkode: %NT AUTHORITY607
Fejlbeskrivelse: %NT AUTHORITY608
Error: (12/03/2014 00:31:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
Ny signaturversion:
Tidligere signaturversion: 1.189.768.0
Opdateringskilde: %NT AUTHORITY51
Opdateringsstadie: 4.6.0305.00
Kildesti: 4.6.0305.01
Signaturtype: %NT AUTHORITY602
Opdateringstype: %NT AUTHORITY604
Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
Nuværende programversion: %NT AUTHORITY605
Tidligere programversion: %NT AUTHORITY606
Fejlkode: %NT AUTHORITY607
Fejlbeskrivelse: %NT AUTHORITY608
Error: (12/03/2014 00:31:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
Ny signaturversion:
Tidligere signaturversion: 1.189.768.0
Opdateringskilde: %NT AUTHORITY59
Opdateringsstadie: 4.6.0305.00
Kildesti: 4.6.0305.01
Signaturtype: %NT AUTHORITY602
Opdateringstype: %NT AUTHORITY604
Bruger: NT AUTHORITY\SYSTEM
Nuværende programversion: %NT AUTHORITY605
Tidligere programversion: %NT AUTHORITY606
Fejlkode: %NT AUTHORITY607
Fejlbeskrivelse: %NT AUTHORITY608
Error: (12/03/2014 00:20:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:
cdrom
Error: (12/03/2014 00:20:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Mobile Partner. OUC kunne ikke starte pga. følgende fejl:
%%1053
Error: (12/03/2014 00:20:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Der opstod timeout (30000 millisekunder), mens systemet ventede på, at der blev oprettet forbindelse til tjenesten Mobile Partner. OUC.
Error: (12/02/2014 11:43:51 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
Ny signaturversion:
Tidligere signaturversion: 113.28.0.0
Opdateringskilde: %NT AUTHORITY51
Opdateringsstadie: 4.6.0305.00
Kildesti: 4.6.0305.01
Signaturtype: %NT AUTHORITY602
Opdateringstype: %NT AUTHORITY604
Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
Nuværende programversion: %NT AUTHORITY605
Tidligere programversion: %NT AUTHORITY606
Fejlkode: %NT AUTHORITY607
Fejlbeskrivelse: %NT AUTHORITY608
Error: (12/02/2014 11:43:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
Ny signaturversion:
Tidligere signaturversion: 1.189.768.0
Opdateringskilde: %NT AUTHORITY51
Opdateringsstadie: 4.6.0305.00
Kildesti: 4.6.0305.01
Signaturtype: %NT AUTHORITY602
Opdateringstype: %NT AUTHORITY604
Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
Nuværende programversion: %NT AUTHORITY605
Tidligere programversion: %NT AUTHORITY606
Fejlkode: %NT AUTHORITY607
Fejlbeskrivelse: %NT AUTHORITY608
Error: (12/02/2014 11:43:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
Ny signaturversion:
Tidligere signaturversion: 1.189.768.0
Opdateringskilde: %NT AUTHORITY51
Opdateringsstadie: 4.6.0305.00
Kildesti: 4.6.0305.01
Signaturtype: %NT AUTHORITY602
Opdateringstype: %NT AUTHORITY604
Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
Nuværende programversion: %NT AUTHORITY605
Tidligere programversion: %NT AUTHORITY606
Fejlkode: %NT AUTHORITY607
Fejlbeskrivelse: %NT AUTHORITY608
Microsoft Office Sessions:
=========================
Error: (09/20/2012 08:26:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-11-15 16:33:23.933
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-15 16:33:21.868
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-06 14:20:48.061
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-06 14:20:45.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-27 06:50:35.132
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-27 06:50:33.183
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-21 16:56:21.358
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-21 16:56:19.191
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-14 20:48:35.873
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-10-14 20:48:34.069
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD E-350 Processor
Percentage of memory in use: 36%
Total physical RAM: 3692.39 MB
Available physical RAM: 2354.72 MB
Total Pagefile: 7382.96 MB
Available Pagefile: 5599.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:46.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:42.5 GB) NTFS
Drive f: () (Removable) (Total:0.96 GB) (Free:0 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B507A563)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
========================================================
Disk: 1 (Size: 982 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
==================== End Of Log ============================