HijackThis-logg

Babbler1 · Maj 1, 2014

Hej!

Kan någon vänlig själ hjälpa mig med denna logg?

Tack på förhand!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:41:49, on 2014-05-01

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17041)

Boot mode: Normal

Running processes:

C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe

C:\Users\NA\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:

\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=127.0.0.1:13852

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

(no file)

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} -

(no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -

C:\Program Files\Trend Micro\AMSP\module

\20004\3.0.1313\6.8.1120\TmIEPlg32.dll

O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18}

- C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-

AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program

Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2}

- C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common

Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\\AppData\Roaming\Spotify

\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\\AppData\Local\Google\Update

\GoogleUpdate.exe" /c

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:

\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Ski&cka till OneNote - res://C:

\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion

\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:

\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-

8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll

O9 - Extra button: Länkade &anteckningar - {789FE86F-6FC4-46A1-9849-

EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Länkade &anteckningar - {789FE86F-6FC4-46A1-

9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files

\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files

\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab)

-

http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_

nvd.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)

- http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program

Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program

Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll

O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program

Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:

\Program Files\Trend Micro\Titanium\UIFramework

\ProToolbarIMRatingActiveX.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program

Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service

(ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files

(x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing

\NetworkLicenseServer.exe

O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -

C:\Windows\System32\alg.exe (file missing)

O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. -

C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner

- C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON

CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON

CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) -

Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader

\Foxit Cloud\FCUpdateService.exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. -

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. -

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000

(IEEtwCollectorService) - Unknown owner - C:\Windows

\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows

\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -

Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:

\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA

Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core

\daemonu.exe

O23 - Service: PassShow - Unknown owner - C:\Program Files (x86)\PassShow

\PassShowqEv161.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -

Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:

\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown

owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner

- C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown

owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown

owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown

owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files

(x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) -

NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -

Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -

Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -

C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner

- C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -

Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -

Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -

Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media

Player\wmpnetwk.exe (file missing)

--

End of file - 11413 bytes

Marion · Maj 1, 2014

Kör om hijack, och klistra in log-filen som uppträder i .txt-rutan här: http://www.hijackthis.de/

Cecilia · Maj 2, 2014

Hej!

Kan någon vänlig själ hjälpa mig med denna logg?

Tack på förhand!

Hej!

Om du tror att datorn är infekterad är inte HijackThis ett tillräckligt bra program att använda längre, dels är det inte kompatibelt med 64-bitars Windows och dels visar det alldeles för lite av vad som händer i datorn.

Ladda ner Farbar Recovery Scan Tool (FRST) och spara på skrivbordet: http://download.bleepingcomputer.com/farbar/FRST64.exe

Starta FRST.

Läs villkoren för programmet.

Klicka på Yes för att acceptera.

Klicka på Scan-knappen.

När det är klart kommer det att ha skapats två loggar FRST.txt och Addition.txt på skrivbordet.

Antingen klistra in innehållet i loggarna direkt i ditt svar, men använd då om möjligt Spoiler-funktionen som finns när du klickar på 3:e knappen från vänster i övre raden, eller bifoga de två filerna, och då får du först klicka på knappen "Växla till full redigering".

Har du själv ställt in att en proxy-server ska användas, t ex för anonym surfning?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13852

Redigerad Maj 2, 2014 av Cecilia

Babbler1 · Maj 2, 2014

Hej!

Tack för ditt svar!

Jag har INTE ställt in att proxy-servern ska användas för anonym surfing?

Hur ändrar jag det?

Här kommer loggarna.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-

2014
Ran by (administrator) on DATORRUMMET on 02-05-2014 08:47:45
Running from C:\Users\\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Swedish
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or

outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-

tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision

\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display

\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk

\uiWatchDog.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint

\9.00\Licensing\NetworkLicenseServer.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\PassShow\PassShowqEvqTw.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk

\uiSeAgnt.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP

\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP

\E_S50RPB.EXE
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader

\Foxit Cloud\FCUpdateService.exe
() C:\Program Files (x86)\PassShow\PassShowqEv161.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\TMAS

\TMAS_WLM\TMAS_WLMMon.exe
(Spotify Ltd) C:\Users\\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy

2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy

2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy

2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy

2\SDUpdSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA

\RtkNGUI64.exe [6602856 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [WLM] => C:\Program Files\Trend Micro\Titanium\Plugin\TMAS

\TMAS_WLM\TMAS_WLMMon.exe [44152 2013-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend

Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro

Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search &

Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1521310780-587458791-887972967-1000\...\MountPoints2:

{5d9366e9-9d8f-11e0-bcaf-806e6f6e6963} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1521310780-587458791-887972967-1000\...\MountPoints2:

{f021a9b0-ec64-11e1-a642-74ea3a81f1fd} - G:\Startme.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13852
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.google.se/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

http://se.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect

Cache_TIMESTAMP = 0x6F48CE2CC231CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache

AcceptLangs = sv
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} -

No File
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} -

No File
SearchScopes: HKCU - {51073AED-209E-4076-B66F-CA7425CE5E41} URL =

http://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-

8&type=937811&p={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:

\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll

(Trend Micro Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft

Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program

Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON

CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF}

- C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft

Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program

Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe64.dll (Trend

Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:

\Program Files\Trend Micro\AMSP\module

\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program

Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}

- C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft

Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle

Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-

AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-

42B3008E02FF} - C:\Program Files (x86)\Microsoft Office

\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:

\Program Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll

(Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle

Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -

C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO

EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-

F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework

\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F}

http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_

nvd.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000}

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files

\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe64.dll (Trend Micro

Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files

\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro

Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program

Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\TmBpIe32.dll (Trend

Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program

Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend

Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program

Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program

Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend

Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 195.67.199.12 195.67.199.13

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash

\NPSWF64_13_0_0_206.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft

Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:

\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash

\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 - C:

\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 - C:

\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files

(x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files

(x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social

Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files

(x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files

(x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files

(x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files

(x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files

(x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files

(x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files

(x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE

AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files

(x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE

AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader

Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software

\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader

Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit

Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files

(x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files

(x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files

(x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files

(x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:

\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:

\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program

Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program

Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program

Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA

Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files

(x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA

Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files

(x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files

(x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files

(x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files

(x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\

\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\

\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program

Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend

Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-

faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar

\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium

\UIFramework\Toolbar\firefoxextension [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program

Files\Trend Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend

Micro\AMSP\module\20002\8.0.1170\8.0.1170\firefoxextension [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-

529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt

\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend

Micro\AMSP\module\20004\FxExt\firefoxextension\ []
FF HKCU\...\Firefox\Extensions: [{110A8A34-4C2B-D11A-DA3E-E61A57AA48D2}] -

C:\Program Files (x86)\PassShow\161.xpi
FF Extension: PassShow - C:\Program Files (x86)\PassShow\161.xpi [2014-05-

01]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: ""
CHR Plugin: (Shockwave Flash) - C:\Users\\AppData\Local\Google\Chrome

\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\\AppData\Local\Google\Chrome

\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\\AppData\Local\Google\Chrome

\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime

\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime

\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime

\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime

\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime

\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime

\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime

\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:

\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:

\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog

Web Plugins\2.1.3\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins

\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files

(x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit

Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google

Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update

\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java

\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft

Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation

\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation

\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin

\np_prsnl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC

\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows

Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes

\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows

\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Angry Birds) - C:\Users\\AppData\Local\Google\Chrome\User

Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-11-14]
CHR Extension: (Google Wallet) - C:\Users\\AppData\Local\Google\Chrome\User

Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\\AppData\Local\Google

\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf

[2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:

\Users\MATSMA~1\AppData\Local\Temp\ccex.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:

\Program Files\Trend Micro\AMSP\module

\20002\8.0.1135\8.0.1135\chrome_tmbep.crx [2014-05-01]
CHR StartMenuInternet: Google Chrome - C:\Users\\AppData\Local\Google

\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common

Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

[759048 2009-05-14] (ABBYY)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit

Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit

Corporation)
R2 PassShow; C:\Program Files (x86)\PassShow\PassShowqEv161.exe [142336

2014-05-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-31] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy

2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy

2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy

2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe"

coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

S3 cleanhlp; C:\Users\\EEK\RUN\cleanhlp64.sys [57024 2014-02-08] (Emsisoft

GmbH)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14]

(Brother Industries Ltd.)
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [811520

2009-05-14] (Windows ® Win 7 DDK provider)
S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-30]

(Todos Data System AB)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [116264 2013-09-04]

(Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [282624 2013-09-04]

(Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend

Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13]

(Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85424 2013-09-04]

(Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15]

(Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend

Micro Inc.)
S3 TridVid; C:\Windows\System32\DRIVERS\tridvid6010.sys [411648 2011-01-21]

(10Moons Technologies Co.,Ltd)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14]

(Microsoft Corporation)
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-02 08:47 - 2014-05-02 08:47 - 00021850 _____ () C:\Users\\Desktop

\FRST.txt
2014-05-02 08:46 - 2014-05-02 08:47 - 00000000 ____D () C:\FRST
2014-05-02 08:45 - 2014-05-02 08:46 - 02062336 _____ (Farbar) C:\Users\

\Desktop\FRST64.exe
2014-05-02 00:35 - 2014-05-02 00:35 - 00000000 __SHD () C:\Users\\AppData

\Local\EmieUserList
2014-05-02 00:35 - 2014-05-02 00:35 - 00000000 __SHD () C:\Users\\AppData

\Local\EmieSiteList
2014-05-01 23:34 - 2014-05-01 23:34 - 00000000 ____D () C:\Users\

\Documents\ProcAlyzer Dumps
2014-05-01 22:27 - 2014-05-01 23:34 - 00000000 ____D () C:\ProgramData

\Spybot - Search & Destroy
2014-05-01 22:27 - 2014-05-01 22:29 - 00000000 ____D () C:\Program Files

(x86)\Spybot - Search & Destroy 2
2014-05-01 22:27 - 2014-05-01 22:27 - 00001391 _____ () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-01 22:27 - 2014-05-01 22:27 - 00001379 _____ () C:\Users\Public

\Desktop\Spybot-S&D Start Center.lnk
2014-05-01 22:27 - 2014-05-01 22:27 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-01 22:27 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking

Limited) C:\Windows\system32\sdnclean64.exe
2014-05-01 22:25 - 2014-05-01 22:26 - 46392680 _____ (Safer-Networking Ltd.

) C:\Users\\Desktop\spybot-2.3.exe
2014-05-01 21:39 - 2014-05-02 08:17 - 00003011 _____ () C:\Users\\Desktop

\HiJackThis.lnk
2014-05-01 21:39 - 2014-05-01 21:39 - 01402880 _____ () C:\Users\\Desktop

\HiJackThis.msi
2014-05-01 21:39 - 2014-05-01 21:39 - 00000000 ____D () C:\Program Files

(x86)\Trend Micro
2014-05-01 08:14 - 2014-05-01 08:14 - 00001702 _____ () C:\Users\\Desktop

\JRT.txt
2014-05-01 07:52 - 2014-05-02 07:53 - 00000386 _____ () C:\Windows\Tasks

\PassShow_wd.job
2014-05-01 07:52 - 2014-05-01 07:52 - 00002990 _____ () C:\Windows

\System32\Tasks\PassShow_wd
2014-05-01 07:52 - 2014-05-01 07:52 - 00000000 ____D () C:\Program Files

(x86)\PassShow
2014-04-29 22:24 - 2014-03-06 12:21 - 23549440 _____ (Microsoft

Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 22:24 - 2014-03-06 11:32 - 02724864 _____ (Microsoft

Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 22:24 - 2014-03-06 11:31 - 00004096 _____ (Microsoft

Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 22:24 - 2014-03-06 11:19 - 17387008 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 22:24 - 2014-03-06 10:59 - 00066048 _____ (Microsoft

Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 22:24 - 2014-03-06 10:57 - 00548352 _____ (Microsoft

Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 22:24 - 2014-03-06 10:57 - 00048640 _____ (Microsoft

Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 22:24 - 2014-03-06 10:53 - 02767360 _____ (Microsoft

Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 22:24 - 2014-03-06 10:40 - 00051200 _____ (Microsoft

Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 22:24 - 2014-03-06 10:39 - 00033792 _____ (Microsoft

Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 22:24 - 2014-03-06 10:32 - 02724864 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-29 22:24 - 2014-03-06 10:32 - 00574976 _____ (Microsoft

Corporation) C:\Windows\system32\ieui.dll
2014-04-29 22:24 - 2014-03-06 10:29 - 00139264 _____ (Microsoft

Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 22:24 - 2014-03-06 10:29 - 00111616 _____ (Microsoft

Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 22:24 - 2014-03-06 10:28 - 00752640 _____ (Microsoft

Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 22:24 - 2014-03-06 10:15 - 00940032 _____ (Microsoft

Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 22:24 - 2014-03-06 10:11 - 05784064 _____ (Microsoft

Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 22:24 - 2014-03-06 10:09 - 00453120 _____ (Microsoft

Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 22:24 - 2014-03-06 10:03 - 00586240 _____ (Microsoft

Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 22:24 - 2014-03-06 10:02 - 00455168 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 22:24 - 2014-03-06 10:02 - 00061952 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 22:24 - 2014-03-06 10:01 - 00051200 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 22:24 - 2014-03-06 09:56 - 00038400 _____ (Microsoft

Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 22:24 - 2014-03-06 09:48 - 00195584 _____ (Microsoft

Corporation) C:\Windows\system32\msrating.dll
2014-04-29 22:24 - 2014-03-06 09:47 - 02178048 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 22:24 - 2014-03-06 09:46 - 04254720 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 22:24 - 2014-03-06 09:46 - 00043008 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 22:24 - 2014-03-06 09:45 - 00032768 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 22:24 - 2014-03-06 09:42 - 00296960 _____ (Microsoft

Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 22:24 - 2014-03-06 09:40 - 00440832 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 22:24 - 2014-03-06 09:38 - 00112128 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 22:24 - 2014-03-06 09:36 - 00592896 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 22:24 - 2014-03-06 09:22 - 00367616 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 22:24 - 2014-03-06 09:21 - 00628736 _____ (Microsoft

Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 22:24 - 2014-03-06 09:13 - 00032256 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 22:24 - 2014-03-06 09:11 - 02043904 _____ (Microsoft

Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 22:24 - 2014-03-06 09:07 - 00164864 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 22:24 - 2014-03-06 09:01 - 00244224 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 22:24 - 2014-03-06 08:53 - 13551104 _____ (Microsoft

Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 22:24 - 2014-03-06 08:46 - 00524288 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 22:24 - 2014-03-06 08:40 - 01967104 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 22:24 - 2014-03-06 08:36 - 11745792 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 22:24 - 2014-03-06 08:22 - 02260480 _____ (Microsoft

Corporation) C:\Windows\system32\wininet.dll
2014-04-29 22:24 - 2014-03-06 07:58 - 01400832 _____ (Microsoft

Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 22:24 - 2014-03-06 07:50 - 00846336 _____ (Microsoft

Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 22:24 - 2014-03-06 07:43 - 00704512 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 22:24 - 2014-03-06 07:41 - 01789440 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 22:24 - 2014-03-06 07:36 - 01143808 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-29 21:22 - 2014-04-29 21:22 - 00000000 ____D () C:\Users\\Desktop

\Game.of.Thrones.S04E04.720p.HDTV.x264-KILLERS._www.Undertexter.se
2014-04-27 23:56 - 2014-04-27 23:56 - 00000000 ____D () C:\Users\\Desktop

\Person.of.Interest.S03E20.720p.HDTV.x264-DIMENSION._www.Undertexter.se
2014-04-27 23:51 - 2014-04-27 23:51 - 00000000 ____D () C:\Users\\Desktop

\Vikings.S02E09.The.Choice.1080p.WEB-DL.DD5.1.H.264-

CtrlHD._www.Undertexter.se
2014-04-25 15:31 - 2014-04-25 15:31 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Java
2014-04-25 15:31 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation)

C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-25 15:31 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation)

C:\Windows\SysWOW64\javaws.exe
2014-04-25 15:31 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation)

C:\Windows\SysWOW64\javaw.exe
2014-04-25 15:31 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation)

C:\Windows\SysWOW64\java.exe
2014-04-25 15:30 - 2014-04-25 15:31 - 00004231 _____ () C:\Windows

\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-09 17:24 - 2014-02-04 04:35 - 00274880 _____ (Microsoft

Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 17:24 - 2014-02-04 04:35 - 00190912 _____ (Microsoft

Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 17:24 - 2014-02-04 04:35 - 00027584 _____ (Microsoft

Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 17:24 - 2014-02-04 04:28 - 00002048 _____ (Microsoft

Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 17:24 - 2014-02-04 04:00 - 00002048 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 17:19 - 2014-03-04 11:44 - 01163264 _____ (Microsoft

Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 17:19 - 2014-03-04 11:44 - 00362496 _____ (Microsoft

Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 17:19 - 2014-03-04 11:44 - 00243712 _____ (Microsoft

Corporation) C:\Windows\system32\wow64.dll
2014-04-09 17:19 - 2014-03-04 11:44 - 00016384 _____ (Microsoft

Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 17:19 - 2014-03-04 11:44 - 00013312 _____ (Microsoft

Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 17:19 - 2014-03-04 11:17 - 00014336 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 17:19 - 2014-03-04 11:16 - 01114112 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 17:19 - 2014-03-04 11:16 - 00025600 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 17:19 - 2014-03-04 11:16 - 00005120 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 17:19 - 2014-03-04 10:09 - 00007680 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 17:19 - 2014-03-04 10:09 - 00002048 _____ (Microsoft

Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 17:18 - 2014-01-24 04:37 - 01684928 _____ (Microsoft

Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 22:13 - 2014-04-07 22:13 - 00000000 ____D () C:\Users\

\Documents\Electronic Arts
2014-04-07 22:13 - 2014-04-07 22:13 - 00000000 ____D () C:\Users\\AppData

\Local\Electronic Arts
2014-04-07 21:52 - 2014-04-07 21:52 - 00000735 _____ () C:\Users\Public

\Desktop\Dead Space.lnk
2014-04-07 21:52 - 2014-04-07 21:52 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Dead Space
2014-04-07 18:21 - 2014-04-07 18:21 - 03822704 _____ () C:\Users\\Desktop

\battlelog-web-plugins_2.3.2_133.exe

==================== One Month Modified Files and Folders =======

2014-05-02 08:47 - 2014-05-02 08:47 - 00021850 _____ () C:\Users\\Desktop

\FRST.txt
2014-05-02 08:47 - 2014-05-02 08:46 - 00000000 ____D () C:\FRST
2014-05-02 08:46 - 2014-05-02 08:45 - 02062336 _____ (Farbar) C:\Users\

\Desktop\FRST64.exe
2014-05-02 08:44 - 2013-07-24 00:10 - 01219443 _____ () C:\Windows

\WindowsUpdate.log
2014-05-02 08:43 - 2014-01-25 22:21 - 00000000 ____D () C:\Program Files

\Screenshots
2014-05-02 08:32 - 2011-11-13 14:14 - 00001036 _____ () C:\Windows\Tasks

\GoogleUpdateTaskUserS-1-5-21-1521310780-587458791-887972967-1000UA.job
2014-05-02 08:17 - 2014-05-01 21:39 - 00003011 _____ () C:\Users\\Desktop

\HiJackThis.lnk
2014-05-02 08:07 - 2014-03-07 16:55 - 00000868 _____ () C:\Windows\Tasks

\Adobe Flash Player Updater.job
2014-05-02 07:55 - 2012-08-25 10:22 - 00001008 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineUA.job
2014-05-02 07:53 - 2014-05-01 07:52 - 00000386 _____ () C:\Windows\Tasks

\PassShow_wd.job
2014-05-02 07:42 - 2014-02-11 19:25 - 00000396 _____ () C:\Windows\Tasks

\PassShow Update.job
2014-05-02 00:37 - 2009-07-14 09:43 - 00675230 _____ () C:\Windows

\system32\perfh01D.dat
2014-05-02 00:37 - 2009-07-14 09:43 - 00146370 _____ () C:\Windows

\system32\perfc01D.dat
2014-05-02 00:37 - 2009-07-14 07:13 - 01611518 _____ () C:\Windows

\system32\PerfStringBackup.INI
2014-05-02 00:35 - 2014-05-02 00:35 - 00000000 __SHD () C:\Users\\AppData

\Local\EmieUserList
2014-05-02 00:35 - 2014-05-02 00:35 - 00000000 __SHD () C:\Users\\AppData

\Local\EmieSiteList
2014-05-01 23:34 - 2014-05-01 23:34 - 00000000 ____D () C:\Users\

\Documents\ProcAlyzer Dumps
2014-05-01 23:34 - 2014-05-01 22:27 - 00000000 ____D () C:\ProgramData

\Spybot - Search & Destroy
2014-05-01 22:29 - 2014-05-01 22:27 - 00000000 ____D () C:\Program Files

(x86)\Spybot - Search & Destroy 2
2014-05-01 22:27 - 2014-05-01 22:27 - 00001391 _____ () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-01 22:27 - 2014-05-01 22:27 - 00001379 _____ () C:\Users\Public

\Desktop\Spybot-S&D Start Center.lnk
2014-05-01 22:27 - 2014-05-01 22:27 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-01 22:26 - 2014-05-01 22:25 - 46392680 _____ (Safer-Networking Ltd.

) C:\Users\\Desktop\spybot-2.3.exe
2014-05-01 21:39 - 2014-05-01 21:39 - 01402880 _____ () C:\Users\\Desktop

\HiJackThis.msi
2014-05-01 21:39 - 2014-05-01 21:39 - 00000000 ____D () C:\Program Files

(x86)\Trend Micro
2014-05-01 21:39 - 2012-01-22 17:16 - 00000000 ____D () C:\Users\\AppData

\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-05-01 21:09 - 2014-01-05 22:37 - 00000000 ____D () C:\Users\\AppData

\Roaming\vlc
2014-05-01 15:55 - 2012-08-25 10:22 - 00001004 _____ () C:\Windows\Tasks

\GoogleUpdateTaskMachineCore.job
2014-05-01 15:32 - 2011-11-13 14:14 - 00000984 _____ () C:\Windows\Tasks

\GoogleUpdateTaskUserS-1-5-21-1521310780-587458791-887972967-1000Core.job
2014-05-01 08:32 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows

\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-

8115-601632D005A0
2014-05-01 08:32 - 2009-07-14 06:45 - 00015152 ____H () C:\Windows

\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-

8115-601632D005A0
2014-05-01 08:25 - 2011-06-23 15:32 - 00000000 ____D () C:\ProgramData

\NVIDIA
2014-05-01 08:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks

\SA.DAT
2014-05-01 08:14 - 2014-05-01 08:14 - 00001702 _____ () C:\Users\\Desktop

\JRT.txt
2014-05-01 08:08 - 2011-06-23 21:07 - 00000000 ____D () C:\Program Files

\CCleaner
2014-05-01 08:01 - 2012-03-14 21:19 - 00000000 ____D () C:\Users\\AppData

\Roaming\uTorrent
2014-05-01 07:52 - 2014-05-01 07:52 - 00002990 _____ () C:\Windows

\System32\Tasks\PassShow_wd
2014-05-01 07:52 - 2014-05-01 07:52 - 00000000 ____D () C:\Program Files

(x86)\PassShow
2014-05-01 07:52 - 2014-02-11 19:25 - 00003060 _____ () C:\Windows

\System32\Tasks\PassShow Update
2014-04-30 21:19 - 2011-07-03 09:20 - 00000000 ____D () C:\Users\\AppData

\Roaming\Spotify
2014-04-30 15:16 - 2012-09-25 21:54 - 00000000 ____D () C:\Windows\rescache
2014-04-30 14:19 - 2013-04-26 12:41 - 00000000 ____D () C:\Users\\AppData

\Local\Spotify
2014-04-29 23:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows

\PolicyDefinitions
2014-04-29 21:22 - 2014-04-29 21:22 - 00000000 ____D () C:\Users\\Desktop

\Game.of.Thrones.S04E04.720p.HDTV.x264-KILLERS._www.Undertexter.se
2014-04-28 21:07 - 2014-03-07 16:55 - 00003806 _____ () C:\Windows

\System32\Tasks\Adobe Flash Player Updater
2014-04-28 21:07 - 2012-04-02 07:32 - 00692400 _____ (Adobe Systems

Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-28 21:07 - 2011-06-23 18:25 - 00070832 _____ (Adobe Systems

Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-27 23:56 - 2014-04-27 23:56 - 00000000 ____D () C:\Users\\Desktop

\Person.of.Interest.S03E20.720p.HDTV.x264-DIMENSION._www.Undertexter.se
2014-04-27 23:51 - 2014-04-27 23:51 - 00000000 ____D () C:\Users\\Desktop

\Vikings.S02E09.The.Choice.1080p.WEB-DL.DD5.1.H.264-

CtrlHD._www.Undertexter.se
2014-04-27 23:46 - 2011-10-02 13:47 - 00000000 ____D () C:\ProgramData

\Origin
2014-04-27 21:10 - 2011-10-14 11:39 - 00290184 _____ () C:\Windows

\SysWOW64\PnkBstrB.exe
2014-04-27 21:10 - 2011-06-25 16:26 - 00290184 _____ () C:\Windows

\SysWOW64\PnkBstrB.xtr
2014-04-27 21:09 - 2011-06-25 16:15 - 00291088 _____ () C:\Windows

\SysWOW64\PnkBstrB.ex0
2014-04-27 21:06 - 2011-10-02 13:47 - 00000000 ____D () C:\Program Files

(x86)\Origin
2014-04-25 15:31 - 2014-04-25 15:31 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Java
2014-04-25 15:31 - 2014-04-25 15:30 - 00004231 _____ () C:\Windows

\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-25 15:31 - 2014-01-04 17:43 - 00000000 ____D () C:\ProgramData

\Oracle
2014-04-25 15:31 - 2014-01-04 17:42 - 00000000 ____D () C:\Program Files

(x86)\Java
2014-04-14 20:13 - 2014-04-25 15:31 - 00096168 _____ (Oracle Corporation)

C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-25 15:31 - 00264616 _____ (Oracle Corporation)

C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-25 15:31 - 00175528 _____ (Oracle Corporation)

C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-25 15:31 - 00175016 _____ (Oracle Corporation)

C:\Windows\SysWOW64\java.exe
2014-04-12 15:49 - 2011-08-24 19:24 - 00000000 ____D () C:\Users\\AppData

\Roaming\dvdcss
2014-04-11 19:21 - 2011-09-13 07:51 - 00000000 ____D () C:\Users\\AppData

\Local\Windows Live
2014-04-09 23:21 - 2013-08-15 01:00 - 00000000 ____D () C:\Windows

\system32\MRT
2014-04-09 23:21 - 2012-01-24 22:13 - 00000000 ____D () C:\ProgramData

\Microsoft Help
2014-04-09 23:19 - 2011-06-23 19:30 - 90655440 _____ (Microsoft

Corporation) C:\Windows\system32\MRT.exe
2014-04-07 22:13 - 2014-04-07 22:13 - 00000000 ____D () C:\Users\

\Documents\Electronic Arts
2014-04-07 22:13 - 2014-04-07 22:13 - 00000000 ____D () C:\Users\\AppData

\Local\Electronic Arts
2014-04-07 21:52 - 2014-04-07 21:52 - 00000735 _____ () C:\Users\Public

\Desktop\Dead Space.lnk
2014-04-07 21:52 - 2014-04-07 21:52 - 00000000 ____D () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Dead Space
2014-04-07 21:52 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData

\Microsoft\Windows\Start Menu\Programs\Games
2014-04-07 18:21 - 2014-04-07 18:21 - 03822704 _____ () C:\Users\\Desktop

\battlelog-web-plugins_2.3.2_133.exe
2014-04-07 18:21 - 2011-10-02 15:28 - 00000000 ____D () C:\Program Files

(x86)\Battlelog Web Plugins
2014-04-06 08:36 - 2014-02-01 12:22 - 01016261 _____ (Thisisu) C:\Users\

\Desktop\JRT_NEW.exe
2014-04-03 15:34 - 2013-03-15 17:04 - 00007168 _____ () C:\Users\\AppData

\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-03 15:33 - 2013-10-29 20:46 - 00000349 _____ () C:\Users\Public

\Documents\PCLECHAL.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-29 17:48

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-

2014
Ran by at 2014-05-02 08:48:09
Running from C:\Users\\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Enabled - Up to date)

{5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-

DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-

732D-A930-C1CA5F20A4B0}
AS: Trend Micro Titanium Internet Security (Enabled - Up to date)

{E6557F1C-A101-C9D9-ABCF-CAAB459750C1}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30586 - BitTorrent Inc.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint)

(Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...

\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft

Corporation)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX)

(Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin)

(Version: 13.0.0.206 - Adobe Systems Incorporated)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1)

(Version: - Audacity Team)
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-

37E05087B8C8}) (Version: 5.1.3.2 - Finansiell ID-Teknik BID AB)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF})

(Version: 1.4.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7})

(Version: 1.1.0.1 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-

E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2

- EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version:

3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare 1.7 Patch (x32 Version: - ) Hidden
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710)

(Version: - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: -

Treyarch)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE

GATEWAY Task) (Version: 1.5.0.3 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet

Library for ZoomBrowser EX) (Version: 1.6.1.6 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task)

(Version: 3.2.0.10 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version:

7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...

\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.3 (HKLM-x32\...\DPP) (Version:

3.3.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.3.0.2 -

Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon

Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45

- Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor)

(Version: 1.2.0.1 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...

\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version:

6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX

Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version:

4.3.8.2631 - CDBurnerXP)
Contents (x32 Version: 14.0.1.13 - Corel Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space™ (HKLM-x32\...\{6E6F22D7-8AD6-4A87-9A47-733E6E996F50}) (Version:

1.0.0.222 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

(HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_

{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
DeviceIO (x32 Version: 14.0.1.13 - Corel Corporation) Hidden
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Emil (HKLM-x32\...\Emil) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{310C1558-F6B5-4889-98B0-

7471966BA7F2}) (Version: 2.2.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-

x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO

EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47})

(Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson

Corporation)
EPSON SX525WD Series Printer Uninstall (HKLM\...\EPSON SX525WD Series)

(Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799})

(Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293})

(Version: 3.3a - SEIKO EPSON CORPORATION)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social

Software AB)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social

Software AB)
ffdshow x64 v1.1.3814 [2011-04-11] (HKLM\...\ffdshow64_is1) (Version:

1.1.3814.0 - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1)

(Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit

Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google

Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E})

(Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version:

1.0.0 - Trend Micro)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-

857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF})

(Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: -

)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-

CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (SVE) (Version: 4.5.50938 - Microsoft

Corporation) Hidden
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-

9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation)

Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft

Corporation) Hidden
Microsoft Office Access MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000

- Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR)

(Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Proof (Finnish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Proof (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Proofing (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000

- Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Swedish) 2010 (Version: 14.0.7015.1000

- Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Office Word MUI (Swedish) 2010 (x32 Version: 14.0.7015.1000 -

Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00})

(Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-

B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-

x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 -

Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-

4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-

4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-

497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-

4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-

4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 -

Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...

\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...

\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...

\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...

\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-

x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -

Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...

\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft

Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...

\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft

Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...

\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft

Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version:

11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version:

11.0.60610 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-

8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-

8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA

Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation)

Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA

Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIAs kontrollpanel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
PassShow (HKLM-x32\...\8C914602-36D7-3AE8-6DA0-CE525CDAAA03) (Version: -

PassShow-software) <==== ATTENTION
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8})

(Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Studio Bonus Content (HKLM-x32\...\{FC030CB5-46A6-4229-AD6E-

0AC869F509C8}) (Version: 15.0.0.51 - Pinnacle Systems)
Pinnacle Video-drivrutiner (HKLM\...\{6DE721A5-5E89-4D74-994C-

652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even

Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-

06DFEED9A476}) (Version: 1.00.0022 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...

\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 -

Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 -

Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-

x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448

-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32

Version: - Microsoft) Hidden
Share (x32 Version: 14.0.1.13 - Corel Corporation) Hidden
Share64 (Version: 14.0.1.13 - Corel Corporation) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-

FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version:

1.0.0.0 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-

0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-

5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-

46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-

x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176

-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-

x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176

-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-

x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_

{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-

x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_

{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-

4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...

\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-

4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-

4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-

4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-

4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...

\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-

439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-

439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-

4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-

40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-

4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...

\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-

4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...

\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-

4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-

4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...

\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-

47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-

47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...

\{90140000-001A-041D-0000-0000000FF1CE}_Office14.PROPLUSR_{6D7DEB21-7536-

421F-9A37-D599F5D7920B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-

427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-

x32\...\{90140000-0018-041D-0000-0000000FF1CE}_Office14.PROPLUSR_{EC04A626

-7160-4E90-BD93-4226EFBDB5F9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-

x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82

-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

(HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_

{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

(HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_

{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...

\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-

4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-

x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83

-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 -

Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version:

15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft

Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft

Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft

Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft

Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 -

Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation)

Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft

Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation)

Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft

Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation)

Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft

Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 -

Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft

Corporation) Hidden
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar

GmbH)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 -

VideoLAN)

==================== Restore Points =========================

01-05-2014 07:01:49 Schemalagd kontrollpunkt
01-05-2014 22:08:48 TITANUIMRES

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows

\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02E70707-8D26-49B1-BCAD-6A29D3ABB953} - System32\Tasks\{19F87C4F-

16ED-4C0F-A752-2E5A5F0E3775} => D:\Spel\CoD4\iw3mp.exe
Task: {26876944-40D2-4077-97A7-657F987A3F7B} - System32\Tasks\Adobe Flash

Player Updater => C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: {3066D6B7-3F6B-4A88-B23B-22C5AF8ADE21} - System32\Tasks\{50C6B351-

602C-460A-8729-BCD19E367A06} => D:\Spel\CoD4\iw3mp.exe
Task: {32EC37AE-4BC1-4EA4-B863-4AC427D2A232} - System32\Tasks\Titanium BTC

=> C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2013-08-27]

(Trend Micro Inc.)
Task: {4BA196C8-C694-47F1-A48E-FE4F1EB177CA} - System32\Tasks\{0680CAE7-

45AC-41DA-BE24-3FE9B55BB9EA} => C:\Program Files (x86)\Activision\Call of

Duty 4 - Modern Warfare\iw3mp.exe
Task: {5EF68C90-86CF-4930-BCE7-6659C0713A19} - System32\Tasks\{7F77EAF3-

ED98-49C9-9804-6C2BB871C696} => D:\Spel\CoD4\iw3mp.exe
Task: {5F9C8E46-60EE-4E00-840B-7DBC16528F18} - System32\Tasks\{64293FC0-

A411-4B54-B97A-08AD6D3B6D29} => C:\Program Files (x86)\Activision\Call of

Duty 4 - Modern Warfare\iw3mp.exe
Task: {677B199D-3A86-42D2-B727-DD35D6D65BA3} - System32\Tasks

\GoogleUpdateTaskUserS-1-5-21-1521310780-587458791-887972967-1000Core =>

C:\Users\\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13] (Google

Inc.)
Task: {6C0744FE-12B1-40B5-98DB-323037BE090C} - System32\Tasks\{77D546B5-

8413-47F6-AA38-33A1774C0116} => D:\Spel\CoD4\iw3mp.exe
Task: {727D5EF1-0457-4C11-8CD7-160A5A31B823} - System32\Tasks

\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17]

(Piriform Ltd)
Task: {96CD5B6A-9424-4EE1-B0C7-CE1585E790F9} - System32\Tasks\PassShow_wd

=> C:\Program Files (x86)\PassShow\PassShowqEvqTw.exe [2014-05-01] () <====

ATTENTION
Task: {B5AEDF90-4D36-4721-AA5E-D71BE2CBE1A1} - System32\Tasks\{B86E1395-

4481-46DE-9F2F-95DA692D0FDD} => C:\Program Files (x86)\Activision\Call of

Duty 4 - Modern Warfare\iw3mp.exe
Task: {C96ADFB7-3C0D-42D7-B2A9-7512F575B68E} - System32\Tasks\PassShow

Update => C:\Program Files (x86)\PassShow\PassShowqEv.exe [2014-05-01] ()

<==== ATTENTION
Task: {EFD5E285-4AD1-43DE-AE5B-5AF278832AA4} - System32\Tasks

\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: {FB06FA1E-554B-4082-B62E-7841CE5C55C3} - System32\Tasks

\GoogleUpdateTaskUserS-1-5-21-1521310780-587458791-887972967-1000UA => C:

\Users\\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-13] (Google

Inc.)
Task: {FD703C96-D80A-4AA3-997F-5CE22CB7FDB8} - System32\Tasks

\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2012-08-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files

(x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1521310780-587458791-

887972967-1000Core.job => C:\Users\\AppData\Local\Google\Update

\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1521310780-587458791-

887972967-1000UA.job => C:\Users\\AppData\Local\Google\Update

\GoogleUpdate.exe
Task: C:\Windows\Tasks\PassShow Update.job => C:\Program Files

(x86)\PassShow\PassShowqEv.exe <==== ATTENTION
Task: C:\Windows\Tasks\PassShow_wd.job => C:\Program Files (x86)\PassShow

\PassShowqEvqTw.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-09-27 18:04 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files

\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files

\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-06-23 21:25 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files

\WinRAR\rarext.dll
2013-10-13 08:41 - 2013-01-16 04:19 - 00048128 _____ () C:\Program Files

\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2013-10-13 08:41 - 2013-04-02 06:25 - 00675840 _____ () C:\Program Files

\Trend Micro\AMSP\sqlite3.dll
2013-10-13 08:41 - 2013-01-16 04:23 - 00058368 _____ () C:\Program Files

\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2013-10-13 08:41 - 2012-12-18 22:06 - 01300480 _____ () C:\Program Files

\Trend Micro\AMSP\libprotobuf.dll
2013-10-13 08:41 - 2013-01-16 04:19 - 00018944 _____ () C:\Program Files

\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2013-10-13 08:33 - 2013-07-23 17:28 - 00247352 _____ () C:\Program Files

\Trend Micro\UniClient\plugins\LUADLL.dll
2014-05-01 07:52 - 2014-05-01 07:52 - 00077312 _____ () C:\Program Files

(x86)\PassShow\PassShowqEvqTw.exe
2014-01-09 17:48 - 2013-12-18 15:33 - 00057584 _____ () C:\Program Files

\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2014-05-01 07:52 - 2014-05-01 07:52 - 00142336 _____ () C:\Program Files

(x86)\PassShow\PassShowqEv161.exe
2011-10-14 11:39 - 2013-10-31 04:29 - 00076888 _____ () C:\Windows

\SysWOW64\PnkBstrA.exe
2014-05-01 07:52 - 2014-05-01 07:52 - 00133120 _____ () C:\Program Files

(x86)\PassShow\PassShowqEv161.dll
2013-10-15 16:54 - 2013-08-29 09:58 - 00882584 _____ () C:\Program Files

\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\WLMailApiCore.dll
2014-05-01 22:27 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files

(x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-01 22:27 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files

(x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-01 22:27 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files

(x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-01 22:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files

(x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-01 22:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files

(x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp =>

""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys =>

""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp =>

""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys =>

""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start

Menu^Programs^Startup^BankID säkerhetsprogram.lnk => C:\Windows\pss\BankID

säkerhetsprogram.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start

Menu^Programs^Startup^Personal.lnk => C:\Windows\pss

\Personal.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files

\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files

\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office

\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson

Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON SX525WD Series => C:\Windows\system32\spool

\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_SF0F2.tmp" /EF "HKCU"
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: Google Update => "C:\Users\\AppData\Local\Google

\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes

\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies

\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies

\KiesTrayAgent.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas

Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime

\QTTask.exe" -atboottime
MSCONFIG\startupreg: Spotify => "C:\Users\\AppData\Roaming\Spotify

\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\\AppData\Roaming

\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common

Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/02/2014 00:08:48 AM) (Source: VSS) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när

gränssnittet IVssWriterCallback skulle erhållas. hr = 0x80070005, Åtkomst

nekad.
.
Det orsakas ofta av inkorrekta säkerhetsinställningar i processen för

antingen skrivaren eller beställaren.

Åtgärd:
Samlar in skrivardata

Kontext:
Skrivarklass-ID: {e8132975-6f93-

4464-a53e-1050253ae220}
Skrivarnamn: System Writer
Skrivarinstans-ID:

{05483f3a-838c-4006-a7ee-7985b4640c58}

System errors:
=============
Error: (05/01/2014 08:27:33 AM) (Source: Service Control Manager) (User: )
Description: Tjänsten NVIDIA Update Service Daemon kunde inte startas på

grund av följande fel:
%%1069

Error: (05/01/2014 08:27:33 AM) (Source: Service Control Manager) (User: )
Description: Tjänsten nvUpdatusService kunde inte logga in som .

\UpdatusUser med det för närvarande konfigurerade lösenordet på grund av

följande fel:
%%1330

Kontrollera att tjänsten är korrekt konfigurerad med hjälp av snapin-

modulen Tjänster i MMC (Microsoft Management Console).

Error: (05/01/2014 08:26:20 AM) (Source: DCOM) (User: NT instans)
Description: programspecifikLokalStarta{C97FCC79-E628-407D-AE68-

A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT instansSYSTEMS-1-5-

18LocalHost (med LRPC)

Microsoft Office Sessions:
=========================
Error: (05/02/2014 00:08:48 AM) (Source: VSS)(User: )
Description: 0x80070005, Åtkomst nekad.

Åtgärd:
Samlar in skrivardata

Kontext:
Skrivarklass-ID: {e8132975-6f93-

4464-a53e-1050253ae220}
Skrivarnamn: System Writer
Skrivarinstans-ID:

{05483f3a-838c-4006-a7ee-7985b4640c58}

CodeIntegrity Errors:
===================================
Date: 2011-11-01 20:30:24.848
Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Users\MA~1\AppData\Local\Temp\OnlineScanner\Anti-

Virus\fsgk.sys because file hash could not be found on the system. A recent

hardware or software change might have installed a file that is signed

incorrectly or damaged, or that might be malicious software from an unknown

source.

Date: 2011-11-01 20:30:24.831
Description: Windows is unable to verify the image integrity of the file

\Device\HarddiskVolume1\Users\MA~1\AppData\Local\Temp\OnlineScanner\Anti-

Virus\fsgk.sys because file hash could not be found on the system. A recent

hardware or software change might have installed a file that is signed

incorrectly or damaged, or that might be malicious software from an unknown

source.

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8172.48 MB
Available physical RAM: 5818.36 MB
Total Pagefile: 16343.15 MB
Available Pagefile: 12890.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:127.99 GB) (Free:11.32 GB) NTFS ==>[Drive with

boot components (obtained from BCD)]
Drive d: (Spel) (Fixed) (Total:337.77 GB) (Free:15.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=338 GB) - (Type=07 NTFS)

==================== End Of Log ============================

plastiq · Maj 2, 2014

Efter att ha läst loggen,, får Cecilia ordning på allt blir jag mäkta imponerad. Inte på något sätt illa menat mot någon.

Redigerad Maj 2, 2014 av plastiq

Cecilia · Maj 2, 2014

Om det är möjligt avinstallera "PassShow" i Kontrollpanelens lista över installerade program.

Starta om datorn.

Kör FRST igen, men denna gång får du bifoga loggarna för alla extra radbrytningarna gjorde dem svårlästa och det går inte att enkelt kopiera rader till ett skript.

PassShow: http://www.systemlookup.com/CLSID/81984-157_dll.html

Babbler1 · Maj 2, 2014

Tack för ditt svar!

Jag har avinstallerat PassShow.

Jag har startat om datorn.

Här kommer loggarna!

Som du ser har jag tagit bort mitt namn i loggarna:)

Mvh Babbler

FRST.txt

Addition.txt

Redigerad Maj 2, 2014 av Babbler1

Cecilia · Maj 2, 2014

Ingen orsak

Och i och med avinstallationen har proxy-servern försvunnit också.

1. Det här:

CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

är en mycket gammal Java-version med kända säkerhetshål. Du bör kunna avinstallera den inifrån Chrome.

2. Starta Anteckningar.

Kopiera alla rader i rutan:

URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\MATSMA~1\AppData\Local\Temp\ccex.crx [2014-05-01]
S3 cleanhlp; C:\Users\\EEK\RUN\cleanhlp64.sys [57024 2014-02-08] (Emsisoft GmbH)

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program inklusive Spybot S&D.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

3. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.

Vänta tills sökningen är klar.

Klicka på Report-knappen.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R0].txt

4. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet Remove found threats

Bocka för Scan Archives

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Babbler1 · Maj 2, 2014

Hej!

Tack för ditt svar.

Här kommer loggarna.

Mvh Babbler

AdwCleanerR1.txt

eset.txt

Fixlog.txt

Cecilia · Maj 2, 2014

Hej!

Det var så lite så

Starta Anteckningar.

Kopiera alla rader i rutan:

C:\Users\\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
C:\Users\\AppData\Local\Temp\nsx5D57.tmp

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

Hur står det till med datorn nu?

Redigerad Maj 3, 2014 av Cecilia

Babbler1 · Maj 3, 2014

Hej!

Tack för ditt svar!

Här kommer loggen!

Jag skickar också med en bild som du om du vill kan tyda:)

Jag tycker att det är lite skumt med Användarprofiler på min dator.

Jag tycker att datorn funkar bättre nu. Det dyker inte upp en massa pop up-rutor längre när jag surfar.

Jag kunde inte "backa" från en internetsida förrut men nu går det:)

Vet inte om det var adwareprogrammet som störde?

Tack för all hjälp hittils:)

Mvh Babbler

Fixlog.txt

Cecilia · Maj 3, 2014

Hej!

Utmärkt att du inte ser till några underliga popuper längre och det kan mycket väl ha varit annonsprogrammen som påverkade bakåt-funktionen.

När det gäller användarprofiler är jag nog inte rätt person att svara på det. Du kan ju ställa frågan i forumet "Windows 7" så kanske någon som kan sånt bättre ser den.

Nu återstår bara att avinstallera specialprogrammen:

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.
Klicka på Uninstall-knappen.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

3. Avinstallera HijackThis i Kontrollpanelen.

Babbler1 · Maj 3, 2014

Hej!

Tusen tack för hjälpen. Nu verkar datorn funka bra:)

Mvh Babbler

Cecilia · Maj 3, 2014

Bara trevligt att kunna hjälpa till

plastiq · Maj 4, 2014

Impad

Redigerad Maj 4, 2014 av plastiq

Babbler1 · Maj 9, 2014

Hej igen!

Verkar som att jag har fått tillbaka samma problem!

Kan du hjälpa mig igen?

Mvh Babbler

Cecilia · Maj 9, 2014

Hej igen!

Ny logg från FRST och Esets online-skanner, tack.

Spara RougueKiller på Skrivbordet.
För 32-bitars Windows: http://www.adlice.com/softs/roguekiller/RogueKiller.exe
För 64-bitars Windows: http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe
Stäng av alla program.
Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

Vänta tills "Prescan" har avslutats.
Klicka på "Scan"-knappen uppe till höger.
Vänta tills skanningen är klar.
En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.

Babbler1 · Maj 9, 2014

Hej!

Tack för ditt svar!

Här kommer loggarna.

Mvh Babbler

Addition.txt

FRST.txt

RKreport0_S_05092014_182810.txt

Cecilia · Maj 10, 2014

Hittade Esets skanner något?

Kan du beskriva ditt problem lite mer, gärna med bild, och när började det om?

Vad för stor ändring i Windows gjorde du den 4 och 7 maj, väldigt många Windows-filer ändrades de två dagarna?

Vad finns det för program i mappen C:\Program (x86)\Setup Files?

Det ser ut som att du har laddat ner AdwCleaner under fredagen. Hittade programmet något?

Babbler1 · Maj 10, 2014

Hej!

Jag missade Eset!

Jag håller på att scanna just nu.

Så jag svarar från min mobil.

Jag har installerat Windows 8.1 och uppdaterat biosen.

I Setup-mappen ligger biosfilen.

Jag återkommer med Eset-loggen så snart som möjligt.

Mvh Babbler

Babbler1 · Maj 10, 2014

Hej!

Här kommer loggen!

Mvh Babbler

eset.txt

Cecilia · Maj 10, 2014

Det Esets skanner hittade ligger dels i mappen Windows.old som inte används och dels är det installationsfilen för CCleaner.

Kan du beskriva mer detaljerat vad du har för problem?

Babbler1 · Maj 10, 2014

Det känns segt att surfa. Den står och laddar i ca 15 sek innan jag kan scrolla med musen osv på en sida.

Ibland blir det typ ett konstigt mönster (när jag scrollar) som "ligger" ovanpå det som skulle visats på just den sidan.

Känns inte ok!

Vad skall jag göra med windows.old-mappen?

Mvh Babbler

Cecilia · Maj 10, 2014

Är det så med alla tre webbläsarna?

Vad får du för resultat på Bredbandskollen, både tid och hastighet är intressant?

Bifoga gärna en bild av det "konstiga mönstret".

Windows.old behöver du inte göra något åt, jag skulle tro att där finns en del från Windows 8 eller tidigare Windows-installation som en sorts backup/säkerhetskopia.

Babbler1 · Maj 10, 2014

Hej!

Just nu går det bättre?

Bredbandskollen däremot gick dåligt.

Jag har 8/1 hos Telia. Har alltid bra resultat från Bredbanskollen, men inte nu.

Här kommer en bild från Bredbandskollen.

Mvh Babbler

HijackThis-logg

Recommended Posts

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Länk till kommentar

Dela på andra webbplatser

Delta i dialogen