Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Laptop infected. Anoying popups, resources drained etc. [Solved]


  • This topic is locked This topic is locked
15 replies to this topic

#1 Guffegris

Guffegris

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 27 November 2014 - 05:35 AM

I am dealing with a laptop owned by a young schoolbuy, and it is clearly infected. There are anoying popup windows everywhere, and a LOT of the systems resources are completely drained so it is incredibly slow!

 

I have scanned the computer with HiJackThis and also with aswMBR which actually reports some infections, so there are definitely something bad. Below are my scanning logs, I will be very glad if someone here would take a look and analyse it for me. :-)

 

Thanks in advance.

 

Pasted log from HiJackThis:

-----------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:11:13, on 26-11-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal
 
Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Elisabeth\AppData\Local\Smartbar\Application\SafeFinder.exe
C:\Users\Elisabeth\AppData\Local\Pokki\Engine\pokki.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Elisabeth\AppData\Local\ConvertAd\ConvertAd.exe
C:\Users\Elisabeth\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Elisabeth\Desktop\HiJackThis.exe
C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Lrcnta.exe
C:\Users\Elisabeth\AppData\Local\LPT\srptm.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefind...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefind...q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.safefind...o7OsMM74nLQKyQQ,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.swee...A-F46D04BD7F4C}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.safefind...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.safefind...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: GoSave - {0f715fb9-4331-43f1-b8bf-d471403dd02a} - C:\Program Files (x86)\GoSave\OVRRO5k6dPbnuE.dll
O2 - BHO: CrossriderApp0005060 - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll
O2 - BHO: leess2paeye - {20b2cffd-f63b-451f-9e1f-9f3b47a240c0} - C:\ProgramData\leess2paeye\euamQKlEXRIElY.dll
O2 - BHO: SafeFinder SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: topdEal - {77C37198-853B-FB1F-7272-B9D70AC5EB75} - C:\ProgramData\topdEal\eu.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Elisabeth\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (file missing)
O2 - BHO: ividi Helper Object - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll
O2 - BHO: Hjælp til logon til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BlockAndSurf - {A1E1D05B-2E99-55B7-D972-E19F4EEC8E28} - C:\Program Files (x86)\ver3BlockAndSurf\181.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Updater By Sweetpacks Helper - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension32.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
O4 - HKLM\..\Run: [iSeriesCharge] AsusSender.exe C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConvertAd] C:\Users\Elisabeth\AppData\Local\ConvertAd\ConvertAd.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Pokki] C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\Elisabeth\AppData\Local\Smartbar\Application\SafeFinder.exe startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O4 - Startup: MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send til Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send til &Bluetooth-enhed... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC445B0-7E00-49A1-839E-E5590A9BDA2E}: NameServer = 95.209.200.69 95.209.200.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\SysWOW64\AsusService.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LPT System Updater Service (LPTSystemUpdater) - Unknown owner - C:\Program Files (x86)\LPT\srpts.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: VO Service component (servervo) - Unknown owner - C:\Users\Elisabeth\AppData\Roaming\VOPackage\VOsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 15665 bytes

 

 

Pasted log from aswMBR:

---------------------------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-11-26 22:32:05
-----------------------------
22:32:05.741    OS Version: Windows x64 6.1.7601 Service Pack 1
22:32:05.741    Number of processors: 2 586 0x100
22:32:05.753    ComputerName: ELISABETH-PC  UserName: Elisabeth
22:32:18.963    Initialize success
22:32:24.515    VM: initialized successfully
22:32:24.716    VM: Amd CPU supported  
22:36:54.412    AVAST engine defs: 14112601
22:37:39.702    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
22:37:39.712    Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 11
22:37:39.832    Disk 0 MBR read successfully
22:37:39.832    Disk 0 MBR scan
22:37:39.957    Disk 0 Windows 7 default MBR code
22:37:39.964    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102400 MB offset 2048
22:37:39.973    Disk 0 default boot code
22:37:40.072    Disk 0 Partition 2 00     1B   Hidd FAT32 MSDOS5.0    15360 MB offset 209717248
22:37:40.328    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       187468 MB offset 241174528
22:37:40.441    Disk 0 Partition 4 00     EF      EFI FAT                16 MB offset 625108992
22:37:40.696    Disk 0 scanning C:\windows\system32\drivers
22:38:20.177    Service scanning
22:39:10.095    Service servervo C:\Users\Elisabeth\AppData\Roaming\VOPackage\VOsrv.exe **INFECTED** Win32:Rootkit-gen [Rtk]
22:39:30.462    Modules scanning
22:39:30.478    Disk 0 trace - called modules:
22:39:30.550    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys  
22:39:30.564    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ba4060]
22:39:30.578    3 CLASSPNP.SYS[fffff8800197543f] -> nt!IofCallDriver -> [0xfffffa800466aac0]
22:39:30.592    5 amd_xata.sys[fffff880010728b4] -> nt!IofCallDriver -> \Device\00000069[0xfffffa8004667290]
22:39:31.328    AVAST engine scan C:\windows
22:39:36.490    AVAST engine scan C:\windows\system32
22:53:21.353    AVAST engine scan C:\windows\system32\drivers
22:54:14.215    AVAST engine scan C:\Users\Elisabeth
22:54:33.301    File: C:\Users\Elisabeth\AppData\Local\ConvertAd\Uninstall.exe  **INFECTED** Win32:Malware-gen
22:59:32.830    File: C:\Users\Elisabeth\AppData\Local\LPT\srbu.dll  **INFECTED** Win32:Malware-gen
23:02:45.115    File: C:\Users\Elisabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T67ZRXO5\dl[1].htm  **INFECTED** Win32:Malware-gen
23:04:49.228    File: C:\Users\Elisabeth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UJ0342KD\dl[1].htm  **INFECTED** Win32:Rootkit-gen [Rtk]
23:10:51.166    Disk 0 MBR has been saved successfully to "C:\Users\Elisabeth\Desktop\MBR.dat"
23:10:51.271    The log file has been saved successfully to "C:\Users\Elisabeth\Desktop\aswMBR.txt"
 


    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 28 November 2014 - 02:50 AM

Hello Guffegris, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 Guffegris

Guffegris

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 01 December 2014 - 04:32 PM

Hi Adam,

 

Thanks for your reply. My IRL-name is Kim, and you are of course very welcome to call me by that! - maybee I should also mention that I am a professional software engineer, so my general understanding of computers is quite good, but I am mainly working with C under Unix-platforms, not so much Windows, so I really appreciate your help and experience. I have been running the tools you asked, and it did dectect some malware, but of course I has'nt changed or fixed anything as you instructed. Below are the logs attached.

 

Regards

 - Kim.

 

FRST.txt:

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014
Ran by Elisabeth (administrator) on ELISABETH-PC on 01-12-2014 20:08:18
Running from C:\Users\Elisabeth\Desktop
Loaded Profile: Elisabeth (Available profiles: Elisabeth & Valdemar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dansk (Danmark)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Windows\SysWOW64\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\LPT\srpts.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
() C:\Program Files (x86)\LPT\srptsl.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Users\Elisabeth\AppData\Roaming\VOPackage\VOsrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek Computer Inc.) C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Smartbar) C:\Users\Elisabeth\AppData\Local\Smartbar\Application\SafeFinder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Pokki) C:\Users\Elisabeth\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotkeyService.exe
(ASUS) C:\Program Files (x86)\Asus\CapsHook\CapsHook.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\SHE\SuperHybridEngine.exe
(Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
(AsusTek Computer Inc.) C:\Program Files (x86)\Asus\USBChargeSetting\iSeriesCharge.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Elisabeth\AppData\Local\ConvertAd\ConvertAd.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Pokki) C:\Users\Elisabeth\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Lrcnta.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92456 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [LiveUpdate] => C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe [1086888 2010-11-22] (AsusTek Computer Inc.)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [461488 2011-01-07] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-27] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-02-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169264 2007-09-06] (Maxtor Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NokiaInternetModem_AppStart.exe] => C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe [248448 2011-06-17] (Nokia)
HKLM-x32\...\Run: [iSeriesCharge] => C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe [99792 2012-06-28] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Elisabeth\AppData\Local\ConvertAd\ConvertAd.exe [2097152 2014-10-23] ()
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [Google Update] => "C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [Pokki] => C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Elisabeth\AppData\Local\Smartbar\Application\SafeFinder.exe [28160 2014-08-27] (Smartbar)
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {13452e23-6e74-11e1-8843-f46d04bd7f4c} - E:\application\Nokia_Internet_Modem.exe
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {22df2162-20e9-11e3-ba20-f46d04bd7f4c} - E:\AutoRun.exe
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {2f3cc459-1ecc-11e3-b885-f46d04bd7f4c} - E:\AutoRun.exe
AppInit_DLLs: C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Resources\crdlil64.dll => C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Resources\crdlil64.dll [71680 2014-11-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Clipper and Launcher til OneNote 2007.lnk
ShortcutTarget: Screen Clipper and Launcher til OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3664937432-39338335-2934514172-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefind...q={searchTerms}
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.safefind...o7OsMM74nLQKyQQ,
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.safefind...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.swee...A-F46D04BD7F4C}
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefind...q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefind...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3664937432-39338335-2934514172-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefind...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3664937432-39338335-2934514172-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefind...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3664937432-39338335-2934514172-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3664937432-39338335-2934514172-1000 -> {2FF948BE-E81B-4295-9AA0-24180CDE91C1} URL = http://search.softon...d04bd7f4c&r=667
SearchScopes: HKU\S-1-5-21-3664937432-39338335-2934514172-1000 -> {5D51793B-FF8C-4679-A4C7-1D17DC71373A} URL = http://search.ividi....&affilt=3&r=864
BHO: GoSave -> {0f715fb9-4331-43f1-b8bf-d471403dd02a} -> C:\Program Files (x86)\GoSave\OVRRO5k6dPbnuE.x64.dll ()
BHO: leess2paeye -> {20b2cffd-f63b-451f-9e1f-9f3b47a240c0} -> C:\ProgramData\leess2paeye\euamQKlEXRIElY.x64.dll ()
BHO: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: ProShopper -> {6625aceb-e68f-4705-8f1b-3bf8a3a4f871} -> C:\ProgramData\ProShopper\2AFWDTYos4ZWEP.x64.dll ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: topdEal -> {77C37198-853B-FB1F-7272-B9D70AC5EB75} -> C:\ProgramData\topdEal\eu.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: BlockAndSurf -> {A1E1D05B-2E99-55B7-D972-E19F4EEC8E28} -> C:\Program Files (x86)\ver3BlockAndSurf\181_x64.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Updater By Sweetpacks -> {DEDAF650-12B8-48f5-A843-BBA100716106} -> C:\Program Files\Updater By Sweetpacks\Extension64.dll ()
BHO-x32: GoSave -> {0f715fb9-4331-43f1-b8bf-d471403dd02a} -> C:\Program Files (x86)\GoSave\OVRRO5k6dPbnuE.dll ()
BHO-x32: Savings Sidekick -> {11111111-1111-1111-1111-110011501160} -> C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps)
BHO-x32: leess2paeye -> {20b2cffd-f63b-451f-9e1f-9f3b47a240c0} -> C:\ProgramData\leess2paeye\euamQKlEXRIElY.dll ()
BHO-x32: SafeFinder SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: ProShopper -> {6625aceb-e68f-4705-8f1b-3bf8a3a4f871} -> C:\ProgramData\ProShopper\2AFWDTYos4ZWEP.dll ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: topdEal -> {77C37198-853B-FB1F-7272-B9D70AC5EB75} -> C:\ProgramData\topdEal\eu.dll ()
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Elisabeth\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll No File
BHO-x32: ividi Helper Object -> {8B8B2E80-1444-451D-AC8E-EB9A847F3887} -> C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll (Unitech LLC)
BHO-x32: Hjælp til logon til Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: BlockAndSurf -> {A1E1D05B-2E99-55B7-D972-E19F4EEC8E28} -> C:\Program Files (x86)\ver3BlockAndSurf\181.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Updater By Sweetpacks -> {DEDAF650-12B8-48f5-A843-BBA100716106} -> C:\Program Files\Updater By Sweetpacks\Extension32.dll ()
BHO-x32: No Name -> {EEE6C35C-6118-11DC-9C72-001320C79847} ->  No File
Toolbar: HKLM - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKLM-x32 - SafeFinder Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default
FF NewTab: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxsk2Ly1tzOAMu2Xf0zyz6V1jV9IweEkhlRNqwEWAvcS5zevG5ReF-Kh6DmV11zroSA6DawlHxTRJ_XOD2Bsmg,,
FF DefaultSearchEngine: SafeFinder Search
FF SelectedSearchEngine: SafeFinder Search
FF Homepage: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzx2jfxN3MZeHVU_vrVSDvCZH8RhJf5OGHAgdkh7AICdOygbE7MjW8lM4g5Km9gU_0cr37Sjo7OsMM74nLQKyQQ,,
FF Keyword.URL: hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3664937432-39338335-2934514172-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3664937432-39338335-2934514172-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\user.js
FF SearchPlugin: C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\searchplugins\SafeFinder Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-co-uk.xml
FF Extension: GoSave - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\7xF@iGLk3.net [2014-10-21]
FF Extension: deal4real - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\InCKP@j.net [2014-10-31]
FF Extension: less22pay - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\M7Cb9e@f.net [2014-10-10]
FF Extension: topDeeal - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\uy_cpqu@tevwyczzmkq.net [2014-10-21]
FF Extension: Sites - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} [2014-10-24]
FF Extension: SafeFinder Smartbar - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\{2723d5f0-3254-4fd9-5fbc-eacf92e6f570} [2014-10-24]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-10-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF Extension: Updater By Sweetpacks - C:\Program Files\Updater By Sweetpacks\Firefox [2013-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test 127 - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2014-02-17]
FF HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Firefox\Extensions: [{2B7F4728-5425-D50D-43A7-CFC85F14EA12}] - C:\Program Files (x86)\ver3BlockAndSurf\181.xpi
FF Extension: No Name - C:\Program Files (x86)\ver3BlockAndSurf\181.xpi [2014-10-23]
 
Chrome:  
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2014-10-14]
CHR Extension: (deal4real) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpkmednhafcdnkbcfnohficagkkkala [2014-11-26]
CHR Extension: (Just Pin It) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe [2014-10-10]
CHR Extension: (GoSave) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi [2014-10-21]
CHR Extension: (BlockAndSurf) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfkhpiepfkecklhbjfjnfanjdgepefkh [2014-10-23]
CHR Extension: (iVidi Chrome Toolbar) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef [2014-10-14]
CHR Extension: (Skype Click to Call) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-14]
CHR Extension: (Dictionary Bubble Instant Dictionary) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfembjnmeainjncdflaoclcjadfhpoim [2014-10-21]
CHR Extension: (My Exact Time) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpkbdnmkoemdpgjepafpcgidkikhmpm [2014-10-30]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx []
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx []
CHR HKLM-x32\...\Chrome\Extension: [dhdepfaagokllfmhfbcfmocaeigmoebo] - C:\Users\Elisabeth\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx [2012-09-13]
CHR HKLM-x32\...\Chrome\Extension: [kpdhgpkkloealnjnmepfhanpcleldbef] - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\ividi.crx [2013-07-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 892cc6a3; c:\ProgramData\Performance Optimizer\PerformanceOptimizerSvc.dll [186192 2014-10-20] () [File not signed]
R2 AsusService; C:\windows\SysWOW64\AsusService.exe [224680 2010-12-07] ()
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-09-23] (Just Develop It) <==== ATTENTION
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [32768 2014-08-27] () <==== ATTENTION
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-15] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-15] (Hewlett-Packard) [File not signed]
R2 servervo; C:\Users\Elisabeth\AppData\Roaming\VOPackage\VOsrv.exe [76800 2014-10-23] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiDriver; C:\Windows\System32\DRIVERS\AiDriver.sys [17152 2012-05-07] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-06-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-03] (Symantec Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-02-03] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 nokia_cs1x_cdc_acm; C:\Windows\System32\DRIVERS\nokia_cs1x_cdc_acm.sys [98304 2010-04-22] (Nokia)
S3 nokia_cs1x_cdc_ecm; C:\Windows\System32\DRIVERS\nokia_cs1x_cdc_ecm.sys [53760 2010-04-22] (Nokia)
S3 nokia_cs1x_cpo; C:\Windows\System32\DRIVERS\nokia_cs1x_cpo.sys [13824 2010-04-22] (Nokia)
R3 nokia_cs1x_dc_enum; C:\Windows\System32\DRIVERS\nokia_cs1x_dc_enum.sys [97280 2010-04-22] (Nokia)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R2 webinstrNew; C:\windows\system32\Drivers\webinstrNew.sys [58040 2014-10-23] (Corsica)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 20:08 - 2014-12-01 20:12 - 00033359 _____ () C:\Users\Elisabeth\Desktop\FRST.txt
2014-12-01 20:08 - 2014-12-01 20:09 - 00000000 ____D () C:\FRST
2014-12-01 20:07 - 2014-11-29 14:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Elisabeth\Desktop\tdsskiller.exe
2014-12-01 20:07 - 2014-11-26 15:32 - 02118144 _____ (Farbar) C:\Users\Elisabeth\Desktop\FRST64.exe
2014-11-26 23:10 - 2014-11-26 23:10 - 00007604 _____ () C:\Users\Elisabeth\AppData\Local\Resmon.ResmonCfg
2014-11-26 22:40 - 2014-11-26 22:40 - 00001059 _____ () C:\Users\Elisabeth\Desktop\Continue Live Installation.lnk
2014-11-26 22:37 - 2014-11-26 22:37 - 00000000 ____D () C:\ProgramData\ProShopper
2014-11-26 22:30 - 2014-11-26 22:30 - 00000000 ____D () C:\ProgramData\DealsFactor
2014-11-26 22:17 - 2014-11-26 15:29 - 05198336 _____ (AVAST Software) C:\Users\Elisabeth\Desktop\aswMBR.exe
2014-11-26 22:11 - 2014-11-26 22:11 - 00015667 _____ () C:\Users\Elisabeth\Desktop\hijackthis.log
2014-11-26 22:09 - 2014-11-26 15:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Elisabeth\Desktop\HiJackThis.exe
2014-11-23 14:02 - 2014-11-23 14:02 - 00007977 _____ () C:\Users\Valdemar\Desktop\opgave 5.xlsx
2014-11-22 08:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-22 08:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-22 08:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-22 08:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-20 12:00 - 2011-10-21 16:35 - 00000680 _____ () C:\Users\Valdemar\Desktop\Mixcraft 5.lnk
2014-11-15 17:18 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-15 17:18 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-15 17:18 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-15 17:18 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-15 17:17 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-15 17:17 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-15 17:17 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-15 17:17 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-15 17:17 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-15 17:17 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-15 17:17 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-15 17:17 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-15 17:17 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-15 17:16 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-15 17:16 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-15 17:16 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-15 17:16 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-15 17:16 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-15 17:16 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-15 17:16 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-15 17:16 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-15 17:16 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-15 17:16 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-15 17:16 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-15 17:16 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-15 17:16 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-15 17:16 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-15 17:16 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-15 17:16 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-15 17:16 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-15 17:16 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 17:16 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-15 17:16 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-15 17:16 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-15 17:16 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-15 17:16 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-15 17:16 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-15 17:16 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-15 17:16 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-15 17:15 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-15 17:15 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-15 17:15 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-15 17:15 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-15 17:15 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-15 17:15 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-15 17:15 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-15 17:15 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-15 17:15 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-15 17:15 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-15 17:15 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-15 17:15 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-15 17:15 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-15 17:15 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-15 17:15 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-15 17:15 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-15 17:15 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-15 17:15 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-15 17:15 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-15 17:15 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-15 17:15 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-15 17:15 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-15 17:15 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-15 17:15 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-15 17:15 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-15 17:15 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-15 17:15 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-15 17:15 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-15 17:15 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-15 17:15 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-15 17:14 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-15 17:14 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-15 17:14 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-15 17:14 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-15 17:14 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-15 17:14 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-15 17:13 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-15 17:12 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-15 17:12 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-15 17:11 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-15 17:11 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-15 17:09 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-15 17:09 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 20:07 - 2012-01-23 17:16 - 00000958 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA.job
2014-12-01 20:06 - 2009-07-14 05:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-01 20:06 - 2009-07-14 05:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-01 20:05 - 2012-01-19 09:41 - 01536825 _____ () C:\windows\WindowsUpdate.log
2014-12-01 20:01 - 2013-10-26 17:08 - 00000000 ____D () C:\Users\Elisabeth\AppData\Local\Pokki
2014-12-01 19:56 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-01 19:55 - 2009-07-14 05:51 - 00145575 _____ () C:\windows\setupact.log
2014-11-27 01:33 - 2013-09-16 07:31 - 00000954 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA.job
2014-11-26 23:29 - 2014-09-28 14:15 - 00000000 ____D () C:\ProgramData\714821c3375fd8b5
2014-11-26 23:04 - 2014-10-23 12:30 - 00000000 ____D () C:\Program Files (x86)\LPT
2014-11-26 22:12 - 2010-08-13 05:13 - 00635850 _____ () C:\windows\system32\perfh006.dat
2014-11-26 22:12 - 2010-08-13 05:13 - 00142908 _____ () C:\windows\system32\perfc006.dat
2014-11-26 22:12 - 2009-07-14 06:13 - 00006264 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-26 14:52 - 2013-10-07 06:14 - 00000000 ____D () C:\Users\Valdemar\AppData\Roaming\Spotify
2014-11-26 14:15 - 2013-09-16 07:31 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core.job
2014-11-25 17:06 - 2013-10-07 06:16 - 00000000 ____D () C:\Users\Valdemar\AppData\Local\Spotify
2014-11-25 16:50 - 2014-08-21 19:21 - 00000000 ____D () C:\ProgramData\OnlineUpdate
2014-11-25 12:07 - 2012-01-23 17:16 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core.job
2014-11-25 07:45 - 2014-02-17 15:34 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-11-22 08:54 - 2013-09-15 18:33 - 00000000 ____D () C:\Users\Valdemar\AppData\Local\Microsoft Help
2014-11-21 19:03 - 2014-05-07 15:24 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-21 18:43 - 2012-01-22 09:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-21 18:28 - 2009-07-14 05:45 - 00449384 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-20 12:05 - 2013-09-15 14:53 - 00000000 ____D () C:\windows\system32\MRT
2014-11-20 12:05 - 2012-01-23 19:53 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Elisabeth\AppData\Local\Temp\08262B00.dll
C:\Users\Elisabeth\AppData\Local\Temp\0827DCB1.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C87DC03.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C88B50D.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C8F8506.dll
C:\Users\Elisabeth\AppData\Local\Temp\0FA8179E.dll
C:\Users\Elisabeth\AppData\Local\Temp\0FAB7DE7.dll
C:\Users\Elisabeth\AppData\Local\Temp\1313F3B7.dll
C:\Users\Elisabeth\AppData\Local\Temp\13174420.dll
C:\Users\Elisabeth\AppData\Local\Temp\13194905.dll
C:\Users\Elisabeth\AppData\Local\Temp\131EA72E.dll
C:\Users\Elisabeth\AppData\Local\Temp\189F81F0.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A6F102.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A7EC3A.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A8CEFC.dll
C:\Users\Elisabeth\AppData\Local\Temp\18B4C934.dll
C:\Users\Elisabeth\AppData\Local\Temp\1ACA8ACC.dll
C:\Users\Elisabeth\AppData\Local\Temp\1B1E1ADC.dll
C:\Users\Elisabeth\AppData\Local\Temp\1DD2D47D.dll
C:\Users\Elisabeth\AppData\Local\Temp\1DD41755.dll
C:\Users\Elisabeth\AppData\Local\Temp\2502F169.dll
C:\Users\Elisabeth\AppData\Local\Temp\25E25309.dll
C:\Users\Elisabeth\AppData\Local\Temp\266FA216.dll
C:\Users\Elisabeth\AppData\Local\Temp\28C2B0B2.dll
C:\Users\Elisabeth\AppData\Local\Temp\28C9043F.dll
C:\Users\Elisabeth\AppData\Local\Temp\28CA8E96.dll
C:\Users\Elisabeth\AppData\Local\Temp\28DD61A8.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8B8929.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8CF45A.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8DB5C7.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D97A068.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D9E6708.dll
C:\Users\Elisabeth\AppData\Local\Temp\2ED693D7.dll
C:\Users\Elisabeth\AppData\Local\Temp\2ED7E783.dll
C:\Users\Elisabeth\AppData\Local\Temp\313725B9.dll
C:\Users\Elisabeth\AppData\Local\Temp\3304E8F9.dll
C:\Users\Elisabeth\AppData\Local\Temp\33065BE9.dll
C:\Users\Elisabeth\AppData\Local\Temp\3306A192.dll
C:\Users\Elisabeth\AppData\Local\Temp\3308EBBE.dll
C:\Users\Elisabeth\AppData\Local\Temp\330A7937.dll
C:\Users\Elisabeth\AppData\Local\Temp\3316A806.dll
C:\Users\Elisabeth\AppData\Local\Temp\33186155.dll
C:\Users\Elisabeth\AppData\Local\Temp\3321B4A7.dll
C:\Users\Elisabeth\AppData\Local\Temp\3394286C.dll
C:\Users\Elisabeth\AppData\Local\Temp\3395F5EA.dll
C:\Users\Elisabeth\AppData\Local\Temp\33982639.dll
C:\Users\Elisabeth\AppData\Local\Temp\34E3098B.dll
C:\Users\Elisabeth\AppData\Local\Temp\3D71D5BB.dll
C:\Users\Elisabeth\AppData\Local\Temp\45536553.dll
C:\Users\Elisabeth\AppData\Local\Temp\45559048.dll
C:\Users\Elisabeth\AppData\Local\Temp\45577D6F.dll
C:\Users\Elisabeth\AppData\Local\Temp\455E8146.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D2E0AF.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D3E8DA.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D8301C.dll
C:\Users\Elisabeth\AppData\Local\Temp\692A03C3.dll
C:\Users\Elisabeth\AppData\Local\Temp\69AB00C8.dll
C:\Users\Elisabeth\AppData\Local\Temp\69AECE29.dll
C:\Users\Elisabeth\AppData\Local\Temp\6A7C1DF4.dll
C:\Users\Elisabeth\AppData\Local\Temp\717B172F.dll
C:\Users\Elisabeth\AppData\Local\Temp\7347BFD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\73837ACA.dll
C:\Users\Elisabeth\AppData\Local\Temp\753BD18A.dll
C:\Users\Elisabeth\AppData\Local\Temp\753E2994.dll
C:\Users\Elisabeth\AppData\Local\Temp\756665F6.dll
C:\Users\Elisabeth\AppData\Local\Temp\7567ABD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\77D392B8.dll
C:\Users\Elisabeth\AppData\Local\Temp\77DF78F5.dll
C:\Users\Elisabeth\AppData\Local\Temp\77E03432.dll
C:\Users\Elisabeth\AppData\Local\Temp\78B538F7.dll
C:\Users\Elisabeth\AppData\Local\Temp\847925A2.dll
C:\Users\Elisabeth\AppData\Local\Temp\847B9AB6.dll
C:\Users\Elisabeth\AppData\Local\Temp\847D1A21.dll
C:\Users\Elisabeth\AppData\Local\Temp\848255E6.dll
C:\Users\Elisabeth\AppData\Local\Temp\89541DA0.dll
C:\Users\Elisabeth\AppData\Local\Temp\89590875.dll
C:\Users\Elisabeth\AppData\Local\Temp\895CF41A.dll
C:\Users\Elisabeth\AppData\Local\Temp\895FF552.dll
C:\Users\Elisabeth\AppData\Local\Temp\896AA2C4.dll
C:\Users\Elisabeth\AppData\Local\Temp\896B5D79.dll
C:\Users\Elisabeth\AppData\Local\Temp\896ED55E.dll
C:\Users\Elisabeth\AppData\Local\Temp\8BA45656.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F281819.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F2914CA.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F2A6E50.dll
C:\Users\Elisabeth\AppData\Local\Temp\903C04C1.dll
C:\Users\Elisabeth\AppData\Local\Temp\90417395.dll
C:\Users\Elisabeth\AppData\Local\Temp\904389B4.dll
C:\Users\Elisabeth\AppData\Local\Temp\90490DF9.dll
C:\Users\Elisabeth\AppData\Local\Temp\906E7671.dll
C:\Users\Elisabeth\AppData\Local\Temp\90B91D7D.dll
C:\Users\Elisabeth\AppData\Local\Temp\92D8BD96.dll
C:\Users\Elisabeth\AppData\Local\Temp\92DBFFBB.dll
C:\Users\Elisabeth\AppData\Local\Temp\92E658BF.dll
C:\Users\Elisabeth\AppData\Local\Temp\92E93FD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\997C0D2C.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B68B4BA.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B6B13AF.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B6CDAE5.dll
C:\Users\Elisabeth\AppData\Local\Temp\9EFC3C87.dll
C:\Users\Elisabeth\AppData\Local\Temp\A551D832.dll
C:\Users\Elisabeth\AppData\Local\Temp\A9AB66C5.dll
C:\Users\Elisabeth\AppData\Local\Temp\acufutls.dll
C:\Users\Elisabeth\AppData\Local\Temp\AEC5A5FE.dll
C:\Users\Elisabeth\AppData\Local\Temp\APNSetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\AskSLib.dll
C:\Users\Elisabeth\AppData\Local\Temp\B16402AB.dll
C:\Users\Elisabeth\AppData\Local\Temp\B1688715.dll
C:\Users\Elisabeth\AppData\Local\Temp\B61ED455.dll
C:\Users\Elisabeth\AppData\Local\Temp\B61FEBC7.dll
C:\Users\Elisabeth\AppData\Local\Temp\B622DD43.dll
C:\Users\Elisabeth\AppData\Local\Temp\B63F5897.dll
C:\Users\Elisabeth\AppData\Local\Temp\B6418605.dll
C:\Users\Elisabeth\AppData\Local\Temp\B687F76C.dll
C:\Users\Elisabeth\AppData\Local\Temp\B68962EE.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA368BF2.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA3986B4.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA3BE705.dll
C:\Users\Elisabeth\AppData\Local\Temp\BackupSetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\BullGuard Internet Security Setup.exe
C:\Users\Elisabeth\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\C30F542C.dll
C:\Users\Elisabeth\AppData\Local\Temp\C7DAECF5.dll
C:\Users\Elisabeth\AppData\Local\Temp\CD3561FA.dll
C:\Users\Elisabeth\AppData\Local\Temp\CF72D401.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEAACD0.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEB9881.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEDED44.dll
C:\Users\Elisabeth\AppData\Local\Temp\D3FF30FC.dll
C:\Users\Elisabeth\AppData\Local\Temp\D56C7138.dll
C:\Users\Elisabeth\AppData\Local\Temp\DefaultTabSetup2.exe
C:\Users\Elisabeth\AppData\Local\Temp\down.2340.setupytb.exe
C:\Users\Elisabeth\AppData\Local\Temp\E398114C.dll
C:\Users\Elisabeth\AppData\Local\Temp\eauninstall.exe
C:\Users\Elisabeth\AppData\Local\Temp\F2A4CBED.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2A84183.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2AB49A8.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2CC24D7.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2CCF170.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2D11615.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9B3F91.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9D3707.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9DD4B0.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9E5940.dll
C:\Users\Elisabeth\AppData\Local\Temp\FF967752.dll
C:\Users\Elisabeth\AppData\Local\Temp\GUR20E8.exe
C:\Users\Elisabeth\AppData\Local\Temp\hlar-uab.dll
C:\Users\Elisabeth\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\jeDC4.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.dll
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.exe
C:\Users\Elisabeth\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Elisabeth\AppData\Local\Temp\mixcraft6-b216-setup.exe
C:\Users\Elisabeth\AppData\Local\Temp\oct1BA3.tmp.exe
C:\Users\Elisabeth\AppData\Local\Temp\octB50A.tmp.exe
C:\Users\Elisabeth\AppData\Local\Temp\optprosetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\patch-series-216-217.exe
C:\Users\Elisabeth\AppData\Local\Temp\PokkiInstaller.exe
C:\Users\Elisabeth\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\SimBundD.exe
C:\Users\Elisabeth\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe
C:\Users\Elisabeth\AppData\Local\Temp\spacksyahoo_717_active.exe
C:\Users\Elisabeth\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Elisabeth\AppData\Local\Temp\Tsu9BF0D1D9.dll
C:\Users\Elisabeth\AppData\Local\Temp\tzholwz1.dll
C:\Users\Elisabeth\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Elisabeth\AppData\Local\Temp\WSSetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\Zoola Games314483.exe
C:\Users\Elisabeth\AppData\Local\Temp\ZoolaGames.exe
C:\Users\Valdemar\AppData\Local\Temp\adks_awesomehp.exe
C:\Users\Valdemar\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Valdemar\AppData\Local\Temp\killtask.exe
C:\Users\Valdemar\AppData\Local\Temp\l0cvzduv.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-28 16:55
 
==================== End Of Log ============================

 

Addition.txt:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014
Ran by Elisabeth at 2014-12-01 20:13:47
Running from C:\Users\Elisabeth\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Acoustica Effects Pack (HKLM-x32\...\Acoustica Effects Pack) (Version: 1.0 - Acoustica, Inc)
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: Build b217 - Acoustica)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScreensaver (HKLM-x32\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.05 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{CFC92B54-04CB-55F7-A230-D5563A3A439F}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlockAndSurf (HKLM-x32\...\0205FDDB-89EA-266B-CEA8-878A049C31FE) (Version:  - BlockAndSurf-software) <==== ATTENTION
Broadcom Wireless Network Adapter (HKLM-x32\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
CapsHook (HKLM-x32\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
ccc-core-static (x32 Version: 2010.1110.1539.28046 - ATI) Hidden
ConvertAd (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - ConvertAd) <==== ATTENTION
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealsFactor (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - DealsFactor) <==== ATTENTION
DefaultTab (HKLM-x32\...\DefaultTab) (Version: 2.3.3.0 - Search Results, LLC) <==== ATTENTION
E-Cam (HKLM-x32\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.2.9 - AzureWave)
Eee Docking 3.8.2 (HKLM\...\Eee Docking_is1) (Version: 3.8.2 - ASUSTek Computer Inc.)
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
FontResizer (HKLM-x32\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (x32 Version: 1.01.0011 - ASUSTek) Hidden
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.34.0 - International GeoGebra Institute)
Google Chrome (HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
GoSave (HKLM-x32\...\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}) (Version: 3.2.0.1583 - ) <==== ATTENTION
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
Hotkey Service (HKLM-x32\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.37 - AsusTek Computer Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Internet Explorer Toolbar 4.9 by SweetPacks (HKLM-x32\...\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}) (Version: 4.9.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
leess2paeye (HKLM-x32\...\{82B558C7-2A69-D3D5-B65A-DCAB3B65AD02}) (Version:  - "") <==== ATTENTION
LiveUpdate (HKLM-x32\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.25 - AsusTek Computer Inc.)
LPT System Updater Service (HKLM-x32\...\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}) (Version: 1.0.0.0 - LPT) <==== ATTENTION
Maxtor Manager (HKLM-x32\...\InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: 4.01.0227 - Seagate Technology)
Maxtor Manager (x32 Version: 4.01.0227 - Seagate Technology) Hidden
Microsoft .NET Framework 4.5.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.007.09.02.26 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 30.0 (x86 da) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 da)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Nokia Internet Modem (HKLM-x32\...\{A35EF357-F7DF-4B8A-B4D6-9F9C91AA8D83}) (Version: 1.2.277.3 - SmartCom)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Opdatering til Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0406-0000-0000000FF1CE}_ENTERPRISE_{7304A9DD-2F95-4147-8CD4-E135168C61E6}) (Version:  - Microsoft)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0406-0000-0000000FF1CE}_ENTERPRISE_{0C315122-B0FA-428D-A3BB-6F6510F866FF}) (Version:  - Microsoft)
Opdatering til Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0406-0000-0000000FF1CE}_ENTERPRISE_{EA60117C-C535-4A3F-AED1-C888F5114210}) (Version:  - Microsoft)
Performance Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3}) (Version:  - Linker Ltd) <==== ATTENTION
Pokki (HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Pokki) (Version: 0.266.1.172 - Pokki)
ProShopper (HKLM-x32\...\{8F213470-964F-4092-6B31-BC7570F31B5A}) (Version:  - ProShopper) <==== ATTENTION
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6293 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
SafeFinder Smartbar (HKLM-x32\...\{1898B668-CCF5-429F-A86F-9837E5439D77}) (Version: 11.114.72.19232 - Linkury Ltd.) <==== ATTENTION
Savings Sidekick (HKLM-x32\...\Savings Sidekick) (Version: 1.23.151.151 - 215 Apps) <==== ATTENTION
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1101}) (Version: 12.17.1.65 - APN, LLC) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.26.7 - Client Connect LTD) <==== ATTENTION
Shopping App by Ask (HKLM-x32\...\{4F524A2D-5354-2D53-5045-A758B70C1200}) (Version: 12.18.0.81 - APN, LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM-x32\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.18 - AsusTek Computer)
SweetPacks Updater Service (HKLM-x32\...\WNLT) (Version: 4.0.5.7 - ) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
topdEal (HKLM-x32\...\{9B149088-3FB6-875E-C1A4-A25A6E9D278D}) (Version:  - topdeal)
Trend Micro Titanium (x32 Version: 1.0 - Trend Micro Inc.) Hidden
TuneUp Utilities 2014 (en-GB) (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.340 - TuneUp Software) Hidden
Unitech LLC toolbar   (HKLM-x32\...\ividi) (Version: 1.8.23.0 - Unitech LLC) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Updater By Sweetpacks 2.0.0.605 (HKLM\...\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1) (Version: 2.0.0.605 - Sweetpacks) <==== ATTENTION
USBCharge+ (HKLM-x32\...\{8165EFD2-0EB8-4C4F-A0E4-0E641B117ED2}) (Version: 1.0.0.23 - AsusTek Computer)
VideoPerformer (HKLM-x32\...\VideoPerformer) (Version:  - PerformerSoft LLC) <==== ATTENTION
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
WordMat v. 1.07 (HKLM-x32\...\{301A8257-D5EF-48B4-AAC2-E86700DDA6FE}_is1) (Version:  - Eduap)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}\InprocServer32 -> %LOCALAPPDATA%\Pokki\ocdeskband_0.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Valdemar\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Valdemar\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Valdemar\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Valdemar\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
06-11-2014 13:27:35 Windows Update
15-11-2014 15:36:36 Windows Sikkerhedskopiering
15-11-2014 15:39:51 Windows Update
20-11-2014 11:02:14 Windows Update
20-11-2014 11:05:24 Windows Sikkerhedskopiering
21-11-2014 17:34:28 Windows Update
22-11-2014 20:12:39 Windows Update
23-11-2014 18:01:06 Windows Sikkerhedskopiering
26-11-2014 21:18:36 Windows Update
01-12-2014 19:07:23 Windows Sikkerhedskopiering
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1646D2CD-408E-48BD-9310-1271BEE8250D} - System32\Tasks\Norton Security Scan for Elisabeth => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {17142E0A-13D4-4E81-99DF-D52A60367319} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {19451318-0679-4D4A-B6DA-E580FF250AD7} - System32\Tasks\DTReg => C:\Users\Elisabeth\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION
Task: {4A10B15F-9C54-4CED-9CD0-E28D2CACDB1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A48D2692-923F-4903-9C6D-CD8A322C9FBD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D33085CA-FA00-4444-8A38-3F571D800F3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {E31F06E8-C0C6-435F-B107-674DEBD4A8F7} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-05-23] (Search Results, LLC) <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core.job => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA.job => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core.job => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA.job => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for Elisabeth.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-22 10:27 - 2009-11-05 08:40 - 00085504 _____ () C:\windows\System32\cpwmon64.dll
2011-02-28 16:59 - 2010-12-07 18:19 - 00224680 _____ () C:\windows\SysWOW64\AsusService.exe
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-08-27 17:43 - 2014-08-27 17:43 - 00032768 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-08-27 17:43 - 2014-08-27 17:43 - 00034816 _____ () C:\Program Files (x86)\LPT\srptsl.exe
2013-09-16 13:38 - 2011-12-23 11:03 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2014-10-23 12:07 - 2014-10-23 12:07 - 00076800 _____ () C:\Users\Elisabeth\AppData\Roaming\VOPackage\VOsrv.exe
2014-07-16 09:24 - 2014-07-16 09:24 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-11-01 06:31 - 2013-11-01 06:31 - 02329928 _____ () C:\Users\Elisabeth\AppData\Local\Pokki\ocdeskband_0.dll
2012-01-22 10:25 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-05-21 14:38 - 2010-05-21 14:38 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-09-23 17:14 - 2014-09-23 17:14 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-02-06 16:13 - 2014-02-06 16:13 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00138368 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
2014-10-23 10:17 - 2014-10-23 10:17 - 02097152 _____ () C:\Users\Elisabeth\AppData\Local\ConvertAd\ConvertAd.exe
2014-08-27 17:50 - 2014-08-27 17:50 - 00023552 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-10-20 19:24 - 2014-10-20 19:24 - 00186192 _____ () c:\ProgramData\Performance Optimizer\PerformanceOptimizerSvc.dll
2014-10-20 19:24 - 2014-10-20 19:24 - 04125184 _____ () c:\ProgramData\Performance Optimizer\PerformanceOptimizer.dll
2014-08-27 17:43 - 2014-08-27 17:43 - 00042496 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-08-27 17:42 - 2014-08-27 17:42 - 00018944 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-08-27 17:43 - 2014-08-27 17:43 - 00070144 _____ () C:\Program Files (x86)\LPT\srut.dll
2013-09-16 13:38 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-09-16 13:38 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-09-16 13:38 - 2010-05-14 10:57 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-09-16 13:38 - 2010-02-10 15:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-09-16 13:38 - 2011-12-23 08:52 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-09-16 13:38 - 2010-02-10 15:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-11-22 20:12 - 2010-11-22 20:12 - 00181664 _____ () C:\Program Files (x86)\Asus\LiveUpdate\Parser.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00050176 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00086016 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\srau.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00165888 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 02425344 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00066560 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\spbl.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00158208 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00014336 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\siem.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00067584 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\sppsm.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00696832 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00014848 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00078848 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00027136 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00070144 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\srut.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00029184 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\srsbs.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00065536 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00150016 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\smti.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00073728 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\smsp.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00011776 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\sidc.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00030720 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\smtu.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00038912 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\smta.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00030720 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\srom.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00047104 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\srbu.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00024064 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\sgml.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00061952 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00025088 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\srpdm.dll
2014-08-27 17:50 - 2014-08-27 17:50 - 00043520 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00035328 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-08-27 17:51 - 2014-08-27 17:51 - 00193024 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 10:21 - 2014-05-12 10:21 - 00061440 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00254976 _____ () C:\Users\Elisabeth\AppData\Local\Smartbar\Application\srns.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00059312 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\DriveDetector.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00508848 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Toolkit.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00147888 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\pcre3.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00775600 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\UIToolkit.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00090544 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ComCore.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00049584 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Preferences.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00247216 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\DB.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00125872 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Discovery.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00311728 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Device.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00028160 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryGeneric.plugin
2011-06-17 11:22 - 2011-06-17 11:22 - 00017408 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryNdis.plugin
2013-09-07 03:11 - 2013-09-07 03:11 - 00569856 _____ () C:\Users\Elisabeth\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2013-09-07 03:11 - 2013-09-07 03:11 - 01400846 _____ () C:\Users\Elisabeth\AppData\Local\Pokki\Engine\avcodec-54.dll
2013-09-07 03:11 - 2013-09-07 03:11 - 00151054 _____ () C:\Users\Elisabeth\AppData\Local\Pokki\Engine\avutil-51.dll
2013-09-07 03:11 - 2013-09-07 03:11 - 00222734 _____ () C:\Users\Elisabeth\AppData\Local\Pokki\Engine\avformat-54.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00023040 _____ () C:\Users\Elisabeth\AppData\Local\LPT\srptm.exe
2014-08-27 17:52 - 2014-08-27 17:52 - 00081920 _____ () C:\Users\Elisabeth\AppData\Local\LPT\srpt.dll
2014-08-27 17:52 - 2014-08-27 17:52 - 00042496 _____ () C:\Users\Elisabeth\AppData\Local\LPT\srptc.dll
2014-08-27 17:50 - 2014-08-27 17:50 - 00018944 _____ () C:\Users\Elisabeth\AppData\Local\LPT\Smartbar.Common.dll
2013-11-13 17:23 - 2011-12-23 11:03 - 01546080 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\LiveUpd.exe
2013-09-16 13:38 - 2010-02-10 15:43 - 09515520 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtGui4.dll
2013-11-13 17:23 - 2012-03-14 13:16 - 00082944 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\plugins\imageformats\qgif4.dll
2013-11-13 17:23 - 2012-03-14 13:16 - 00081920 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\plugins\imageformats\qico4.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3664937432-39338335-2934514172-500 - Administrator - Disabled)
Elisabeth (S-1-5-21-3664937432-39338335-2934514172-1000 - Administrator - Enabled) => C:\Users\Elisabeth
Gæst (S-1-5-21-3664937432-39338335-2934514172-501 - Limited - Disabled)
Valdemar (S-1-5-21-3664937432-39338335-2934514172-1001 - Limited - Enabled) => C:\Users\Valdemar
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/26/2014 10:12:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Fjernelse af ydelsestællerstrenge for tjenesten WmiApRpl (WmiApRpl) mislykkedes. Det første DWORD i dataafsnittet indeholder fejlkoden.
 
Error: (11/26/2014 10:12:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Ydelsestællerstrengene i registreringsdatabaseværdien for ydelse blev beskadiget under behandling af udvidelsestællerudbyderen Performance. Værdien BaseIndex fra registreringsdatabasen for ydelse er det første DWORD i dataafsnittet, værdien LastCounter er det andet DWORD i dataafsnittet, og værdien LastHelp er det tredje DWORD i dataafsnittet.
 
Error: (11/26/2014 10:12:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Ydelsestællerstrengene i registreringsdatabaseværdien for ydelse blev beskadiget under behandling af udvidelsestællerudbyderen Performance. Værdien BaseIndex fra registreringsdatabasen for ydelse er det første DWORD i dataafsnittet, værdien LastCounter er det andet DWORD i dataafsnittet, og værdien LastHelp er det tredje DWORD i dataafsnittet.
 
Error: (11/23/2014 00:07:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Navn på program med fejl: AsusScreensaver.scr, version: 1.0.3.0, tidsstempel: 0x4c6e6577
Navn på modul med fejl: KERNELBASE.dll, version: 6.1.7601.18409, tidsstempel: 0x5315a05a
Undtagelseskode: 0xc0020001
Forskydning med fejl 0x000000000000940d
Proces-id 0x%9
Programmets starttidspunkt 0xAsusScreensaver.scr0
Programsti: AsusScreensaver.scr1
Modulsti: AsusScreensaver.scr2
Rapport-id: AsusScreensaver.scr3
 
Error: (11/22/2014 06:36:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Fjernelse af ydelsestællerstrenge for tjenesten WmiApRpl (WmiApRpl) mislykkedes. Det første DWORD i dataafsnittet indeholder fejlkoden.
 
Error: (11/22/2014 06:36:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Ydelsestællerstrengene i registreringsdatabaseværdien for ydelse blev beskadiget under behandling af udvidelsestællerudbyderen Performance. Værdien BaseIndex fra registreringsdatabasen for ydelse er det første DWORD i dataafsnittet, værdien LastCounter er det andet DWORD i dataafsnittet, og værdien LastHelp er det tredje DWORD i dataafsnittet.
 
Error: (11/22/2014 06:36:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Ydelsestællerstrengene i registreringsdatabaseværdien for ydelse blev beskadiget under behandling af udvidelsestællerudbyderen Performance. Værdien BaseIndex fra registreringsdatabasen for ydelse er det første DWORD i dataafsnittet, værdien LastCounter er det andet DWORD i dataafsnittet, og værdien LastHelp er det tredje DWORD i dataafsnittet.
 
Error: (11/05/2014 04:04:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Fjernelse af ydelsestællerstrenge for tjenesten WmiApRpl (WmiApRpl) mislykkedes. Det første DWORD i dataafsnittet indeholder fejlkoden.
 
Error: (11/05/2014 04:04:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Ydelsestællerstrengene i registreringsdatabaseværdien for ydelse blev beskadiget under behandling af udvidelsestællerudbyderen Performance. Værdien BaseIndex fra registreringsdatabasen for ydelse er det første DWORD i dataafsnittet, værdien LastCounter er det andet DWORD i dataafsnittet, og værdien LastHelp er det tredje DWORD i dataafsnittet.
 
Error: (11/05/2014 04:04:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Ydelsestællerstrengene i registreringsdatabaseværdien for ydelse blev beskadiget under behandling af udvidelsestællerudbyderen Performance. Værdien BaseIndex fra registreringsdatabasen for ydelse er det første DWORD i dataafsnittet, værdien LastCounter er det andet DWORD i dataafsnittet, og værdien LastHelp er det tredje DWORD i dataafsnittet.
 
 
System errors:
=============
Error: (12/01/2014 07:57:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:  
cdrom
 
Error: (12/01/2014 07:56:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Mobile Partner. OUC kunne ikke starte pga. følgende fejl:  
%%1053
 
Error: (12/01/2014 07:56:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Der opstod timeout (30000 millisekunder), mens systemet ventede på, at der blev oprettet forbindelse til tjenesten Mobile Partner. OUC.
 
Error: (11/27/2014 01:33:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Der opstod en timeout (30000 millisekunder), mens der ventedes på et transaktionssvar fra tjenesten NlaSvc.
 
Error: (11/26/2014 10:57:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Der opstod en timeout (30000 millisekunder), mens der ventedes på et transaktionssvar fra tjenesten SysMain.
 
Error: (11/26/2014 10:25:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}
 
Error: (11/26/2014 10:04:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Mobile Partner. OUC kunne ikke starte pga. følgende fejl:  
%%1053
 
Error: (11/26/2014 10:04:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Der opstod timeout (30000 millisekunder), mens systemet ventede på, at der blev oprettet forbindelse til tjenesten Mobile Partner. OUC.
 
Error: (11/26/2014 10:03:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den foregående systemlukning kl. 14:58:06 d. ‎26-‎11-‎2014 var uventet.
 
Error: (11/26/2014 01:30:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Mobile Partner. OUC kunne ikke starte pga. følgende fejl:  
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (09/20/2012 08:26:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-15 16:33:23.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-15 16:33:21.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-06 14:20:48.061
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-06 14:20:45.899
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-27 06:50:35.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-27 06:50:33.183
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-21 16:56:21.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-21 16:56:19.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-14 20:48:35.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-14 20:48:34.069
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info ===========================  
 
Processor: AMD E-350 Processor
Percentage of memory in use: 44%
Total physical RAM: 3692.39 MB
Available physical RAM: 2054.66 MB
Total Pagefile: 7382.96 MB
Available Pagefile: 5494.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:46.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:42.96 GB) NTFS
Drive f: () (Removable) (Total:0.96 GB) (Free:0.03 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B507A563)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
 
========================================================
Disk: 1 (Size: 982 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
==================== End Of Log ============================

 

 

TDSSKiller.log is attached as you asked for. There where two of those, I just attached them both...

 

;Attached File  TDSSKiller.3.0.0.41_01.12.2014_20.20.39_log.txt   215.06KB   119 downloads

 

Attached File  TDSSKiller.3.0.0.41_01.12.2014_20.19.59_log.txt   492bytes   89 downloads-)



#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 02 December 2014 - 02:34 AM

Hi Kim, 
 

I have been running the tools you asked, and it did dectect some malware

Most of the files TDSSKiller flagged are legitimate. The other files are adware-related - so not malicious, but will still be removed.
 
Please work your way through the following steps, and let me know how you get on. 
 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • BlockAndSurf
    • ConvertAd
    • DealsFactor
    • DefaultTab
    • EZDownloader
    • GoSave
    • Internet Explorer Toolbar 4.9 by SweetPacks
    • leess2paeye
    • LPT System Updater Service
    • MyPC Backup
    • Performance Optimizer
    • Pokki
    • ProShopper
    • Remote Desktop Access (VuuPC)
    • SafeFinder Smartbar
    • Savings Sidekick
    • Search App by Ask
    • Search Protect
    • Shopping App by Ask
    • SweetPacks Updater Service
    • topdEal
    • TuneUp Utilities 2014
    • Unitech LLC toolbar
    • Updater By Sweetpacks 2.0.0.605
    • VideoPerformer 
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK?
  • AdwCleaner[S0].txt
  • JRT.txt
  • MBAM log
  • FRST.txt
  • Addition.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 Guffegris

Guffegris

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 03 December 2014 - 06:07 AM

Hi Adam,

 

Nice to hear that it is not malicious, and certainly also to get ridge of all that anoying adware! :-)

 

I ran the tools you told me, and I believe that I got correctly through all the steps. My only comment is that I could not find MyPC Backup in Revo's list of programmes - what a nice tool by the way! :-) - As far as I can tell all the programmes uninstalled as they should.

 

Here comes my logs:

 

AdwCleaner[So].log:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v4.103 - Report created 02/12/2014 at 21:51:03
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Elisabeth - ELISABETH-PC
# Running from : C:\Users\Elisabeth\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : BackupStack
[#] Service Deleted : LPTSystemUpdater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\374311380  
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\GoSave
Folder Deleted : C:\ProgramData\SaleItCoupon
Folder Deleted : C:\ProgramData\714821c3375fd8b5
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\topdeal
Folder Deleted : C:\Program Files (x86)\GoSave
Folder Deleted : C:\windows\SysWOW64\WNLT
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ELISAB~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\ELISAB~1\AppData\Local\Temp\Unitech LLC
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Elisabeth\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Elisabeth\AppData\Local\torch
Folder Deleted : C:\Users\Elisabeth\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Elisabeth\AppData\LocalLow\Unitech LLC
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\WebExtend
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Elisabeth\Documents\Optimizer Pro
Folder Deleted : C:\Users\Gæst\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Gæst\AppData\Local\torch
Folder Deleted : C:\Users\Public\Util
Folder Deleted : C:\Users\Valdemar\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Valdemar\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Valdemar\AppData\Local\torch
Folder Deleted : C:\Users\Valdemar\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Valdemar\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\7xF@iGLk3.net
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\InCKP@j.net
Folder Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\Extensions\InCKP@j.net
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\M7Cb9e@f.net
Folder Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\Extensions\M7Cb9e@f.net
Folder Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\uy_cpqu@tevwyczzmkq.net
Folder Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\Extensions\uy_cpqu@tevwyczzmkq.net
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef
Folder Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdhgpkkloealnjnmepfhanpcleldbef
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Gæst\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpkmednhafcdnkbcfnohficagkkkala
Folder Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpkmednhafcdnkbcfnohficagkkkala
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Elisabeth\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Gæst\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
Folder Deleted : C:\Users\Valdemar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Elisabeth\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Elisabeth\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\searchplugins\SafeFinder Search.xml
File Deleted : C:\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\searchplugins\SafeFinder Search.xml
File Deleted : C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\user.js
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elchiiiejkobdbblfejjkbphbddgmljf_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elchiiiejkobdbblfejjkbphbddgmljf_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage-journal
File Deleted : C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_en.softonic.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : DTChk
Task Deleted : DTReg
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{685F23D9-FCFD-475C-B56A-362645945C5A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0f715fb9-4331-43f1-b8bf-d471403dd02a}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DEDAF650-12B8-48F5-A843-BBA100716106}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FF948BE-E81B-4295-9AA0-24180CDE91C1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5D51793B-FF8C-4679-A4C7-1D17DC71373A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\iVIDI Plugin
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Unitech LLC
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\Unitech LLC
Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v30.0 (da)
 
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzx2jfxN3MZe[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.15pwp.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumoro[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", false);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageDay", 27);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1414212539148");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.barcodeid", "150032");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "dk");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "irssf200");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/az412617.vo.msecnd.net\\\\\\/scripts\\\\\\/crt.js\\\",\\\"hxxpsInje[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "2723d5f0-3254-4fd9-5fbc-eacf92e6f570");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "23/10/2014");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.iswinxp", "false");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1414123939");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1417036908274");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "irssf");
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.mtpWQEkRoFVHBPMD.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.pqgkVW3QCR8AVW9y.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[sl2ed0e8.default\prefs.js] - Line Deleted : user_pref("extensions.qZujXrEIRzwlT01f.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxsk2Ly1tzOAMu2Xf[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "SafeFinder Search");
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "SafeFinder Search");
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzx2jfxN3MZe[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("extensions.15pwp.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumoro[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("extensions.mtpWQEkRoFVHBPMD.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("extensions.qZujXrEIRzwlT01f.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[peeyg0ew.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNl[...]
 
-\\ Google Chrome v
 
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=58&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&q={searchTerms}&SSPV=
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=58&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&q={searchTerms}&SSPV=
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=55&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&SSPV=
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=55&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&SSPV=
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&babsrc=HP_clro_pr&s=web&rlz=0&as=0&ac=0
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.kelkoo.dk/ctl/do/search?siteSearchQuery={searchTerms}&from=colibri
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kpdhgpkkloealnjnmepfhanpcleldbef
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : febofpodjlkgfmljjonnhpghpgcpfldi
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : djpkmednhafcdnkbcfnohficagkkkala
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.claro-search.com/?affID=114508&tt=4312_8&babsrc=HP_clro&mntrId=3ccdf288000000000000000000000000
 
-\\ Comodo Dragon v
 
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=58&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&q={searchTerms}&SSPV=
[C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M2B269ABB-E6F6-40AC-B214-9AF8DF66028F&SearchSource=58&CUI=&UM=6&UP=SPF4835756-9811-4174-9456-578DDC8D4F54&q={searchTerms}&SSPV=
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.claro-search.com/?q={searchTerms}&babsrc=HP_clro_pr&s=web&rlz=0&as=0&ac=0
[C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.kelkoo.dk/ctl/do/search?siteSearchQuery={searchTerms}&from=colibri
 
*************************
 
AdwCleaner[R0].txt - [28689 octets] - [02/12/2014 21:43:51]
AdwCleaner[S0].txt - [27076 octets] - [02/12/2014 21:51:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27137 octets] ##########

 

 

JTR.txt:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Elisabeth on 02-12-2014 at 21:59:54,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{047AF3A9-C3D0-4227-8346-17D29CA78D62}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{0648C5CD-091F-4D19-B1CB-37CAA1C662B5}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{0FF1F229-941C-4C55-9EED-082931999E0A}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{12D5014B-B009-4A85-92F0-BC3D77DE63F5}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{13A15CF1-1577-4D62-A372-2DA2A76AC1C2}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{15C5B287-9488-4699-8C87-D37CED559BBF}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{1A4398A4-50D9-4A88-8FC1-83F391F6BFD7}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{1FAE4B19-433F-4EC4-A77A-E6B818396B8D}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{23D9AA67-2E83-420A-B617-542ACE66CE9C}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{371DA743-71AF-44AD-84A9-5512A28F77C2}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{3744B272-C7EE-4325-8630-808C4CDE9F9D}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{43B59605-7F19-4AB6-B540-EA2426EC6673}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{4E13F267-149C-47E4-9D15-9112E136ED7A}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{4F0BB11B-57AB-4ECF-8993-4F38F71DED98}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{57954AD6-4B82-4C17-AA83-05B4F7E66DD0}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{687CF08E-AD1B-4F84-97CC-0F1E917A6111}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{70AD1F95-4EB5-4B80-AB95-80FC2F336ED0}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{74151456-29BA-452C-9675-2AF58EBC50C7}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{762B3F04-FD2B-4A8B-A7D8-A1CDAFC2EF7A}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{8617BD05-E9AC-45A5-B323-45CCE5C46FC7}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{88F0CB53-500D-4C7E-B9FA-DE87B0A84E27}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{9AC6833B-8FD1-4DA9-ACBA-D298A93EBD78}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{9FF725C4-DA2C-4F82-B6A5-7971ED0535CA}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A066C883-B0EA-4E60-9DA8-09DE15562416}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A4702CE3-1CE2-4690-A646-7F8AF4664BE2}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A4C001AD-20F2-481A-9E08-B5B74B551011}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A5A7898A-B175-446D-9D87-B366253A026C}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{A6519127-2308-45A1-96DF-0CD2F77F3586}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{B1187265-12D9-42B8-8BEB-68BBD9707E9B}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{BD790FDD-665D-4564-B9EC-1ACDDA7B667B}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{C1E948CC-EF68-43D2-98D7-010146E89FB5}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{C45D4D11-8414-4D64-B01A-ED4834412717}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{D235686E-8842-4FA2-94E6-03F2B8DE66DD}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{D5834EED-CB5A-49F7-84AF-C8693A938BF6}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{DDA9E801-ABCD-4901-86CC-D5BD5B81A415}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{DDF3BC30-DB36-449D-BD25-0E8FA8BF8F1C}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{F705BB6D-059B-4FFC-BED0-83F6600F4F22}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{F7374D99-655B-4EFA-9059-CB89F82F4AE9}
Successfully deleted: [Empty Folder] C:\Users\Elisabeth\appdata\local\{FE26F720-562E-4539-9BB1-A4D24352C066}
 
 
 
~~~ FireFox
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\speedtest4354@bestoffers
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02-12-2014 at 22:08:13,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

MBAM scan log:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 02-12-2014
Scan Time: 23:15:34
Logfile:  
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.12.02.09
Rootkit Database: v2014.12.02.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Elisabeth
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398344
Time Elapsed: 53 min, 34 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 22
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [19f54e101c605ed8071af40eba498d73],  
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [997526380a72e74f79958a4254ae49b7],  
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [997526380a72e74f79958a4254ae49b7],  
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [997526380a72e74f79958a4254ae49b7],  
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [997526380a72e74f79958a4254ae49b7],  
PUP.Optional.SpeedTest.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, Quarantined, [15f9fe603448e2541838be0aa06255ab],  
PUP.Optional.SpeedTest.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, Quarantined, [15f9fe603448e2541838be0aa06255ab],  
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, Quarantined, [5ab45b03b6c6ce689cbeb21613ef659b],  
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}, Quarantined, [5ab45b03b6c6ce689cbeb21613ef659b],  
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DEDAF650-12B8-48F5-A843-BBA100716106}, Quarantined, [8e80f9652d4fd660d1636b61659d629e],  
PUP.Optional.SweetIM.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DEDAF650-12B8-48F5-A843-BBA100716106}, Quarantined, [8e80f9652d4fd660d1636b61659d629e],  
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, Quarantined, [040af16d2e4e280e0f4c874115ed857b],  
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E87806B5-E908-45FD-AF5E-957D83E58E68}, Quarantined, [040af16d2e4e280e0f4c874115ed857b],  
PUP.Optional.SweetPacks, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [58b63a2428545bdbbd5403c940c22ed2],  
PUP.Optional.SweetPacks, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Quarantined, [58b63a2428545bdbbd5403c940c22ed2],  
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, Quarantined, [2be358068fed1f178e533d8eab57639d],  
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, Quarantined, [13fbf7677309b77f2fb339924cb6cd33],  
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [4bc33e20df9d4ceae16fedd0f50f8f71],  
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [57b7431bbebe3cfa054ab9040ef642be],  
PUP.Optional.SavingsSidekick.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Savings Sidekick, Quarantined, [818d0757641883b3cbab2248ca392dd3],  
PUP.Optional.PCPerformer.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT\PC Performer, Quarantined, [13fbadb10d6f78be41e96b2f1de78779],  
PUP.Optional.Softonic.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [ce402f2f4a326acc82de2949c43f0000],  
 
Registry Values: 2
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3664937432-39338335-2934514172-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [f41ad886e09c56e034cf3329eb181be5]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [f21c69f56f0d41f50bf8a4b85aa9ae52]
 
Registry Data: 6
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[6da1f06ec2ba0e28d01e361c52b36d93]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.safefind...o7OsMM74nLQKyQQ, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzx2jfxN3MZeHVU_vrVSDvCZH8RhJf5OGHAgdkh7AICdOygbE7MjW8lM4g5Km9gU_0cr37Sjo7OsMM74nLQKyQQ,),Replaced,[a569ea74b0cca6902ac1aea4ad588080]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[1fef243a027a0135d51b2d25d62f40c0]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[49c581dd700cc47233c07ed4d72ee719]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[0fff6bf317654beb0ee6aca6fc09af51]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-3664937432-39338335-2934514172-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.safefind...QtEXoxOYbg,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_Gg52jK0TQf_1Uz35SON-g1e364xUMs1pmeBiRVYC6zVpjA1OlFHWYX5l_3f6bBUPYYS3acK48irzxF1pk4hbn59B9tsefmaiDNlOSghffBOzUFy74KABbHCsdk_XnaLdpsxQSR_LJmWXV7c8F35ppzGQtEXoxOYbg,,&q={searchTerms}),Replaced,[f519322c6a12f54166909eb4b15457a9]
 
Folders: 6
PUP.Optional.Extutil.A, C:\Users\Elisabeth\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [de3039254b311125be7070bae02313ed],  
PUP.Optional.Managera.A, C:\Users\Elisabeth\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [13fb49154933d75ff738e94127dc0df3],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
 
Files: 83
PUP.Optional.OpenCandy, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$RB1EJQ2.exe, Quarantined, [42cc90ce116bf5414fbb42422cd98080],  
PUP.Optional.VOPackage.Gen, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$RVUVYVE.exe, Quarantined, [d93566f81f5d3ef899092bbbd52cde22],  
PUP.Optional.MultiPlug, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$R4CXNWU\euamQKlEXRIElY.exe, Quarantined, [53bb530bf8847bbb048901c054ade31d],  
PUP.Optional.MultiPlug, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$R82R1MI\eu.exe, Quarantined, [c549bca22755ff37484513ae0cf50df3],  
PUP.Optional.Montiera, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$RKU2XIY.0\ividi4ffx.exe, Quarantined, [0fffb8a65527c17578cb3213c43d57a9],  
PUP.Optional.Montiera, C:\$RECYCLE.BIN\S-1-5-21-3664937432-39338335-2934514172-1000\$RKU2XIY.0\ividi4ie.exe, Quarantined, [b15deb73ccb087af093a32132fd2f40c],  
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe, Quarantined, [97773826bfbd7fb74259770cd134a15f],  
PUP.Optional.Softonic.A, C:\Users\Elisabeth\AppData\Local\Temp\Softonic_chr_1-8-19-3.exe, Quarantined, [1fefbca26418181ec6dcb20a936e6a96],  
PUP.Optional.SweetPacks.A, C:\Users\Elisabeth\AppData\Local\Temp\spacksyahoo_717_active.exe, Quarantined, [20ee67f7423a3afcb119f24620e18f71],  
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\bundlesweetimsetup.exe, Quarantined, [f6183f1f106cdf57f3a8dba8966f41bf],  
PUP.Optional.InstallMonetizer, C:\Users\Elisabeth\AppData\Local\Temp\nsgB099.tmp, Quarantined, [cf3f233bd1ab3afc5d6678487c86d828],  
PUP.Optional.Perion.A, C:\Users\Elisabeth\AppData\Local\Temp\WSSetup.exe, Quarantined, [fe10ee70225a49edf6dcf119d62f0ef2],  
PUP.Optional.InstallBrain, C:\Users\Elisabeth\AppData\Local\Temp\Zoola Games314483.exe, Quarantined, [21ed92ccaece70c6808d52e340c0d828],  
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\1380375175_15691875_872_4.tmp, Quarantined, [9777c5995f1d74c2b6e585fe8b7a58a8],  
PUP.Optional.MyPCBackup.A, C:\Users\Elisabeth\AppData\Local\Temp\BackupSetup.exe, Quarantined, [10fe0e5028548da93ba99e427e83f10f],  
PUP.Optional.DefaultTab.A, C:\Users\Elisabeth\AppData\Local\Temp\DefaultTabSetup2.exe, Quarantined, [11fde5794d2f0a2c058642eaf907d729],  
PUP.Optional.InstallCore.A, C:\Users\Elisabeth\AppData\Local\Temp\ICReinstall_FirefoxSetup.exe, Quarantined, [f41ae876ec9034020a39a7810afb14ec],  
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\mgsqlite3.7z, Quarantined, [41cde579aece8fa7cbd0d4af34d1837d],  
PUP.Optional.SweetIM, C:\Users\Elisabeth\AppData\Local\Temp\mgsqlite3.dll, Quarantined, [739be17df48877bf1784533090759868],  
PUP.Optional.InstallMonetizer, C:\Users\Elisabeth\AppData\Local\Temp\nsg94C1.tmp\nsManeshWeb.dll, Quarantined, [ab630d51cab2af87457e229e0cf651af],  
PUP.Optional.Installcore, C:\Users\Elisabeth\AppData\Local\Temp\nsg94C1.tmp\nsvmd.dll, Quarantined, [68a6c39bdca062d4fc5bb546d42dc23e],  
PUP.Optional.Wajam, C:\Users\Elisabeth\AppData\Local\Temp\nsg94C1.tmp\OurChecker.exe, Quarantined, [f717332bb9c3df57e6a96352b949cc34],  
PUP.Optional.EZDownloader.A, C:\Users\Elisabeth\AppData\Local\Temp\{0948F5B9-25F7-4A90-A87B-6DD5D2ABD74F}\Addons\EzDownloader_setup.exe, Quarantined, [a46a5707502cfc3aca136ab508f81be5],  
PUP.Optional.Montiera, C:\Users\Elisabeth\AppData\Local\Temp\nsoBFE7.tmp\ividi_1.8.23.0.exe, Quarantined, [e12dd78778048ea8f74c3b0ad42dc937],  
PUP.Optional.SkyTech.A, C:\Users\Valdemar\AppData\Local\Temp\adks_awesomehp.exe, Quarantined, [8a842a34453778bef50ab2bf966b36ca],  
PUP.Optional.DomaIQ, C:\Users\Elisabeth\Downloads\Setup.exe, Quarantined, [c8466cf2cfad2c0a53d5df7afe02c739],  
PUP.Optional.Bandoo, C:\Users\Elisabeth\Downloads\iLividSetup-r342-n-bc.exe, Quarantined, [a866d08ef389092d1b71061f1de4bf41],  
PUP.Optional.Softonic, C:\Users\Valdemar\Downloads\SoftonicDownloader_for_acoustica-mixcraft.exe, Quarantined, [4cc2ca94a9d37cba21799cbe1ae63bc5],  
PUP.Optional.InstalleRex, C:\Users\Valdemar\Downloads\® - Danish movie.exe, Quarantined, [4fbfda84b0cc8aac7a0da42da25f27d9],  
PUP.Optional.PremiumInstaller, C:\Users\Valdemar\Downloads\setup (1).exe, Quarantined, [ed2196c8a1db95a11da6d775e0253ac6],  
PUP.Optional.PremiumInstaller, C:\Users\Valdemar\Downloads\setup (2).exe, Quarantined, [62ac5a04700c7abc952e3b11e81d8e72],  
PUP.Optional.PremiumInstaller, C:\Users\Valdemar\Downloads\setup (3).exe, Quarantined, [e12d233ba6d692a406bded5fd233b14f],  
PUP.Optional.OptimunInstaller, C:\Users\Valdemar\Downloads\setup (4).exe, Quarantined, [848a1e40fd7f1a1c5f89e5644db30af6],  
PUP.Optional.PremiumInstaller, C:\Users\Valdemar\Downloads\setup.exe, Quarantined, [58b665f99ddfd264f8cbff4d56af8b75],  
PUP.Optional.ToolBarInstaller.A, C:\Users\Valdemar\Downloads\Zend.Technologies.Ltd.Zend.Studio.v10.1.Incl.Keygen-Lz0 (1).exe, Quarantined, [d638c29cd6a6d363518b06589f6220e0],  
PUP.Optional.ToolBarInstaller.A, C:\Users\Valdemar\Downloads\Zend.Technologies.Ltd.Zend.Studio.v10.1.Incl.Keygen-Lz0.exe, Quarantined, [d33b8bd32b51d75fa53707579071af51],  
PUP.Optional.InstallBrain, C:\Users\Valdemar\Downloads\ZoolaGamesSetup (1).exe, Quarantined, [11fd92cc2755ef47818cd2630bf505fb],  
PUP.Optional.InstallBrain, C:\Users\Valdemar\Downloads\ZoolaGamesSetup.exe, Quarantined, [5eb0cd913c403ef80ffe52e3b34ded13],  
PUP.Optional.OptimumInstaller.A, C:\Users\Valdemar\Downloads\Mandela_Long_Walk_To_Freedom_2013_720p_Bluray_DTS_x264-RARBG.exe, Quarantined, [d13df76764182a0cceb1e287f40d43bd],  
PUP.Optional.InstallCore.A, C:\Users\Valdemar\Downloads\FirefoxSetup.exe, Quarantined, [20ee1f3ff884c175ac9777b126dfdd23],  
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, Quarantined, [6ba35905512b0135237c07a16899f20e],  
PUP.Optional.VeriStaff, C:\Windows\Installer\2c4ef6.msi, Quarantined, [f11de07ea0dc48ee74f4c09d7090768a],  
PUP.Optional.CrossRider.A, C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dhdepfaagokllfmhfbcfmocaeigmoebo_0.localstorage-journal, Quarantined, [0509fb63314b15211c874926fc07e51b],  
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [6f9f1747d6a6b97d1c377845a064b34d],  
PUP.Optional.ReMarkable.A, C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [e42a421cec90c76fa198f5c9ad57ba46],  
PUP.Optional.ReMarkable.A, C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [33db530ba1dba78f15246d51b84cf30d],  
PUP.Optional.Extutil.A, C:\Users\Elisabeth\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [de3039254b311125be7070bae02313ed],  
PUP.Optional.Extutil.A, C:\Users\Elisabeth\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [de3039254b311125be7070bae02313ed],  
PUP.Optional.Extutil.A, C:\Users\Elisabeth\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [de3039254b311125be7070bae02313ed],  
PUP.Optional.Managera.A, C:\Users\Elisabeth\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [13fb49154933d75ff738e94127dc0df3],  
PUP.Optional.Managera.A, C:\Users\Elisabeth\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [13fb49154933d75ff738e94127dc0df3],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome.manifest, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\icon.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\install.rdf, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\background.html, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.xml, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\config.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\content.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.xul, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.png, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\options.xul, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\rjs.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\settings.json, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\subscriptloader.js, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.SpeedTest.A, C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin\framework.css, Quarantined, [fa14a7b70c705adc7604b27832d1c53b],  
PUP.Optional.Trovi.A, C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (            "new_tab_url": "https://www.trovi.co...8D4F54&SAT=CNTS",), Replaced,[5eb098c6cfadda5c6277177fb84d13ed]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

FRST.txt:

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014
Ran by Elisabeth (administrator) on ELISABETH-PC on 03-12-2014 00:35:24
Running from C:\Users\Elisabeth\Desktop
Loaded Profile: Elisabeth (Available profiles: Elisabeth & Valdemar)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dansk (Danmark)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\SysWOW64\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AsusTek Computer Inc.) C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\HotkeyService\HotkeyService.exe
() C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AsusTek Computer Inc.) C:\Program Files (x86)\Asus\USBChargeSetting\iSeriesCharge.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\Asus\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files (x86)\Asus\CapsHook\CapsHook.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92456 2010-08-12] (Synaptics Incorporated)
HKLM\...\Run: [LiveUpdate] => C:\Program Files (x86)\Asus\LiveUpdate\LiveUpdate.exe [1086888 2010-11-22] (AsusTek Computer Inc.)
HKLM\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [461488 2011-01-07] (ASUSTek Computer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [413112 2011-01-27] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-02-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169264 2007-09-06] (Maxtor Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NokiaInternetModem_AppStart.exe] => C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe [248448 2011-06-17] (Nokia)
HKLM-x32\...\Run: [iSeriesCharge] => C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe [99792 2012-06-28] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [Google Update] => "C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {13452e23-6e74-11e1-8843-f46d04bd7f4c} - E:\application\Nokia_Internet_Modem.exe
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {22df2162-20e9-11e3-ba20-f46d04bd7f4c} - E:\AutoRun.exe
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {2f3cc459-1ecc-11e3-b885-f46d04bd7f4c} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Clipper and Launcher til OneNote 2007.lnk
ShortcutTarget: Screen Clipper and Launcher til OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3664937432-39338335-2934514172-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =  
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Hjælp til logon til Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.127.127.11 81.27.221.146 81.27.221.179
 
FireFox:
========
FF ProfilePath: C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3664937432-39338335-2934514172-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3664937432-39338335-2934514172-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-co-uk.xml
FF Extension: Sites - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\{121761af-0fa5-4896-a2a8-cfdbac4e4982} [2014-10-24]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-10-09]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
 
Chrome:  
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Just Pin It) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe [2014-10-10]
CHR Extension: (Dictionary Bubble Instant Dictionary) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfembjnmeainjncdflaoclcjadfhpoim [2014-10-21]
CHR Extension: (My Exact Time) - C:\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpkbdnmkoemdpgjepafpcgidkikhmpm [2014-10-30]
CHR StartMenuInternet: Google Chrome - C:\Users\Elisabeth\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsusService; C:\windows\SysWOW64\AsusService.exe [224680 2010-12-07] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [156976 2007-09-28] (Seagate Technology LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2011-12-23] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-15] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-15] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiDriver; C:\Windows\System32\DRIVERS\AiDriver.sys [17152 2012-05-07] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-06-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-03] (Symantec Corporation)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [229376 2012-02-03] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 nokia_cs1x_cdc_acm; C:\Windows\System32\DRIVERS\nokia_cs1x_cdc_acm.sys [98304 2010-04-22] (Nokia)
S3 nokia_cs1x_cdc_ecm; C:\Windows\System32\DRIVERS\nokia_cs1x_cdc_ecm.sys [53760 2010-04-22] (Nokia)
S3 nokia_cs1x_cpo; C:\Windows\System32\DRIVERS\nokia_cs1x_cpo.sys [13824 2010-04-22] (Nokia)
R3 nokia_cs1x_dc_enum; C:\Windows\System32\DRIVERS\nokia_cs1x_dc_enum.sys [97280 2010-04-22] (Nokia)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 22:11 - 2014-12-03 00:22 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 22:10 - 2014-12-02 22:10 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-02 22:10 - 2014-12-02 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-02 22:10 - 2014-12-02 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-02 22:10 - 2014-12-02 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-02 22:10 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-02 22:10 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-02 22:10 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-02 22:09 - 2014-12-02 16:50 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Elisabeth\Desktop\mbam-setup-2.0.3.1025.exe
2014-12-02 22:08 - 2014-12-02 22:08 - 00005675 _____ () C:\Users\Elisabeth\Desktop\JRT.txt
2014-12-02 21:59 - 2014-12-02 21:59 - 00000000 ____D () C:\windows\ERUNT
2014-12-02 21:56 - 2014-12-02 16:44 - 01707646 _____ (Thisisu) C:\Users\Elisabeth\Desktop\JRT.exe
2014-12-02 21:43 - 2014-12-02 21:51 - 00000000 ____D () C:\AdwCleaner
2014-12-02 21:43 - 2014-12-02 16:42 - 02154496 _____ () C:\Users\Elisabeth\Desktop\AdwCleaner.exe
2014-12-02 21:16 - 2014-12-02 21:16 - 00001160 _____ () C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-02 21:10 - 2014-12-02 21:10 - 00000000 ____D () C:\Program Files (x86)\ProShopper
2014-12-02 20:58 - 2014-12-02 20:58 - 00000000 ____D () C:\Program Files (x86)\leess2paeye
2014-12-02 20:53 - 2014-12-02 20:53 - 00000000 __SHD () C:\Users\Elisabeth\AppData\Local\EmieBrowserModeList
2014-12-02 20:23 - 2014-12-02 20:23 - 00001264 _____ () C:\Users\Elisabeth\Desktop\Revo Uninstaller.lnk
2014-12-02 20:23 - 2014-12-02 20:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-01 20:13 - 2014-12-01 20:16 - 00041380 _____ () C:\Users\Elisabeth\Desktop\Addition.txt
2014-12-01 20:08 - 2014-12-03 00:36 - 00020971 _____ () C:\Users\Elisabeth\Desktop\FRST.txt
2014-12-01 20:08 - 2014-12-03 00:35 - 00000000 ____D () C:\FRST
2014-12-01 20:07 - 2014-11-29 14:19 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Elisabeth\Desktop\tdsskiller.exe
2014-12-01 20:07 - 2014-11-26 15:32 - 02118144 _____ (Farbar) C:\Users\Elisabeth\Desktop\FRST64.exe
2014-11-26 23:10 - 2014-11-26 23:10 - 00007604 _____ () C:\Users\Elisabeth\AppData\Local\Resmon.ResmonCfg
2014-11-26 22:17 - 2014-11-26 15:29 - 05198336 _____ (AVAST Software) C:\Users\Elisabeth\Desktop\aswMBR.exe
2014-11-26 22:11 - 2014-11-26 22:11 - 00015667 _____ () C:\Users\Elisabeth\Desktop\hijackthis.log
2014-11-26 22:09 - 2014-11-26 15:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Elisabeth\Desktop\HiJackThis.exe
2014-11-23 14:02 - 2014-11-23 14:02 - 00007977 _____ () C:\Users\Valdemar\Desktop\opgave 5.xlsx
2014-11-22 08:53 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-22 08:53 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-22 08:53 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-22 08:53 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-20 12:00 - 2011-10-21 16:35 - 00000680 _____ () C:\Users\Valdemar\Desktop\Mixcraft 5.lnk
2014-11-15 17:18 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-15 17:18 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-15 17:18 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-15 17:18 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-15 17:17 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-15 17:17 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-15 17:17 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-15 17:17 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-15 17:17 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-15 17:17 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-15 17:17 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-15 17:17 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-15 17:17 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-15 17:16 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-15 17:16 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-15 17:16 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-15 17:16 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-15 17:16 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-15 17:16 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-15 17:16 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-15 17:16 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-15 17:16 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-15 17:16 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-15 17:16 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-15 17:16 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-15 17:16 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-15 17:16 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-15 17:16 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-15 17:16 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-15 17:16 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-15 17:16 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 17:16 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-15 17:16 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-15 17:16 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-15 17:16 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-15 17:16 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-15 17:16 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-15 17:16 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-15 17:16 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-15 17:15 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-15 17:15 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-15 17:15 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-15 17:15 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-15 17:15 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-15 17:15 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-15 17:15 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-15 17:15 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-15 17:15 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-15 17:15 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-15 17:15 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-15 17:15 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-15 17:15 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-15 17:15 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-15 17:15 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-15 17:15 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-15 17:15 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-15 17:15 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-15 17:15 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-15 17:15 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-15 17:15 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-15 17:15 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-15 17:15 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-15 17:15 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-15 17:15 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-15 17:15 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-15 17:15 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-15 17:15 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-15 17:15 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-15 17:15 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-15 17:14 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-15 17:14 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-15 17:14 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-15 17:14 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-15 17:14 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-15 17:14 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-15 17:13 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-15 17:13 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-15 17:13 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-15 17:13 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-15 17:13 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-15 17:12 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-15 17:12 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-15 17:11 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-15 17:11 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-15 17:09 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-15 17:09 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 00:31 - 2012-01-19 09:41 - 01701060 _____ () C:\windows\WindowsUpdate.log
2014-12-03 00:28 - 2009-07-14 05:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 00:28 - 2009-07-14 05:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 00:23 - 2012-01-22 12:49 - 00000000 ____D () C:\Users\Elisabeth\AppData\Roaming\Skype
2014-12-03 00:19 - 2012-01-22 08:13 - 00126118 _____ () C:\windows\PFRO.log
2014-12-03 00:19 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-03 00:19 - 2009-07-14 05:51 - 00145967 _____ () C:\windows\setupact.log
2014-12-03 00:18 - 2012-06-23 08:43 - 00000000 ____D () C:\windows\en
2014-12-03 00:15 - 2013-09-16 07:31 - 00000954 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA.job
2014-12-03 00:07 - 2012-01-23 17:16 - 00000958 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA.job
2014-12-02 20:08 - 2013-09-16 07:31 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core.job
2014-12-02 20:08 - 2012-01-23 17:16 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core.job
2014-11-26 22:12 - 2010-08-13 05:13 - 00635850 _____ () C:\windows\system32\perfh006.dat
2014-11-26 22:12 - 2010-08-13 05:13 - 00142908 _____ () C:\windows\system32\perfc006.dat
2014-11-26 22:12 - 2009-07-14 06:13 - 00006264 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-26 14:52 - 2013-10-07 06:14 - 00000000 ____D () C:\Users\Valdemar\AppData\Roaming\Spotify
2014-11-25 17:06 - 2013-10-07 06:16 - 00000000 ____D () C:\Users\Valdemar\AppData\Local\Spotify
2014-11-25 16:50 - 2014-08-21 19:21 - 00000000 ____D () C:\ProgramData\OnlineUpdate
2014-11-22 08:54 - 2013-09-15 18:33 - 00000000 ____D () C:\Users\Valdemar\AppData\Local\Microsoft Help
2014-11-21 19:03 - 2014-05-07 15:24 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-21 18:43 - 2012-01-22 09:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-21 18:28 - 2009-07-14 05:45 - 00449384 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-20 12:05 - 2013-09-15 14:53 - 00000000 ____D () C:\windows\system32\MRT
2014-11-20 12:05 - 2012-01-23 19:53 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Elisabeth\AppData\Local\Temp\08262B00.dll
C:\Users\Elisabeth\AppData\Local\Temp\0827DCB1.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C87DC03.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C88B50D.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C8F8506.dll
C:\Users\Elisabeth\AppData\Local\Temp\0FA8179E.dll
C:\Users\Elisabeth\AppData\Local\Temp\0FAB7DE7.dll
C:\Users\Elisabeth\AppData\Local\Temp\1313F3B7.dll
C:\Users\Elisabeth\AppData\Local\Temp\13174420.dll
C:\Users\Elisabeth\AppData\Local\Temp\13194905.dll
C:\Users\Elisabeth\AppData\Local\Temp\131EA72E.dll
C:\Users\Elisabeth\AppData\Local\Temp\189F81F0.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A6F102.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A7EC3A.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A8CEFC.dll
C:\Users\Elisabeth\AppData\Local\Temp\18B4C934.dll
C:\Users\Elisabeth\AppData\Local\Temp\1ACA8ACC.dll
C:\Users\Elisabeth\AppData\Local\Temp\1B1E1ADC.dll
C:\Users\Elisabeth\AppData\Local\Temp\1DD2D47D.dll
C:\Users\Elisabeth\AppData\Local\Temp\1DD41755.dll
C:\Users\Elisabeth\AppData\Local\Temp\2502F169.dll
C:\Users\Elisabeth\AppData\Local\Temp\25E25309.dll
C:\Users\Elisabeth\AppData\Local\Temp\266FA216.dll
C:\Users\Elisabeth\AppData\Local\Temp\28C2B0B2.dll
C:\Users\Elisabeth\AppData\Local\Temp\28C9043F.dll
C:\Users\Elisabeth\AppData\Local\Temp\28CA8E96.dll
C:\Users\Elisabeth\AppData\Local\Temp\28DD61A8.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8B8929.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8CF45A.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8DB5C7.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D97A068.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D9E6708.dll
C:\Users\Elisabeth\AppData\Local\Temp\2ED693D7.dll
C:\Users\Elisabeth\AppData\Local\Temp\2ED7E783.dll
C:\Users\Elisabeth\AppData\Local\Temp\313725B9.dll
C:\Users\Elisabeth\AppData\Local\Temp\3304E8F9.dll
C:\Users\Elisabeth\AppData\Local\Temp\33065BE9.dll
C:\Users\Elisabeth\AppData\Local\Temp\3306A192.dll
C:\Users\Elisabeth\AppData\Local\Temp\3308EBBE.dll
C:\Users\Elisabeth\AppData\Local\Temp\330A7937.dll
C:\Users\Elisabeth\AppData\Local\Temp\3316A806.dll
C:\Users\Elisabeth\AppData\Local\Temp\33186155.dll
C:\Users\Elisabeth\AppData\Local\Temp\3321B4A7.dll
C:\Users\Elisabeth\AppData\Local\Temp\3394286C.dll
C:\Users\Elisabeth\AppData\Local\Temp\3395F5EA.dll
C:\Users\Elisabeth\AppData\Local\Temp\33982639.dll
C:\Users\Elisabeth\AppData\Local\Temp\34E3098B.dll
C:\Users\Elisabeth\AppData\Local\Temp\3D71D5BB.dll
C:\Users\Elisabeth\AppData\Local\Temp\45536553.dll
C:\Users\Elisabeth\AppData\Local\Temp\45559048.dll
C:\Users\Elisabeth\AppData\Local\Temp\45577D6F.dll
C:\Users\Elisabeth\AppData\Local\Temp\455E8146.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D2E0AF.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D3E8DA.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D8301C.dll
C:\Users\Elisabeth\AppData\Local\Temp\692A03C3.dll
C:\Users\Elisabeth\AppData\Local\Temp\69AB00C8.dll
C:\Users\Elisabeth\AppData\Local\Temp\69AECE29.dll
C:\Users\Elisabeth\AppData\Local\Temp\6A7C1DF4.dll
C:\Users\Elisabeth\AppData\Local\Temp\717B172F.dll
C:\Users\Elisabeth\AppData\Local\Temp\7347BFD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\73837ACA.dll
C:\Users\Elisabeth\AppData\Local\Temp\753BD18A.dll
C:\Users\Elisabeth\AppData\Local\Temp\753E2994.dll
C:\Users\Elisabeth\AppData\Local\Temp\756665F6.dll
C:\Users\Elisabeth\AppData\Local\Temp\7567ABD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\77D392B8.dll
C:\Users\Elisabeth\AppData\Local\Temp\77DF78F5.dll
C:\Users\Elisabeth\AppData\Local\Temp\77E03432.dll
C:\Users\Elisabeth\AppData\Local\Temp\78B538F7.dll
C:\Users\Elisabeth\AppData\Local\Temp\847925A2.dll
C:\Users\Elisabeth\AppData\Local\Temp\847B9AB6.dll
C:\Users\Elisabeth\AppData\Local\Temp\847D1A21.dll
C:\Users\Elisabeth\AppData\Local\Temp\848255E6.dll
C:\Users\Elisabeth\AppData\Local\Temp\89541DA0.dll
C:\Users\Elisabeth\AppData\Local\Temp\89590875.dll
C:\Users\Elisabeth\AppData\Local\Temp\895CF41A.dll
C:\Users\Elisabeth\AppData\Local\Temp\895FF552.dll
C:\Users\Elisabeth\AppData\Local\Temp\896AA2C4.dll
C:\Users\Elisabeth\AppData\Local\Temp\896B5D79.dll
C:\Users\Elisabeth\AppData\Local\Temp\896ED55E.dll
C:\Users\Elisabeth\AppData\Local\Temp\8BA45656.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F281819.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F2914CA.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F2A6E50.dll
C:\Users\Elisabeth\AppData\Local\Temp\903C04C1.dll
C:\Users\Elisabeth\AppData\Local\Temp\90417395.dll
C:\Users\Elisabeth\AppData\Local\Temp\904389B4.dll
C:\Users\Elisabeth\AppData\Local\Temp\90490DF9.dll
C:\Users\Elisabeth\AppData\Local\Temp\906E7671.dll
C:\Users\Elisabeth\AppData\Local\Temp\90B91D7D.dll
C:\Users\Elisabeth\AppData\Local\Temp\92D8BD96.dll
C:\Users\Elisabeth\AppData\Local\Temp\92DBFFBB.dll
C:\Users\Elisabeth\AppData\Local\Temp\92E658BF.dll
C:\Users\Elisabeth\AppData\Local\Temp\92E93FD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\997C0D2C.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B68B4BA.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B6B13AF.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B6CDAE5.dll
C:\Users\Elisabeth\AppData\Local\Temp\9EFC3C87.dll
C:\Users\Elisabeth\AppData\Local\Temp\A551D832.dll
C:\Users\Elisabeth\AppData\Local\Temp\A9AB66C5.dll
C:\Users\Elisabeth\AppData\Local\Temp\acufutls.dll
C:\Users\Elisabeth\AppData\Local\Temp\AEC5A5FE.dll
C:\Users\Elisabeth\AppData\Local\Temp\APNSetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\AskSLib.dll
C:\Users\Elisabeth\AppData\Local\Temp\B16402AB.dll
C:\Users\Elisabeth\AppData\Local\Temp\B1688715.dll
C:\Users\Elisabeth\AppData\Local\Temp\B61ED455.dll
C:\Users\Elisabeth\AppData\Local\Temp\B61FEBC7.dll
C:\Users\Elisabeth\AppData\Local\Temp\B622DD43.dll
C:\Users\Elisabeth\AppData\Local\Temp\B63F5897.dll
C:\Users\Elisabeth\AppData\Local\Temp\B6418605.dll
C:\Users\Elisabeth\AppData\Local\Temp\B687F76C.dll
C:\Users\Elisabeth\AppData\Local\Temp\B68962EE.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA368BF2.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA3986B4.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA3BE705.dll
C:\Users\Elisabeth\AppData\Local\Temp\BullGuard Internet Security Setup.exe
C:\Users\Elisabeth\AppData\Local\Temp\C30F542C.dll
C:\Users\Elisabeth\AppData\Local\Temp\C7DAECF5.dll
C:\Users\Elisabeth\AppData\Local\Temp\CD3561FA.dll
C:\Users\Elisabeth\AppData\Local\Temp\CF72D401.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEAACD0.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEB9881.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEDED44.dll
C:\Users\Elisabeth\AppData\Local\Temp\D3FF30FC.dll
C:\Users\Elisabeth\AppData\Local\Temp\D56C7138.dll
C:\Users\Elisabeth\AppData\Local\Temp\down.2340.setupytb.exe
C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Elisabeth\AppData\Local\Temp\E398114C.dll
C:\Users\Elisabeth\AppData\Local\Temp\eauninstall.exe
C:\Users\Elisabeth\AppData\Local\Temp\F2A4CBED.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2A84183.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2AB49A8.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2CC24D7.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2CCF170.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2D11615.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9B3F91.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9D3707.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9DD4B0.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9E5940.dll
C:\Users\Elisabeth\AppData\Local\Temp\FF967752.dll
C:\Users\Elisabeth\AppData\Local\Temp\GUR20E8.exe
C:\Users\Elisabeth\AppData\Local\Temp\hlar-uab.dll
C:\Users\Elisabeth\AppData\Local\Temp\jeDC4.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.dll
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.exe
C:\Users\Elisabeth\AppData\Local\Temp\mixcraft6-b216-setup.exe
C:\Users\Elisabeth\AppData\Local\Temp\oct1BA3.tmp.exe
C:\Users\Elisabeth\AppData\Local\Temp\octB50A.tmp.exe
C:\Users\Elisabeth\AppData\Local\Temp\optprosetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\patch-series-216-217.exe
C:\Users\Elisabeth\AppData\Local\Temp\PokkiInstaller.exe
C:\Users\Elisabeth\AppData\Local\Temp\Quarantine.exe
C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Elisabeth\AppData\Local\Temp\SimBundD.exe
C:\Users\Elisabeth\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Elisabeth\AppData\Local\Temp\sqlite3.dll
C:\Users\Elisabeth\AppData\Local\Temp\Tsu9BF0D1D9.dll
C:\Users\Elisabeth\AppData\Local\Temp\tzholwz1.dll
C:\Users\Elisabeth\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Elisabeth\AppData\Local\Temp\ZoolaGames.exe
C:\Users\Valdemar\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Valdemar\AppData\Local\Temp\killtask.exe
C:\Users\Valdemar\AppData\Local\Temp\l0cvzduv.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-28 16:55
 
==================== End Of Log ============================

 

 

Addition.txt:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014
Ran by Elisabeth at 2014-12-03 00:37:20
Running from C:\Users\Elisabeth\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Acoustica Effects Pack (HKLM-x32\...\Acoustica Effects Pack) (Version: 1.0 - Acoustica, Inc)
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: Build b217 - Acoustica)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.6.3.0 - Asmedia Technology)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScreensaver (HKLM-x32\...\{99E77016-BCF2-48C8-9119-43ECF5815F65}) (Version: 1.05 - AsusTek Computer Inc.)
ASUSUpdate for Eee PC (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{CFC92B54-04CB-55F7-A230-D5563A3A439F}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Broadcom Wireless Network Adapter (HKLM-x32\...\{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}) (Version: 1.00.0000 - AzureWave)
CapsHook (HKLM-x32\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
ccc-core-static (x32 Version: 2010.1110.1539.28046 - ATI) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
E-Cam (HKLM-x32\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.2.9 - AzureWave)
Eee Docking 3.8.2 (HKLM\...\Eee Docking_is1) (Version: 3.8.2 - ASUSTek Computer Inc.)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
FontResizer (HKLM-x32\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (x32 Version: 1.01.0011 - ASUSTek) Hidden
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.34.0 - International GeoGebra Institute)
Google Chrome (HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
Hotkey Service (HKLM-x32\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.37 - AsusTek Computer Inc.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LiveUpdate (HKLM-x32\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.25 - AsusTek Computer Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Maxtor Manager (HKLM-x32\...\InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: 4.01.0227 - Seagate Technology)
Maxtor Manager (x32 Version: 4.01.0227 - Seagate Technology) Hidden
Microsoft .NET Framework 4.5.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.007.09.02.26 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 30.0 (x86 da) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 da)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nokia Internet Modem (HKLM-x32\...\{A35EF357-F7DF-4B8A-B4D6-9F9C91AA8D83}) (Version: 1.2.277.3 - SmartCom)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Opdatering til Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0406-0000-0000000FF1CE}_ENTERPRISE_{7304A9DD-2F95-4147-8CD4-E135168C61E6}) (Version:  - Microsoft)
Opdatering til Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0406-0000-0000000FF1CE}_ENTERPRISE_{0C315122-B0FA-428D-A3BB-6F6510F866FF}) (Version:  - Microsoft)
Opdatering til Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0406-0000-0000000FF1CE}_ENTERPRISE_{EA60117C-C535-4A3F-AED1-C888F5114210}) (Version:  - Microsoft)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6293 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM-x32\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.18 - AsusTek Computer)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Trend Micro Titanium (x32 Version: 1.0 - Trend Micro Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USBCharge+ (HKLM-x32\...\{8165EFD2-0EB8-4C4F-A0E4-0E641B117ED2}) (Version: 1.0.0.23 - AsusTek Computer)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
WordMat v. 1.07 (HKLM-x32\...\{301A8257-D5EF-48B4-AAC2-E86700DDA6FE}_is1) (Version:  - Eduap)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
23-11-2014 18:01:06 Windows Sikkerhedskopiering
26-11-2014 21:18:36 Windows Update
01-12-2014 19:07:23 Windows Sikkerhedskopiering
02-12-2014 19:25:53 Revo Uninstaller's restore point - BlockAndSurf
02-12-2014 19:29:57 Revo Uninstaller's restore point - ConvertAd
02-12-2014 19:32:53 Revo Uninstaller's restore point - DealsFactor
02-12-2014 19:36:10 Revo Uninstaller's restore point - DefaultTab
02-12-2014 19:41:50 Revo Uninstaller's restore point - EZDownloader
02-12-2014 19:43:43 Revo Uninstaller's restore point - GoSave
02-12-2014 19:51:25 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.9 by SweetPacks
02-12-2014 19:52:34 Removed Internet Explorer Toolbar 4.9 by SweetPacks
02-12-2014 19:57:59 Revo Uninstaller's restore point - leess2paeye
02-12-2014 20:01:21 Revo Uninstaller's restore point - LPT System Updater Service
02-12-2014 20:06:12 Revo Uninstaller's restore point - Performance Optimizer
02-12-2014 20:07:22 Revo Uninstaller's restore point - Pokki
02-12-2014 20:10:06 Revo Uninstaller's restore point - ProShopper
02-12-2014 20:14:19 Revo Uninstaller's restore point - Remote Desktop Access (VuuPC)
02-12-2014 20:15:42 Revo Uninstaller's restore point - SafeFinder Smartbar
02-12-2014 20:18:14 Revo Uninstaller's restore point - Savings Sidekick
02-12-2014 20:19:53 Revo Uninstaller's restore point - Search App by Ask
02-12-2014 20:21:08 Revo Uninstaller's restore point - Search Protect
02-12-2014 20:22:35 Revo Uninstaller's restore point - Shopping App by Ask
02-12-2014 20:23:49 Revo Uninstaller's restore point - SweetPacks Updater Service
02-12-2014 20:25:08 Revo Uninstaller's restore point - topdEal
02-12-2014 20:27:02 Revo Uninstaller's restore point - TuneUp Utilities 2014
02-12-2014 20:27:39 Fjernede TuneUp Utilities 2014
02-12-2014 20:28:49 Fjernede TuneUp Utilities 2014 (en-GB)
02-12-2014 20:31:21 Revo Uninstaller's restore point - Unitech LLC toolbar   
02-12-2014 20:34:41 Revo Uninstaller's restore point - VideoPerformer
02-12-2014 20:36:02 Revo Uninstaller's restore point - Bing Bar
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1646D2CD-408E-48BD-9310-1271BEE8250D} - System32\Tasks\Norton Security Scan for Elisabeth => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {17142E0A-13D4-4E81-99DF-D52A60367319} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {4A10B15F-9C54-4CED-9CD0-E28D2CACDB1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A48D2692-923F-4903-9C6D-CD8A322C9FBD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D33085CA-FA00-4444-8A38-3F571D800F3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000Core.job => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1000UA.job => C:\Users\Elisabeth\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001Core.job => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664937432-39338335-2934514172-1001UA.job => C:\Users\Valdemar\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for Elisabeth.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-22 10:27 - 2009-11-05 08:40 - 00085504 _____ () C:\windows\System32\cpwmon64.dll
2011-02-28 16:59 - 2010-12-07 18:19 - 00224680 _____ () C:\windows\SysWOW64\AsusService.exe
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2012-01-22 10:25 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-16 13:38 - 2011-12-23 11:03 - 00655712 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2010-05-21 14:38 - 2010-05-21 14:38 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00138368 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
2010-11-11 00:38 - 2010-11-11 00:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-27 00:51 - 2010-08-27 00:51 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-16 13:38 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-09-16 13:38 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-09-16 13:38 - 2010-05-14 10:57 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-09-16 13:38 - 2010-02-10 15:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-09-16 13:38 - 2011-12-23 08:52 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-09-16 13:38 - 2010-02-10 15:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2010-11-22 20:12 - 2010-11-22 20:12 - 00181664 _____ () C:\Program Files (x86)\Asus\LiveUpdate\Parser.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00059312 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\DriveDetector.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00508848 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Toolkit.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00147888 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\pcre3.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00775600 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\UIToolkit.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00090544 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ComCore.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00049584 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Preferences.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00247216 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\DB.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00125872 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Discovery.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00311728 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\Device.dll
2011-06-17 11:22 - 2011-06-17 11:22 - 00028160 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryGeneric.plugin
2011-06-17 11:22 - 2011-06-17 11:22 - 00017408 _____ () C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryNdis.plugin
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3664937432-39338335-2934514172-500 - Administrator - Disabled)
Elisabeth (S-1-5-21-3664937432-39338335-2934514172-1000 - Administrator - Enabled) => C:\Users\Elisabeth
Gæst (S-1-5-21-3664937432-39338335-2934514172-501 - Limited - Disabled)
Valdemar (S-1-5-21-3664937432-39338335-2934514172-1001 - Limited - Enabled) => C:\Users\Valdemar
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (12/03/2014 00:31:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
 
    Ny signaturversion:  
 
    Tidligere signaturversion: 113.28.0.0
 
    Opdateringskilde: %NT AUTHORITY51
 
    Opdateringsstadie: 4.6.0305.00
 
    Kildesti: 4.6.0305.01
 
    Signaturtype: %NT AUTHORITY602
 
    Opdateringstype: %NT AUTHORITY604
 
    Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
 
    Nuværende programversion: %NT AUTHORITY605
 
    Tidligere programversion: %NT AUTHORITY606
 
    Fejlkode: %NT AUTHORITY607
 
    Fejlbeskrivelse: %NT AUTHORITY608
 
Error: (12/03/2014 00:31:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
 
    Ny signaturversion:  
 
    Tidligere signaturversion: 1.189.768.0
 
    Opdateringskilde: %NT AUTHORITY51
 
    Opdateringsstadie: 4.6.0305.00
 
    Kildesti: 4.6.0305.01
 
    Signaturtype: %NT AUTHORITY602
 
    Opdateringstype: %NT AUTHORITY604
 
    Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
 
    Nuværende programversion: %NT AUTHORITY605
 
    Tidligere programversion: %NT AUTHORITY606
 
    Fejlkode: %NT AUTHORITY607
 
    Fejlbeskrivelse: %NT AUTHORITY608
 
Error: (12/03/2014 00:31:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
 
    Ny signaturversion:  
 
    Tidligere signaturversion: 1.189.768.0
 
    Opdateringskilde: %NT AUTHORITY51
 
    Opdateringsstadie: 4.6.0305.00
 
    Kildesti: 4.6.0305.01
 
    Signaturtype: %NT AUTHORITY602
 
    Opdateringstype: %NT AUTHORITY604
 
    Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
 
    Nuværende programversion: %NT AUTHORITY605
 
    Tidligere programversion: %NT AUTHORITY606
 
    Fejlkode: %NT AUTHORITY607
 
    Fejlbeskrivelse: %NT AUTHORITY608
 
Error: (12/03/2014 00:31:09 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
 
    Ny signaturversion:  
 
    Tidligere signaturversion: 1.189.768.0
 
    Opdateringskilde: %NT AUTHORITY59
 
    Opdateringsstadie: 4.6.0305.00
 
    Kildesti: 4.6.0305.01
 
    Signaturtype: %NT AUTHORITY602
 
    Opdateringstype: %NT AUTHORITY604
 
    Bruger: NT AUTHORITY\SYSTEM
 
    Nuværende programversion: %NT AUTHORITY605
 
    Tidligere programversion: %NT AUTHORITY606
 
    Fejlkode: %NT AUTHORITY607
 
    Fejlbeskrivelse: %NT AUTHORITY608
 
Error: (12/03/2014 00:20:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses:  
cdrom
 
Error: (12/03/2014 00:20:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Mobile Partner. OUC kunne ikke starte pga. følgende fejl:  
%%1053
 
Error: (12/03/2014 00:20:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Der opstod timeout (30000 millisekunder), mens systemet ventede på, at der blev oprettet forbindelse til tjenesten Mobile Partner. OUC.
 
Error: (12/02/2014 11:43:51 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
 
    Ny signaturversion:  
 
    Tidligere signaturversion: 113.28.0.0
 
    Opdateringskilde: %NT AUTHORITY51
 
    Opdateringsstadie: 4.6.0305.00
 
    Kildesti: 4.6.0305.01
 
    Signaturtype: %NT AUTHORITY602
 
    Opdateringstype: %NT AUTHORITY604
 
    Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
 
    Nuværende programversion: %NT AUTHORITY605
 
    Tidligere programversion: %NT AUTHORITY606
 
    Fejlkode: %NT AUTHORITY607
 
    Fejlbeskrivelse: %NT AUTHORITY608
 
Error: (12/02/2014 11:43:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
 
    Ny signaturversion:  
 
    Tidligere signaturversion: 1.189.768.0
 
    Opdateringskilde: %NT AUTHORITY51
 
    Opdateringsstadie: 4.6.0305.00
 
    Kildesti: 4.6.0305.01
 
    Signaturtype: %NT AUTHORITY602
 
    Opdateringstype: %NT AUTHORITY604
 
    Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
 
    Nuværende programversion: %NT AUTHORITY605
 
    Tidligere programversion: %NT AUTHORITY606
 
    Fejlkode: %NT AUTHORITY607
 
    Fejlbeskrivelse: %NT AUTHORITY608
 
Error: (12/02/2014 11:43:50 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 har registreret en fejl under forsøget på at opdatere signaturer.
 
    Ny signaturversion:  
 
    Tidligere signaturversion: 1.189.768.0
 
    Opdateringskilde: %NT AUTHORITY51
 
    Opdateringsstadie: 4.6.0305.00
 
    Kildesti: 4.6.0305.01
 
    Signaturtype: %NT AUTHORITY602
 
    Opdateringstype: %NT AUTHORITY604
 
    Bruger: NT AUTHORITY\NETVÆRKSTJENESTE
 
    Nuværende programversion: %NT AUTHORITY605
 
    Tidligere programversion: %NT AUTHORITY606
 
    Fejlkode: %NT AUTHORITY607
 
    Fejlbeskrivelse: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (09/20/2012 08:26:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-15 16:33:23.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-15 16:33:21.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-06 14:20:48.061
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-06 14:20:45.899
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-27 06:50:35.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-27 06:50:33.183
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-21 16:56:21.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-21 16:56:19.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-14 20:48:35.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-14 20:48:34.069
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Asus\LiveUpdate\DETECTSYS.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info ===========================  
 
Processor: AMD E-350 Processor
Percentage of memory in use: 36%
Total physical RAM: 3692.39 MB
Available physical RAM: 2354.72 MB
Total Pagefile: 7382.96 MB
Available Pagefile: 5599.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100 GB) (Free:46.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:42.5 GB) NTFS
Drive f: () (Removable) (Total:0.96 GB) (Free:0 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B507A563)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
 
========================================================
Disk: 1 (Size: 982 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
==================== End Of Log ============================

 



#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 03 December 2014 - 07:25 AM

Hi Kim,
 

My only comment is that I could not find MyPC Backup in Revo's list of programmes

Don't worry, the programme is gone. 
 

what a nice tool by the way! :-)

Indeed. :)
 
-------------
 
Please refer to the following Trend Micro article. Click Having problems removing Trend Micro?, and follow the instructions for Step 1.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {13452e23-6e74-11e1-8843-f46d04bd7f4c} - E:\application\Nokia_Internet_Modem.exe
    HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {22df2162-20e9-11e3-ba20-f46d04bd7f4c} - E:\AutoRun.exe
    HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {2f3cc459-1ecc-11e3-b885-f46d04bd7f4c} - E:\AutoRun.exe
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-3664937432-39338335-2934514172-1001\User: Group Policy restriction detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =  
    2014-12-02 21:10 - 2014-12-02 21:10 - 00000000 ____D () C:\Program Files (x86)\ProShopper
    2014-12-02 20:58 - 2014-12-02 20:58 - 00000000 ____D () C:\Program Files (x86)\leess2paeye
    2014-12-02 20:53 - 2014-12-02 20:53 - 00000000 __SHD () C:\Users\Elisabeth\AppData\Local\EmieBrowserModeList
    C:\Users\Elisabeth\AppData\Local\Temp\08262B00.dll
    C:\Users\Elisabeth\AppData\Local\Temp\0827DCB1.dll
    C:\Users\Elisabeth\AppData\Local\Temp\0C87DC03.dll
    C:\Users\Elisabeth\AppData\Local\Temp\0C88B50D.dll
    C:\Users\Elisabeth\AppData\Local\Temp\0C8F8506.dll
    C:\Users\Elisabeth\AppData\Local\Temp\0FA8179E.dll
    C:\Users\Elisabeth\AppData\Local\Temp\0FAB7DE7.dll
    C:\Users\Elisabeth\AppData\Local\Temp\1313F3B7.dll
    C:\Users\Elisabeth\AppData\Local\Temp\13174420.dll
    C:\Users\Elisabeth\AppData\Local\Temp\13194905.dll
    C:\Users\Elisabeth\AppData\Local\Temp\131EA72E.dll
    C:\Users\Elisabeth\AppData\Local\Temp\189F81F0.dll
    C:\Users\Elisabeth\AppData\Local\Temp\18A6F102.dll
    C:\Users\Elisabeth\AppData\Local\Temp\18A7EC3A.dll
    C:\Users\Elisabeth\AppData\Local\Temp\18A8CEFC.dll
    C:\Users\Elisabeth\AppData\Local\Temp\18B4C934.dll
    C:\Users\Elisabeth\AppData\Local\Temp\1ACA8ACC.dll
    C:\Users\Elisabeth\AppData\Local\Temp\1B1E1ADC.dll
    C:\Users\Elisabeth\AppData\Local\Temp\1DD2D47D.dll
    C:\Users\Elisabeth\AppData\Local\Temp\1DD41755.dll
    C:\Users\Elisabeth\AppData\Local\Temp\2502F169.dll
    C:\Users\Elisabeth\AppData\Local\Temp\25E25309.dll
    C:\Users\Elisabeth\AppData\Local\Temp\266FA216.dll
    C:\Users\Elisabeth\AppData\Local\Temp\28C2B0B2.dll
    C:\Users\Elisabeth\AppData\Local\Temp\28C9043F.dll
    C:\Users\Elisabeth\AppData\Local\Temp\28CA8E96.dll
    C:\Users\Elisabeth\AppData\Local\Temp\28DD61A8.dll
    C:\Users\Elisabeth\AppData\Local\Temp\2D8B8929.dll
    C:\Users\Elisabeth\AppData\Local\Temp\2D8CF45A.dll
    C:\Users\Elisabeth\AppData\Local\Temp\2D8DB5C7.dll
    C:\Users\Elisabeth\AppData\Local\Temp\2D97A068.dll
    C:\Users\Elisabeth\AppData\Local\Temp\2D9E6708.dll
    C:\Users\Elisabeth\AppData\Local\Temp\2ED693D7.dll
    C:\Users\Elisabeth\AppData\Local\Temp\2ED7E783.dll
    C:\Users\Elisabeth\AppData\Local\Temp\313725B9.dll
    C:\Users\Elisabeth\AppData\Local\Temp\3304E8F9.dll
    C:\Users\Elisabeth\AppData\Local\Temp\33065BE9.dll
    C:\Users\Elisabeth\AppData\Local\Temp\3306A192.dll
    C:\Users\Elisabeth\AppData\Local\Temp\3308EBBE.dll
    C:\Users\Elisabeth\AppData\Local\Temp\330A7937.dll
    C:\Users\Elisabeth\AppData\Local\Temp\3316A806.dll
    C:\Users\Elisabeth\AppData\Local\Temp\33186155.dll
    C:\Users\Elisabeth\AppData\Local\Temp\3321B4A7.dll
    C:\Users\Elisabeth\AppData\Local\Temp\3394286C.dll
    C:\Users\Elisabeth\AppData\Local\Temp\3395F5EA.dll
    C:\Users\Elisabeth\AppData\Local\Temp\33982639.dll
    C:\Users\Elisabeth\AppData\Local\Temp\34E3098B.dll
    C:\Users\Elisabeth\AppData\Local\Temp\3D71D5BB.dll
    C:\Users\Elisabeth\AppData\Local\Temp\45536553.dll
    C:\Users\Elisabeth\AppData\Local\Temp\45559048.dll
    C:\Users\Elisabeth\AppData\Local\Temp\45577D6F.dll
    C:\Users\Elisabeth\AppData\Local\Temp\455E8146.dll
    C:\Users\Elisabeth\AppData\Local\Temp\47D2E0AF.dll
    C:\Users\Elisabeth\AppData\Local\Temp\47D3E8DA.dll
    C:\Users\Elisabeth\AppData\Local\Temp\47D8301C.dll
    C:\Users\Elisabeth\AppData\Local\Temp\692A03C3.dll
    C:\Users\Elisabeth\AppData\Local\Temp\69AB00C8.dll
    C:\Users\Elisabeth\AppData\Local\Temp\69AECE29.dll
    C:\Users\Elisabeth\AppData\Local\Temp\6A7C1DF4.dll
    C:\Users\Elisabeth\AppData\Local\Temp\717B172F.dll
    C:\Users\Elisabeth\AppData\Local\Temp\7347BFD4.dll
    C:\Users\Elisabeth\AppData\Local\Temp\73837ACA.dll
    C:\Users\Elisabeth\AppData\Local\Temp\753BD18A.dll
    C:\Users\Elisabeth\AppData\Local\Temp\753E2994.dll
    C:\Users\Elisabeth\AppData\Local\Temp\756665F6.dll
    C:\Users\Elisabeth\AppData\Local\Temp\7567ABD4.dll
    C:\Users\Elisabeth\AppData\Local\Temp\77D392B8.dll
    C:\Users\Elisabeth\AppData\Local\Temp\77DF78F5.dll
    C:\Users\Elisabeth\AppData\Local\Temp\77E03432.dll
    C:\Users\Elisabeth\AppData\Local\Temp\78B538F7.dll
    C:\Users\Elisabeth\AppData\Local\Temp\847925A2.dll
    C:\Users\Elisabeth\AppData\Local\Temp\847B9AB6.dll
    C:\Users\Elisabeth\AppData\Local\Temp\847D1A21.dll
    C:\Users\Elisabeth\AppData\Local\Temp\848255E6.dll
    C:\Users\Elisabeth\AppData\Local\Temp\89541DA0.dll
    C:\Users\Elisabeth\AppData\Local\Temp\89590875.dll
    C:\Users\Elisabeth\AppData\Local\Temp\895CF41A.dll
    C:\Users\Elisabeth\AppData\Local\Temp\895FF552.dll
    C:\Users\Elisabeth\AppData\Local\Temp\896AA2C4.dll
    C:\Users\Elisabeth\AppData\Local\Temp\896B5D79.dll
    C:\Users\Elisabeth\AppData\Local\Temp\896ED55E.dll
    C:\Users\Elisabeth\AppData\Local\Temp\8BA45656.dll
    C:\Users\Elisabeth\AppData\Local\Temp\8F281819.dll
    C:\Users\Elisabeth\AppData\Local\Temp\8F2914CA.dll
    C:\Users\Elisabeth\AppData\Local\Temp\8F2A6E50.dll
    C:\Users\Elisabeth\AppData\Local\Temp\903C04C1.dll
    C:\Users\Elisabeth\AppData\Local\Temp\90417395.dll
    C:\Users\Elisabeth\AppData\Local\Temp\904389B4.dll
    C:\Users\Elisabeth\AppData\Local\Temp\90490DF9.dll
    C:\Users\Elisabeth\AppData\Local\Temp\906E7671.dll
    C:\Users\Elisabeth\AppData\Local\Temp\90B91D7D.dll
    C:\Users\Elisabeth\AppData\Local\Temp\92D8BD96.dll
    C:\Users\Elisabeth\AppData\Local\Temp\92DBFFBB.dll
    C:\Users\Elisabeth\AppData\Local\Temp\92E658BF.dll
    C:\Users\Elisabeth\AppData\Local\Temp\92E93FD4.dll
    C:\Users\Elisabeth\AppData\Local\Temp\997C0D2C.dll
    C:\Users\Elisabeth\AppData\Local\Temp\9B68B4BA.dll
    C:\Users\Elisabeth\AppData\Local\Temp\9B6B13AF.dll
    C:\Users\Elisabeth\AppData\Local\Temp\9B6CDAE5.dll
    C:\Users\Elisabeth\AppData\Local\Temp\9EFC3C87.dll
    C:\Users\Elisabeth\AppData\Local\Temp\A551D832.dll
    C:\Users\Elisabeth\AppData\Local\Temp\A9AB66C5.dll
    C:\Users\Elisabeth\AppData\Local\Temp\acufutls.dll
    C:\Users\Elisabeth\AppData\Local\Temp\AEC5A5FE.dll
    C:\Users\Elisabeth\AppData\Local\Temp\APNSetup.exe
    C:\Users\Elisabeth\AppData\Local\Temp\AskSLib.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B16402AB.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B1688715.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B61ED455.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B61FEBC7.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B622DD43.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B63F5897.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B6418605.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B687F76C.dll
    C:\Users\Elisabeth\AppData\Local\Temp\B68962EE.dll
    C:\Users\Elisabeth\AppData\Local\Temp\BA368BF2.dll
    C:\Users\Elisabeth\AppData\Local\Temp\BA3986B4.dll
    C:\Users\Elisabeth\AppData\Local\Temp\BA3BE705.dll
    C:\Users\Elisabeth\AppData\Local\Temp\BullGuard Internet Security Setup.exe
    C:\Users\Elisabeth\AppData\Local\Temp\C30F542C.dll
    C:\Users\Elisabeth\AppData\Local\Temp\C7DAECF5.dll
    C:\Users\Elisabeth\AppData\Local\Temp\CD3561FA.dll
    C:\Users\Elisabeth\AppData\Local\Temp\CF72D401.dll
    C:\Users\Elisabeth\AppData\Local\Temp\CFEAACD0.dll
    C:\Users\Elisabeth\AppData\Local\Temp\CFEB9881.dll
    C:\Users\Elisabeth\AppData\Local\Temp\CFEDED44.dll
    C:\Users\Elisabeth\AppData\Local\Temp\D3FF30FC.dll
    C:\Users\Elisabeth\AppData\Local\Temp\D56C7138.dll
    C:\Users\Elisabeth\AppData\Local\Temp\down.2340.setupytb.exe
    C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\Elisabeth\AppData\Local\Temp\E398114C.dll
    C:\Users\Elisabeth\AppData\Local\Temp\eauninstall.exe
    C:\Users\Elisabeth\AppData\Local\Temp\F2A4CBED.dll
    C:\Users\Elisabeth\AppData\Local\Temp\F2A84183.dll
    C:\Users\Elisabeth\AppData\Local\Temp\F2AB49A8.dll
    C:\Users\Elisabeth\AppData\Local\Temp\F2CC24D7.dll
    C:\Users\Elisabeth\AppData\Local\Temp\F2CCF170.dll
    C:\Users\Elisabeth\AppData\Local\Temp\F2D11615.dll
    C:\Users\Elisabeth\AppData\Local\Temp\FA9B3F91.dll
    C:\Users\Elisabeth\AppData\Local\Temp\FA9D3707.dll
    C:\Users\Elisabeth\AppData\Local\Temp\FA9DD4B0.dll
    C:\Users\Elisabeth\AppData\Local\Temp\FA9E5940.dll
    C:\Users\Elisabeth\AppData\Local\Temp\FF967752.dll
    C:\Users\Elisabeth\AppData\Local\Temp\GUR20E8.exe
    C:\Users\Elisabeth\AppData\Local\Temp\hlar-uab.dll
    C:\Users\Elisabeth\AppData\Local\Temp\jeDC4.exe
    C:\Users\Elisabeth\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
    C:\Users\Elisabeth\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Users\Elisabeth\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
    C:\Users\Elisabeth\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Elisabeth\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
    C:\Users\Elisabeth\AppData\Local\Temp\juWA5.dll
    C:\Users\Elisabeth\AppData\Local\Temp\juWA5.exe
    C:\Users\Elisabeth\AppData\Local\Temp\mixcraft6-b216-setup.exe
    C:\Users\Elisabeth\AppData\Local\Temp\oct1BA3.tmp.exe
    C:\Users\Elisabeth\AppData\Local\Temp\octB50A.tmp.exe
    C:\Users\Elisabeth\AppData\Local\Temp\optprosetup.exe
    C:\Users\Elisabeth\AppData\Local\Temp\patch-series-216-217.exe
    C:\Users\Elisabeth\AppData\Local\Temp\PokkiInstaller.exe
    C:\Users\Elisabeth\AppData\Local\Temp\Quarantine.exe
    C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\Elisabeth\AppData\Local\Temp\SimBundD.exe
    C:\Users\Elisabeth\AppData\Local\Temp\SpotifyUninstall.exe
    C:\Users\Elisabeth\AppData\Local\Temp\sqlite3.dll
    C:\Users\Elisabeth\AppData\Local\Temp\Tsu9BF0D1D9.dll
    C:\Users\Elisabeth\AppData\Local\Temp\tzholwz1.dll
    C:\Users\Elisabeth\AppData\Local\Temp\vcredist_x86.exe
    C:\Users\Elisabeth\AppData\Local\Temp\ZoolaGames.exe
    C:\Users\Valdemar\AppData\Local\Temp\fp_pl_pfs_installer.exe
    C:\Users\Valdemar\AppData\Local\Temp\killtask.exe
    C:\Users\Valdemar\AppData\Local\Temp\l0cvzduv.dll
    CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
EtQetiM.png Uninstall/Reinstall Chrome

  • Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Google Chrome
  • Follow the prompts.
  • Reboot if necessary.
  • Download and install U5NwUGc.png.pagespeed.ce.fQOA5bLO8d.png Google Chrome.
     

STEP 3
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 4
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did Chrome uninstall/reinstall OK?
  • Did Firefox and Internet Explorer reset OK?
  • RKreport.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 Guffegris

Guffegris

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 03 December 2014 - 03:41 PM

Hi Adam,

 

I followed your instructions, and as far as I can tell it went OK. Crome uninstalled/reinstalled without any problems, and Firefox and Internet Explorer resat as supposed. The only thing was that Firefox showed up with the usual "This is embarrassing blah blah.." when it restarted, but I guess that it is part of the process.

 

By the way; I have noticed that occationally there are Danish sentences in the logfiles. Probably not a problem at all, but please don't hesitate to ask if I can help with a translation! :-)

 

Here bolow comes the logs:

 

Fixlog.log:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Elisabeth at 2014-12-03 20:46:09 Run:1
Running from C:\Users\Elisabeth\Desktop
Loaded Profile: Elisabeth (Available profiles: Elisabeth & Valdemar)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {13452e23-6e74-11e1-8843-f46d04bd7f4c} - E:\application\Nokia_Internet_Modem.exe
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {22df2162-20e9-11e3-ba20-f46d04bd7f4c} - E:\AutoRun.exe
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\...\MountPoints2: {2f3cc459-1ecc-11e3-b885-f46d04bd7f4c} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3664937432-39338335-2934514172-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =  
2014-12-02 21:10 - 2014-12-02 21:10 - 00000000 ____D () C:\Program Files (x86)\ProShopper
2014-12-02 20:58 - 2014-12-02 20:58 - 00000000 ____D () C:\Program Files (x86)\leess2paeye
2014-12-02 20:53 - 2014-12-02 20:53 - 00000000 __SHD () C:\Users\Elisabeth\AppData\Local\EmieBrowserModeList
C:\Users\Elisabeth\AppData\Local\Temp\08262B00.dll
C:\Users\Elisabeth\AppData\Local\Temp\0827DCB1.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C87DC03.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C88B50D.dll
C:\Users\Elisabeth\AppData\Local\Temp\0C8F8506.dll
C:\Users\Elisabeth\AppData\Local\Temp\0FA8179E.dll
C:\Users\Elisabeth\AppData\Local\Temp\0FAB7DE7.dll
C:\Users\Elisabeth\AppData\Local\Temp\1313F3B7.dll
C:\Users\Elisabeth\AppData\Local\Temp\13174420.dll
C:\Users\Elisabeth\AppData\Local\Temp\13194905.dll
C:\Users\Elisabeth\AppData\Local\Temp\131EA72E.dll
C:\Users\Elisabeth\AppData\Local\Temp\189F81F0.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A6F102.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A7EC3A.dll
C:\Users\Elisabeth\AppData\Local\Temp\18A8CEFC.dll
C:\Users\Elisabeth\AppData\Local\Temp\18B4C934.dll
C:\Users\Elisabeth\AppData\Local\Temp\1ACA8ACC.dll
C:\Users\Elisabeth\AppData\Local\Temp\1B1E1ADC.dll
C:\Users\Elisabeth\AppData\Local\Temp\1DD2D47D.dll
C:\Users\Elisabeth\AppData\Local\Temp\1DD41755.dll
C:\Users\Elisabeth\AppData\Local\Temp\2502F169.dll
C:\Users\Elisabeth\AppData\Local\Temp\25E25309.dll
C:\Users\Elisabeth\AppData\Local\Temp\266FA216.dll
C:\Users\Elisabeth\AppData\Local\Temp\28C2B0B2.dll
C:\Users\Elisabeth\AppData\Local\Temp\28C9043F.dll
C:\Users\Elisabeth\AppData\Local\Temp\28CA8E96.dll
C:\Users\Elisabeth\AppData\Local\Temp\28DD61A8.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8B8929.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8CF45A.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D8DB5C7.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D97A068.dll
C:\Users\Elisabeth\AppData\Local\Temp\2D9E6708.dll
C:\Users\Elisabeth\AppData\Local\Temp\2ED693D7.dll
C:\Users\Elisabeth\AppData\Local\Temp\2ED7E783.dll
C:\Users\Elisabeth\AppData\Local\Temp\313725B9.dll
C:\Users\Elisabeth\AppData\Local\Temp\3304E8F9.dll
C:\Users\Elisabeth\AppData\Local\Temp\33065BE9.dll
C:\Users\Elisabeth\AppData\Local\Temp\3306A192.dll
C:\Users\Elisabeth\AppData\Local\Temp\3308EBBE.dll
C:\Users\Elisabeth\AppData\Local\Temp\330A7937.dll
C:\Users\Elisabeth\AppData\Local\Temp\3316A806.dll
C:\Users\Elisabeth\AppData\Local\Temp\33186155.dll
C:\Users\Elisabeth\AppData\Local\Temp\3321B4A7.dll
C:\Users\Elisabeth\AppData\Local\Temp\3394286C.dll
C:\Users\Elisabeth\AppData\Local\Temp\3395F5EA.dll
C:\Users\Elisabeth\AppData\Local\Temp\33982639.dll
C:\Users\Elisabeth\AppData\Local\Temp\34E3098B.dll
C:\Users\Elisabeth\AppData\Local\Temp\3D71D5BB.dll
C:\Users\Elisabeth\AppData\Local\Temp\45536553.dll
C:\Users\Elisabeth\AppData\Local\Temp\45559048.dll
C:\Users\Elisabeth\AppData\Local\Temp\45577D6F.dll
C:\Users\Elisabeth\AppData\Local\Temp\455E8146.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D2E0AF.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D3E8DA.dll
C:\Users\Elisabeth\AppData\Local\Temp\47D8301C.dll
C:\Users\Elisabeth\AppData\Local\Temp\692A03C3.dll
C:\Users\Elisabeth\AppData\Local\Temp\69AB00C8.dll
C:\Users\Elisabeth\AppData\Local\Temp\69AECE29.dll
C:\Users\Elisabeth\AppData\Local\Temp\6A7C1DF4.dll
C:\Users\Elisabeth\AppData\Local\Temp\717B172F.dll
C:\Users\Elisabeth\AppData\Local\Temp\7347BFD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\73837ACA.dll
C:\Users\Elisabeth\AppData\Local\Temp\753BD18A.dll
C:\Users\Elisabeth\AppData\Local\Temp\753E2994.dll
C:\Users\Elisabeth\AppData\Local\Temp\756665F6.dll
C:\Users\Elisabeth\AppData\Local\Temp\7567ABD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\77D392B8.dll
C:\Users\Elisabeth\AppData\Local\Temp\77DF78F5.dll
C:\Users\Elisabeth\AppData\Local\Temp\77E03432.dll
C:\Users\Elisabeth\AppData\Local\Temp\78B538F7.dll
C:\Users\Elisabeth\AppData\Local\Temp\847925A2.dll
C:\Users\Elisabeth\AppData\Local\Temp\847B9AB6.dll
C:\Users\Elisabeth\AppData\Local\Temp\847D1A21.dll
C:\Users\Elisabeth\AppData\Local\Temp\848255E6.dll
C:\Users\Elisabeth\AppData\Local\Temp\89541DA0.dll
C:\Users\Elisabeth\AppData\Local\Temp\89590875.dll
C:\Users\Elisabeth\AppData\Local\Temp\895CF41A.dll
C:\Users\Elisabeth\AppData\Local\Temp\895FF552.dll
C:\Users\Elisabeth\AppData\Local\Temp\896AA2C4.dll
C:\Users\Elisabeth\AppData\Local\Temp\896B5D79.dll
C:\Users\Elisabeth\AppData\Local\Temp\896ED55E.dll
C:\Users\Elisabeth\AppData\Local\Temp\8BA45656.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F281819.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F2914CA.dll
C:\Users\Elisabeth\AppData\Local\Temp\8F2A6E50.dll
C:\Users\Elisabeth\AppData\Local\Temp\903C04C1.dll
C:\Users\Elisabeth\AppData\Local\Temp\90417395.dll
C:\Users\Elisabeth\AppData\Local\Temp\904389B4.dll
C:\Users\Elisabeth\AppData\Local\Temp\90490DF9.dll
C:\Users\Elisabeth\AppData\Local\Temp\906E7671.dll
C:\Users\Elisabeth\AppData\Local\Temp\90B91D7D.dll
C:\Users\Elisabeth\AppData\Local\Temp\92D8BD96.dll
C:\Users\Elisabeth\AppData\Local\Temp\92DBFFBB.dll
C:\Users\Elisabeth\AppData\Local\Temp\92E658BF.dll
C:\Users\Elisabeth\AppData\Local\Temp\92E93FD4.dll
C:\Users\Elisabeth\AppData\Local\Temp\997C0D2C.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B68B4BA.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B6B13AF.dll
C:\Users\Elisabeth\AppData\Local\Temp\9B6CDAE5.dll
C:\Users\Elisabeth\AppData\Local\Temp\9EFC3C87.dll
C:\Users\Elisabeth\AppData\Local\Temp\A551D832.dll
C:\Users\Elisabeth\AppData\Local\Temp\A9AB66C5.dll
C:\Users\Elisabeth\AppData\Local\Temp\acufutls.dll
C:\Users\Elisabeth\AppData\Local\Temp\AEC5A5FE.dll
C:\Users\Elisabeth\AppData\Local\Temp\APNSetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\AskSLib.dll
C:\Users\Elisabeth\AppData\Local\Temp\B16402AB.dll
C:\Users\Elisabeth\AppData\Local\Temp\B1688715.dll
C:\Users\Elisabeth\AppData\Local\Temp\B61ED455.dll
C:\Users\Elisabeth\AppData\Local\Temp\B61FEBC7.dll
C:\Users\Elisabeth\AppData\Local\Temp\B622DD43.dll
C:\Users\Elisabeth\AppData\Local\Temp\B63F5897.dll
C:\Users\Elisabeth\AppData\Local\Temp\B6418605.dll
C:\Users\Elisabeth\AppData\Local\Temp\B687F76C.dll
C:\Users\Elisabeth\AppData\Local\Temp\B68962EE.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA368BF2.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA3986B4.dll
C:\Users\Elisabeth\AppData\Local\Temp\BA3BE705.dll
C:\Users\Elisabeth\AppData\Local\Temp\BullGuard Internet Security Setup.exe
C:\Users\Elisabeth\AppData\Local\Temp\C30F542C.dll
C:\Users\Elisabeth\AppData\Local\Temp\C7DAECF5.dll
C:\Users\Elisabeth\AppData\Local\Temp\CD3561FA.dll
C:\Users\Elisabeth\AppData\Local\Temp\CF72D401.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEAACD0.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEB9881.dll
C:\Users\Elisabeth\AppData\Local\Temp\CFEDED44.dll
C:\Users\Elisabeth\AppData\Local\Temp\D3FF30FC.dll
C:\Users\Elisabeth\AppData\Local\Temp\D56C7138.dll
C:\Users\Elisabeth\AppData\Local\Temp\down.2340.setupytb.exe
C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Elisabeth\AppData\Local\Temp\E398114C.dll
C:\Users\Elisabeth\AppData\Local\Temp\eauninstall.exe
C:\Users\Elisabeth\AppData\Local\Temp\F2A4CBED.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2A84183.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2AB49A8.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2CC24D7.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2CCF170.dll
C:\Users\Elisabeth\AppData\Local\Temp\F2D11615.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9B3F91.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9D3707.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9DD4B0.dll
C:\Users\Elisabeth\AppData\Local\Temp\FA9E5940.dll
C:\Users\Elisabeth\AppData\Local\Temp\FF967752.dll
C:\Users\Elisabeth\AppData\Local\Temp\GUR20E8.exe
C:\Users\Elisabeth\AppData\Local\Temp\hlar-uab.dll
C:\Users\Elisabeth\AppData\Local\Temp\jeDC4.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.dll
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.exe
C:\Users\Elisabeth\AppData\Local\Temp\mixcraft6-b216-setup.exe
C:\Users\Elisabeth\AppData\Local\Temp\oct1BA3.tmp.exe
C:\Users\Elisabeth\AppData\Local\Temp\octB50A.tmp.exe
C:\Users\Elisabeth\AppData\Local\Temp\optprosetup.exe
C:\Users\Elisabeth\AppData\Local\Temp\patch-series-216-217.exe
C:\Users\Elisabeth\AppData\Local\Temp\PokkiInstaller.exe
C:\Users\Elisabeth\AppData\Local\Temp\Quarantine.exe
C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Elisabeth\AppData\Local\Temp\SimBundD.exe
C:\Users\Elisabeth\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Elisabeth\AppData\Local\Temp\sqlite3.dll
C:\Users\Elisabeth\AppData\Local\Temp\Tsu9BF0D1D9.dll
C:\Users\Elisabeth\AppData\Local\Temp\tzholwz1.dll
C:\Users\Elisabeth\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Elisabeth\AppData\Local\Temp\ZoolaGames.exe
C:\Users\Valdemar\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Valdemar\AppData\Local\Temp\killtask.exe
C:\Users\Valdemar\AppData\Local\Temp\l0cvzduv.dll
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Elisabeth\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

"HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13452e23-6e74-11e1-8843-f46d04bd7f4c}" => Key deleted successfully.
"HKCR\CLSID\{13452e23-6e74-11e1-8843-f46d04bd7f4c}" => Key not found.
"HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22df2162-20e9-11e3-ba20-f46d04bd7f4c}" => Key deleted successfully.
"HKCR\CLSID\{22df2162-20e9-11e3-ba20-f46d04bd7f4c}" => Key not found.
"HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f3cc459-1ecc-11e3-b885-f46d04bd7f4c}" => Key deleted successfully.
"HKCR\CLSID\{2f3cc459-1ecc-11e3-b885-f46d04bd7f4c}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\system32\GroupPolicyUsers\S-1-5-21-3664937432-39338335-2934514172-1001\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3664937432-39338335-2934514172-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Program Files (x86)\ProShopper => Moved successfully.
C:\Program Files (x86)\leess2paeye => Moved successfully.
C:\Users\Elisabeth\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\08262B00.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\0827DCB1.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\0C87DC03.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\0C88B50D.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\0C8F8506.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\0FA8179E.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\0FAB7DE7.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\1313F3B7.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\13174420.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\13194905.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\131EA72E.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\189F81F0.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\18A6F102.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\18A7EC3A.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\18A8CEFC.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\18B4C934.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\1ACA8ACC.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\1B1E1ADC.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\1DD2D47D.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\1DD41755.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\2502F169.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\25E25309.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\266FA216.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\28C2B0B2.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\28C9043F.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\28CA8E96.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\28DD61A8.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\2D8B8929.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\2D8CF45A.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\2D8DB5C7.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\2D97A068.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\2D9E6708.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\2ED693D7.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\2ED7E783.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\313725B9.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\3304E8F9.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\33065BE9.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\3306A192.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\3308EBBE.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\330A7937.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\3316A806.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\33186155.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\3321B4A7.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\3394286C.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\3395F5EA.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\33982639.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\34E3098B.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\3D71D5BB.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\45536553.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\45559048.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\45577D6F.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\455E8146.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\47D2E0AF.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\47D3E8DA.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\47D8301C.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\692A03C3.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\69AB00C8.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\69AECE29.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\6A7C1DF4.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\717B172F.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\7347BFD4.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\73837ACA.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\753BD18A.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\753E2994.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\756665F6.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\7567ABD4.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\77D392B8.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\77DF78F5.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\77E03432.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\78B538F7.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\847925A2.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\847B9AB6.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\847D1A21.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\848255E6.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\89541DA0.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\89590875.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\895CF41A.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\895FF552.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\896AA2C4.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\896B5D79.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\896ED55E.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\8BA45656.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\8F281819.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\8F2914CA.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\8F2A6E50.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\903C04C1.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\90417395.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\904389B4.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\90490DF9.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\906E7671.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\90B91D7D.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\92D8BD96.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\92DBFFBB.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\92E658BF.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\92E93FD4.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\997C0D2C.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\9B68B4BA.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\9B6B13AF.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\9B6CDAE5.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\9EFC3C87.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\A551D832.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\A9AB66C5.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\acufutls.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\AEC5A5FE.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B16402AB.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B1688715.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B61ED455.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B61FEBC7.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B622DD43.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B63F5897.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B6418605.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B687F76C.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\B68962EE.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\BA368BF2.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\BA3986B4.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\BA3BE705.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\BullGuard Internet Security Setup.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\C30F542C.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\C7DAECF5.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\CD3561FA.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\CF72D401.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\CFEAACD0.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\CFEB9881.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\CFEDED44.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\D3FF30FC.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\D56C7138.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\down.2340.setupytb.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\E398114C.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\eauninstall.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\F2A4CBED.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\F2A84183.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\F2AB49A8.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\F2CC24D7.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\F2CCF170.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\F2D11615.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\FA9B3F91.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\FA9D3707.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\FA9DD4B0.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\FA9E5940.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\FF967752.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\GUR20E8.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\hlar-uab.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\jeDC4.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\juWA5.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\mixcraft6-b216-setup.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\oct1BA3.tmp.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\octB50A.tmp.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\patch-series-216-217.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\PokkiInstaller.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\SimBundD.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\Tsu9BF0D1D9.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\tzholwz1.dll => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Temp\ZoolaGames.exe => Moved successfully.
C:\Users\Valdemar\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Valdemar\AppData\Local\Temp\killtask.exe => Moved successfully.
C:\Users\Valdemar\AppData\Local\Temp\l0cvzduv.dll => Moved successfully.
"HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-3664937432-39338335-2934514172-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\ProgramData\TEMP => ":AB689DEA" ADS removed successfully.

=========  ipconfig /flushdns =========


Windows IP-konfiguration

DNS Resolver Cache blev tmt.

========= End of CMD: =========


=========  netsh winsock reset all =========


Winsock-kataloget blev nulstillet.
Du skal genstarte computeren for at fuldfre nulstillingen.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Nulstilling Global blev gennemfrt!
Nulstilling Grnseflade blev gennemfrt!
Nulstilling Undergrnseflade blev gennemfrt!
Genstart computeren for at fuldfre handlingen.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Nulstilling Grnseflade blev gennemfrt!
Nulstilling Undergrnseflade blev gennemfrt!
Genstart computeren for at fuldfre handlingen.


========= End of CMD: =========

EmptyTemp: => Removed 2.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

RKreport.txt:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Elisabeth [Administrator]
Mode : Scan -- Date : 12/03/2014  22:24:15
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] ouc.exe -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 29 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.127.127.11 81.27.221.146 81.27.221.179  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.127.127.11 81.27.221.146 81.27.221.179  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.127.127.11 81.27.221.146 81.27.221.179  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F57ACBA-7C8D-4961-AE8D-D1A491DC56B1} | DhcpNameServer : 10.127.127.11 81.27.221.146 81.27.221.179  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7473B66C-309C-4DF9-A7E6-1380FFF83F95} | DhcpNameServer : 62.44.166.197 62.44.166.69  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5F57ACBA-7C8D-4961-AE8D-D1A491DC56B1} | DhcpNameServer : 10.127.127.11 81.27.221.146 81.27.221.179  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7473B66C-309C-4DF9-A7E6-1380FFF83F95} | DhcpNameServer : 62.44.166.197 62.44.166.69  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5F57ACBA-7C8D-4961-AE8D-D1A491DC56B1} | DhcpNameServer : 10.127.127.11 81.27.221.146 81.27.221.179  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7473B66C-309C-4DF9-A7E6-1380FFF83F95} | DhcpNameServer : 62.44.166.197 62.44.166.69  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3664937432-39338335-2934514172-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST932032 5AS SATA Disk Device +++++
--- User ---
[MBR] b1fe16168d43d4159f7db8e105d23f9c
[BSP] 8e09d8c2c3b944406103bd61aa1b6ad1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102400 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 209717248 | Size: 15360 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 241174528 | Size: 187468 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 625108992 | Size: 16 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] 66b4ad9c535c13f2a1e6193c39cf5c0e
[BSP] efdf1a513172d27ecb04d25c652f556b : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 0 | Size: 1775989 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Anmodningen understøttes ikke. )
 



#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 04 December 2014 - 01:36 AM

Hello Kim, 
 

By the way; I have noticed that occationally there are Danish sentences in the logfiles. Probably not a problem at all, but please don't hesitate to ask if I can help with a translation! :-)

Will do. Thank you. :)
 
Please provide an update on your computer after running the scan below. 
 
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#9 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 December 2014 - 06:38 AM

Hi Kim, 

 

Just checking in to see how you're getting on? 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#10 Guffegris

Guffegris

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 07 December 2014 - 06:46 AM

Hi Adam,

 

I must certainly say that you were right! - that scan took between a lifetime and forever to finish! - but at last I got it. :-)

 

The computer is clearly running much better now. The browsers no longer seems to be hi-jacked, and it is no longer lacking its resourses, so you have definitly done a good job until now, but I guess that we still will have to deal with the treads that the last scan revealed. Here comes the log:

 

MyEsetScan.txt:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension32.dll.vir    a variant of Win32/Toolbar.Perion.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension64.dll.vir    a variant of Win64/Toolbar.Perion.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe.vir    a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\InstallerHelper.dll.vir    a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir    a variant of MSIL/Toolbar.Linkury.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir    a variant of MSIL/Toolbar.Linkury.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir    a variant of MSIL/Toolbar.Linkury.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe.vir    a variant of MSIL/RunElevated.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir    a variant of MSIL/MyPCBackup.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Elisabeth\AppData\Local\Chromatic Browser\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Elisabeth\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Elisabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Elisabeth\AppData\Local\torch\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\InCKP@j.net\content\bg.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\sl2ed0e8.default\Extensions\M7Cb9e@f.net\content\bg.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Elisabeth\AppData\Roaming\RHEng\0E0110C6091341BD9C55F0EACE71F85C\OptimizerPro.exe.vir    a variant of Win32/AdWare.SpeedingUpMyPC.N application
C:\AdwCleaner\Quarantine\C\Users\Elisabeth\AppData\Roaming\RHEng\3A1A47D545D347189EBBDF8D6D956084\sp-downloader.exe.vir    Win32/Toolbar.Conduit.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Gæst\AppData\Local\Chromatic Browser\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Gæst\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Gæst\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Gæst\AppData\Local\torch\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Public\Util\DTChk.exe.vir    Win32/Toolbar.DefaultTab.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Valdemar\AppData\Local\Chromatic Browser\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Valdemar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Valdemar\AppData\Local\torch\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\Extensions\InCKP@j.net\content\bg.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Valdemar\AppData\Roaming\Mozilla\Firefox\Profiles\peeyg0ew.default\Extensions\M7Cb9e@f.net\content\bg.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Elisabeth\AppData\Local\Temp\APNSetup.exe.xBAD    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\FRST\Quarantine\C\Users\Elisabeth\AppData\Local\Temp\AskSLib.dll.xBAD    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\FRST\Quarantine\C\Users\Elisabeth\AppData\Local\Temp\down.2340.setupytb.exe.xBAD    a variant of Win32/AdWare.MultiPlug.CY application
C:\FRST\Quarantine\C\Users\Elisabeth\AppData\Local\Temp\jeDC4.exe.xBAD    a variant of Win32/Adware.AddLyrics.CL application
C:\FRST\Quarantine\C\Users\Elisabeth\AppData\Local\Temp\optprosetup.exe.xBAD    a variant of Win32/OptimizerEliteMax.C potentially unwanted application
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js    JS/Kryptik.ATB trojan
C:\Users\Elisabeth\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js    JS/Kryptik.ATB trojan
C:\Users\Gæst\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js    JS/Kryptik.ATB trojan
C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe\159\content.js    JS/Chromex.Agent.L trojan
C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe\159\VxMmoG39Q.js    JS/Kryptik.ATB trojan
C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfembjnmeainjncdflaoclcjadfhpoim\110\J6lzpGO7e.js    JS/Kryptik.ATB trojan
C:\Users\Valdemar\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi\2.0\Gd.js    JS/Kryptik.ATB trojan
C:\Users\Valdemar\Downloads\flstudio_11.1.1.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Valdemar\Downloads\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\ELISABETH-PC\Backup Set 2013-09-22 190001\Backup Files 2013-09-29 190001\Backup files 2.zip    a variant of Win32/SoftonicDownloader.F potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-09-22 190001\Backup Files 2013-10-06 204547\Backup files 3.zip    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\ELISABETH-PC\Backup Set 2013-10-15 083517\Backup Files 2013-10-15 083517\Backup files 7.zip    a variant of Win32/SoftonicDownloader.F potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-10-15 083517\Backup Files 2013-10-29 210303\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-10-15 083517\Backup Files 2013-10-29 210303\Backup files 2.zip    a variant of Win32/SoftonicDownloader.F potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-10-15 083517\Backup Files 2013-11-05 072100\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-11-18 065914\Backup Files 2013-11-18 065914\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-11-18 065914\Backup Files 2014-01-05 190001\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-11-18 065914\Backup Files 2014-01-05 190001\Backup files 4.zip    a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-11-18 065914\Backup Files 2014-02-03 143108\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-11-18 065914\Backup Files 2014-02-03 143108\Backup files 4.zip    a variant of Win32/SoftonicDownloader.F potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-11-18 065914\Backup Files 2014-02-16 162825\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2013-11-18 065914\Backup Files 2014-02-27 073317\Backup files 1.zip    a variant of Win32/InstallBrain.BH potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-03-11 104222\Backup Files 2014-03-11 104222\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-03-11 104222\Backup Files 2014-03-11 104222\Backup files 11.zip    a variant of Win32/SoftonicDownloader.F potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-03-11 104222\Backup Files 2014-03-11 104222\Backup files 4.zip    Win32/Toolbar.SearchSuite potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-03-11 104222\Backup Files 2014-03-24 084309\Backup files 3.zip    a variant of Win32/AdWare.iBryte.V.gen application
D:\ELISABETH-PC\Backup Set 2014-03-11 104222\Backup Files 2014-05-06 172930\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.F potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-03-11 104222\Backup Files 2014-05-06 172930\Backup files 3.zip    a variant of Win32/InstallCore.BY potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-06-02 162135\Backup Files 2014-06-02 162135\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-06-02 162135\Backup Files 2014-06-02 162135\Backup files 4.zip    Win32/Toolbar.SearchSuite potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-06-02 162135\Backup Files 2014-06-09 122642\Backup files 2.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-06-02 162135\Backup Files 2014-06-09 122642\Backup files 3.zip    a variant of Win32/SoftonicDownloader.F potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-07-01 175039\Backup Files 2014-07-01 175039\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-07-01 175039\Backup Files 2014-07-01 175039\Backup files 13.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-07-01 175039\Backup Files 2014-07-01 175039\Backup files 5.zip    Win32/Toolbar.SearchSuite potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-08-17 191402\Backup Files 2014-08-17 191402\Backup files 1.zip    a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-08-17 191402\Backup Files 2014-08-17 191402\Backup files 12.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-08-17 191402\Backup Files 2014-08-17 191402\Backup files 5.zip    Win32/Toolbar.SearchSuite potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-08-17 191402\Backup Files 2014-09-07 205340\Backup files 1.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-09-14 190006\Backup Files 2014-09-14 190006\Backup files 1.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-09-14 190006\Backup Files 2014-09-14 190006\Backup files 15.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-09-14 190006\Backup Files 2014-09-14 190006\Backup files 5.zip    Win32/Toolbar.SearchSuite potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-09-14 190006\Backup Files 2014-09-29 203936\Backup files 4.zip    JS/Kryptik.ATB trojan
D:\ELISABETH-PC\Backup Set 2014-09-14 190006\Backup Files 2014-10-14 205115\Backup files 1.zip    JS/Kryptik.ATB trojan
D:\ELISABETH-PC\Backup Set 2014-09-14 190006\Backup Files 2014-10-14 205115\Backup files 2.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-09-14 190006\Backup Files 2014-10-14 205115\Backup files 4.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-10-20 204905\Backup files 1.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-15 163422\Backup files 1.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-15 163422\Backup files 14.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-15 163422\Backup files 15.zip    Win32/OpenCandy potentially unsafe application
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-15 163422\Backup files 2.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-15 163422\Backup files 3.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-15 163422\Backup files 5.zip    Win32/Toolbar.SearchSuite potentially unwanted application
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-15 163422\Backup files 6.zip    multiple threats
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-15 163422\Backup files 7.zip    JS/Kryptik.ATB trojan
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-11-23 190003\Backup files 1.zip    JS/Kryptik.ATB trojan
D:\ELISABETH-PC\Backup Set 2014-10-20 204905\Backup Files 2014-12-01 200619\Backup files 1.zip    Win32/Adware.MultiPlug.DU application


    Advertisements

Register to Remove


#11 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 December 2014 - 07:48 AM

Hi Kim, 

 
Most items flagged by ESET are for files we've already removed, or backup files on your D:\ drive. 
As we're dealing with backup files, I will let you decide what you wish to do. I would recommend removing the backup files below.

 

Spoiler

 
Lets update your vulnerable software to reduce the risk of reinfection. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
    C:\Users\Elisabeth\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
    C:\Users\Gæst\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
    C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe
    C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfembjnmeainjncdflaoclcjadfhpoim
    C:\Users\Valdemar\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
    C:\Users\Valdemar\Downloads\flstudio_11.1.1.exe   
    C:\Users\Valdemar\Downloads\Shockwave_Installer_Slim.exe 
    C:\Windows\System32\Adobe\Shockwave 12\gt.exe   
    C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe 
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 3
EtQetiM.png Remove Outdated Software

  • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Reader X (10.1.11) - Dansk
    • Adobe Reader X (10.1.11)
    • Adobe Shockwave Player 12.0
    • Java 7 Update 51 (64-bit)
    • Java 7 Update 71 
  • Follow the prompts, and reboot if necessary.
     

STEP 4
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the 29Fou9c.jpg Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 5
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#12 Guffegris

Guffegris

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 07 December 2014 - 07:09 PM

Hi Adam,

 

I followed your instructions, and of course I took your advice and deleted the backupfiles! - there are no way I would take the risk of restoring these nasties back in place! ;-)

 

The computer seems to be running fine now, it is my impression that it is clean now, so I think that you have actually done it! - something I realy apreciate, and I can asure you that the the owner of the computer will be very grateful; it belongs to a single mom, or rather to her kid who needs it for use in scool, and they don't have much computer skills...

 

Here comes the logs, hopefully you will aggree that it is clean:

 

 

Fixlog.txt:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 02
Ran by Elisabeth at 2014-12-08 00:12:54 Run:2
Running from C:\Users\Elisabeth\Desktop
Loaded Profile: Elisabeth (Available profiles: Elisabeth & Valdemar)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
C:\Users\Elisabeth\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
C:\Users\Gæst\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe
C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfembjnmeainjncdflaoclcjadfhpoim
C:\Users\Valdemar\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi
C:\Users\Valdemar\Downloads\flstudio_11.1.1.exe    
C:\Users\Valdemar\Downloads\Shockwave_Installer_Slim.exe  
C:\Windows\System32\Adobe\Shockwave 12\gt.exe    
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe  
EmptyTemp:
end
*****************
 
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi => Moved successfully.
C:\Users\Elisabeth\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi => Moved successfully.
C:\Users\Gæst\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi => Moved successfully.
C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe => Moved successfully.
C:\Users\Valdemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfembjnmeainjncdflaoclcjadfhpoim => Moved successfully.
C:\Users\Valdemar\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\febofpodjlkgfmljjonnhpghpgcpfldi => Moved successfully.
C:\Users\Valdemar\Downloads\flstudio_11.1.1.exe => Moved successfully.
C:\Users\Valdemar\Downloads\Shockwave_Installer_Slim.exe => Moved successfully.
"C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found.
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe => Moved successfully.
EmptyTemp: => Removed 68.4 MB temporary data.
 
 
The system needed a reboot.  
 
==== End of Fixlog ====
 

 

checkup.txt:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 Results of screen317's Security Check version 0.99.91   
 Windows 7 Service Pack 1 x64 (UAC is enabled)   
 Internet Explorer 11   
``````````````Antivirus/Firewall Check:``````````````  
Microsoft Security Essentials    
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````  
 Java 8 Update 25   
 Java version 32-bit out of Date!  
 Adobe Flash Player 15.0.0.239   
 Adobe Reader XI   
 Mozilla Firefox (34.0.5)  
 Google Chrome (39.0.2171.71)  
````````Process Check: objlist.exe by Laurent````````   
 Microsoft Security Essentials MSMpEng.exe  
 Microsoft Security Essentials msseces.exe  
 Malwarebytes Anti-Malware mbamservice.exe   
 Malwarebytes Anti-Malware mbam.exe   
 ASUS USBChargeSetting iSeriesCharge.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe    
 Mobile Partner OnlineUpdate ouc.exe   
`````````````````System Health check`````````````````  
 Total Fragmentation on Drive C:   
````````````````````End of Log``````````````````````



#13 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 December 2014 - 09:06 PM

Hi Kim, 
 

The computer seems to be running fine now, it is my impression that it is clean now

I'm very pleased to hear. :)
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.  :thumbup:
Adam


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#14 Guffegris

Guffegris

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 09 December 2014 - 05:41 PM

Hi Adam,

 

I followed your instructions, and everything went fine. The owner of the computer was very happy with the result, and she definitely wanted to buy you a beer, so I have just made a small donation, which I believe will cover for a couple of pints in a neerby pub. ;-)

 

Thanks for your assistance, and have a merry christmas! :-)

 

- Kim.



#15 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 09 December 2014 - 08:07 PM

Hi Kim, 
 

The owner of the computer was very happy with the result

Excellent.
 

so I have just made a small donation, which I believe will cover for a couple of pints in a neerby pub. ;-)

Thank you very much. :)
 
Merry Christmas to you too!
 
I will mark this topic as solved. 
 
All the best, 
Adam


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users