Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer keep restarting and I cannot run in Safe Mode with command prompt


  • This topic is locked This topic is locked
10 replies to this topic

#1 bomiba67

bomiba67

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 17 February 2014 - 03:15 PM

Hi all!
I have big problems with one of my computers; when I login Windows Explorer almost immediately crashes and restart.
After a few seconds this is repeated, continuously.
I have downloaded FRST and run the scan feature.
Please find the attached "FRST.txt" file.
Thanks in advance.
/bomiba

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by SYSTEM on MININT-2TJ49TG on 17-02-2014 20:22:08
Running from L:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-25] ()
HKLM-x32\...\RunOnce: [Discount Dragon-repairJob] - wscript.exe "C:\Users\Örjan\AppData\Local\Discount Dragon\repair.js" "Discount Dragon-repairJob" [1846 2013-12-18] ()
HKLM-x32\...\RunOnce: [upfst_se_25.exe] - C:\Users\Örjan\AppData\Local\fst_se_25\upfst_se_25.exe -runonce [3153864 2013-12-31] ()
HKU\Margareta\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Margareta\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Privat\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Privat\...\RunOnce: [WAB Migrate] - C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Örjan\...\Run: [Spotify Web Helper] - C:\Users\Örjan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-26] (Spotify Ltd)
HKU\Örjan\...\Run: [BearShare] - "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
HKU\Örjan\...\Run: [iLivid] - "C:\Users\Örjan\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\Örjan\...\Run: [Driver Pro] - C:\Program Files (x86)\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => File Not Found
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll => File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Örjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Örjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2010.lnk
ShortcutTarget: Skärmurklipp och start för OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-22] (Adobe Systems Incorporated)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-05] (Hewlett-Packard)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-02-06] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-01] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-01] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140130.001\IDSvia64.sys [521944 2014-01-18] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140130.023\ENG64.SYS [126040 2014-01-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140130.023\EX64.SYS [2099288 2014-01-01] (Symantec Corporation)
S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [98304 2008-07-31] (OEM)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-01-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
S1 jumngrnr; \??\C:\Windows\system32\drivers\jumngrnr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 20:21 - 2014-02-17 20:22 - 00000000 ____D () C:\FRST
2014-02-17 10:53 - 2014-02-17 10:55 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-17 10:52 - 2014-02-17 10:52 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro (2).exe
2014-02-17 10:51 - 2014-02-17 10:52 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro (1).exe
2014-02-17 10:51 - 2014-02-17 10:51 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro.exe
2014-02-15 03:54 - 2014-02-15 03:54 - 00000272 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{70D4D7E4-ED33-414E-B6B9-438A3250124C}.job
2014-02-15 03:53 - 2014-02-15 03:53 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\Malwarebytes
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-15 03:53 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-02-12 01:25 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-12 01:25 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-12 01:25 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-12 01:25 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-12 01:25 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-12 01:25 - 2014-02-06 03:06 - 00048640 _____ () C:\Windows\System32\ieetwproxystub.dll
2014-02-12 01:25 - 2014-02-06 02:57 - 00053760 _____ () C:\Windows\System32\jsproxy.dll
2014-02-12 01:25 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-12 01:25 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-12 01:25 - 2014-02-06 02:49 - 00139264 _____ () C:\Windows\System32\ieUnatt.exe
2014-02-12 01:25 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-12 01:25 - 2014-02-06 02:48 - 00111616 _____ () C:\Windows\System32\ieetwcollector.exe
2014-02-12 01:25 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 01:25 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-12 01:25 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 01:25 - 2014-02-06 02:17 - 00195584 _____ () C:\Windows\System32\msrating.dll
2014-02-12 01:25 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-12 01:25 - 2014-02-06 02:01 - 00061952 _____ () C:\Windows\SysWOW64\iesetup.dll
2014-02-12 01:25 - 2014-02-06 02:00 - 00051200 _____ () C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 01:25 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 01:25 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-12 01:25 - 2014-02-06 01:52 - 00043008 _____ () C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 01:25 - 2014-02-06 01:52 - 00032768 _____ () C:\Windows\SysWOW64\iernonce.dll
2014-02-12 01:25 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-12 01:25 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 01:25 - 2014-02-06 01:47 - 00112128 _____ () C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 01:25 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 01:25 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 01:25 - 2014-02-06 01:25 - 00164864 _____ () C:\Windows\SysWOW64\msrating.dll
2014-02-12 01:25 - 2014-02-06 01:24 - 02334208 _____ () C:\Windows\System32\wininet.dll
2014-02-12 01:25 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-12 01:25 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 01:25 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 01:25 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 01:25 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-12 01:25 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 01:25 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-12 01:25 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 01:25 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 01859497 _____ () C:\Users\Örjan\Desktop\Namnlöst-3.psd
2014-02-11 08:03 - 2014-02-11 08:05 - 00000000 ____D () C:\Users\Örjan\Desktop\Bengt Englund
2014-02-10 05:25 - 2014-02-10 05:25 - 00000000 ____D () C:\Users\Örjan\Desktop\Storskolan klass 5 o 6
2014-02-07 09:35 - 2014-02-07 09:35 - 05498679 _____ () C:\Users\Örjan\Desktop\Kopia studentfoto 1967.psd
2014-02-07 07:36 - 2014-02-07 07:36 - 00000815 _____ () C:\Users\Örjan\Desktop\Gymnasium.lnk
2014-02-06 06:33 - 2014-02-06 06:33 - 02002216 _____ (PC Drivers HeadQuarters) C:\Users\Örjan\Downloads\DriverDetective.exe
2014-02-06 06:22 - 2014-02-06 06:30 - 00000000 ____D () C:\Users\Örjan\Desktop\Ekeby HC
2014-02-06 06:18 - 2014-02-06 06:19 - 01973800 _____ (PCRx.com, LLC ) C:\Users\Örjan\Downloads\PCRxSetup (1).exe
2014-02-06 06:17 - 2014-02-06 06:18 - 01973800 _____ (PCRx.com, LLC ) C:\Users\Örjan\Downloads\PCRxSetup.exe
2014-02-05 23:47 - 2014-02-05 23:47 - 00000723 _____ () C:\Users\Örjan\Desktop\Bröllopsfoton och andra fina.lnk
2014-02-05 05:19 - 2014-02-05 05:20 - 00000000 ____D () C:\Users\Örjan\Desktop\Div Bilder
2014-02-03 22:55 - 2014-02-04 23:28 - 00000000 ____D () C:\ProgramData\WPM
2014-02-03 22:55 - 2014-02-04 23:26 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-03 22:53 - 2014-02-03 22:53 - 00000000 _____ () C:\END
2014-02-03 05:50 - 2014-02-05 10:21 - 00000000 ____D () C:\Users\Örjan\Desktop\TURIP
2014-02-03 04:37 - 2014-02-03 04:37 - 00000000 ____D () C:\Users\Örjan\Desktop\Einstein
2014-01-31 08:18 - 2014-01-31 08:18 - 00000000 ____D () C:\Users\Örjan\Desktop\SI system
2014-01-31 01:09 - 2014-02-15 04:28 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-01-31 01:09 - 2014-01-31 01:09 - 00003240 _____ () C:\Windows\System32\Tasks\bench-sys
2014-01-31 01:09 - 2014-01-31 01:09 - 00003218 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-3269205654-4152037324-689232134-1001
2014-01-31 01:09 - 2014-01-31 01:09 - 00000848 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 01:09 - 2014-01-31 01:09 - 00000000 ____D () C:\Users\Örjan\AppData\Local\Discount Dragon
2014-01-31 00:59 - 2014-01-31 01:14 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\systweak
2014-01-31 00:59 - 2012-01-20 05:14 - 00018816 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2014-01-28 09:33 - 2014-01-28 09:33 - 00003696 _____ () C:\Users\Örjan\Downloads\Mejllogga-mindre
2014-01-28 01:53 - 2014-01-29 04:26 - 00000000 ____D () C:\Users\Örjan\Desktop\E Kumlien
2014-01-27 06:20 - 2014-01-29 04:10 - 00000000 ____D () C:\Users\Örjan\Desktop\Celldiff
2014-01-18 04:58 - 2014-01-18 04:59 - 00000000 ____D () C:\Users\Örjan\Desktop\Till Staffan
2014-01-18 04:16 - 2014-02-09 01:50 - 00000000 ____D () C:\Users\Örjan\Desktop\HOCKEY

==================== One Month Modified Files and Folders =======

2014-02-17 20:22 - 2014-02-17 20:21 - 00000000 ____D () C:\FRST
2014-02-17 20:18 - 2013-06-27 19:24 - 00000000 ____D () C:\ProgramData\Recovery
2014-02-17 11:14 - 2014-01-05 01:56 - 00000000 ____D () C:\Users\Örjan\AppData\Local\fst_se_25
2014-02-17 11:14 - 2013-11-26 09:07 - 00000000 ____D () C:\Users\Örjan\AppData\Local\CrashDumps
2014-02-17 11:14 - 2011-04-20 15:28 - 01181834 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 11:14 - 2009-07-13 21:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-17 11:14 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 11:14 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-17 11:11 - 2013-08-15 04:57 - 00000268 _____ () C:\Windows\Tasks\spmonitor.job
2014-02-17 11:11 - 2013-08-15 04:57 - 00000258 _____ () C:\Windows\Tasks\SpeedUpMyPC.job
2014-02-17 11:11 - 2013-06-27 12:55 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 11:10 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 11:10 - 2009-07-13 20:51 - 00056404 _____ () C:\Windows\setupact.log
2014-02-17 10:56 - 2013-12-04 01:14 - 00029369 _____ () C:\Users\Örjan\daemonprocess.txt
2014-02-17 10:55 - 2014-02-17 10:53 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-17 10:55 - 2013-07-12 00:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-17 10:52 - 2014-02-17 10:52 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro (2).exe
2014-02-17 10:52 - 2014-02-17 10:51 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro (1).exe
2014-02-17 10:51 - 2014-02-17 10:51 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro.exe
2014-02-15 12:44 - 2013-06-27 21:52 - 00000000 ____D () C:\users\Privat
2014-02-15 12:44 - 2013-06-27 21:52 - 00000000 ____D () C:\users\Margareta
2014-02-15 12:44 - 2013-06-27 09:59 - 00000000 ____D () C:\users\Örjan
2014-02-15 12:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-02-15 12:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-15 06:21 - 2013-06-27 18:27 - 01728508 _____ () C:\Windows\PFRO.log
2014-02-15 06:20 - 2013-12-04 01:14 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-15 05:08 - 2013-12-21 06:00 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-02-15 05:05 - 2013-06-28 07:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-15 04:28 - 2014-01-31 01:09 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-02-15 04:27 - 2014-01-05 01:57 - 00000000 ____D () C:\Users\Örjan\AppData\Local\genienext
2014-02-15 04:27 - 2013-12-21 06:00 - 00000000 ____D () C:\ProgramData\Wincert
2014-02-15 04:27 - 2013-11-25 02:03 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\SimplyTech
2014-02-15 04:27 - 2013-08-09 08:48 - 00000000 ____D () C:\ProgramData\eSafe
2014-02-15 04:14 - 2014-01-05 01:56 - 00000000 ____D () C:\Program Files (x86)\fst_se_25
2014-02-15 03:54 - 2014-02-15 03:54 - 00000272 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{70D4D7E4-ED33-414E-B6B9-438A3250124C}.job
2014-02-15 03:53 - 2014-02-15 03:53 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\Malwarebytes
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 12:19 - 2013-06-27 12:55 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 02:20 - 2013-06-28 06:46 - 00003924 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{70D4D7E4-ED33-414E-B6B9-438A3250124C}
2014-02-12 01:32 - 2013-10-31 20:49 - 00000000 ____D () C:\Users\Örjan\Desktop\Mailerna
2014-02-12 01:18 - 2011-04-20 15:44 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-12 00:29 - 2013-07-14 04:50 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 00:09 - 2013-07-14 05:42 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-02-11 23:55 - 2013-10-27 07:18 - 00000000 ____D () C:\Users\Örjan\AppData\Local\Torch
2014-02-11 08:08 - 2014-02-11 08:08 - 01859497 _____ () C:\Users\Örjan\Desktop\Namnlöst-3.psd
2014-02-11 08:05 - 2014-02-11 08:03 - 00000000 ____D () C:\Users\Örjan\Desktop\Bengt Englund
2014-02-11 00:14 - 2013-06-27 12:55 - 00003988 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 00:14 - 2013-06-27 12:55 - 00003736 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-10 23:37 - 2013-06-27 10:04 - 00001389 _____ () C:\Users\Örjan\Desktop\Internet Explorer.lnk
2014-02-10 05:25 - 2014-02-10 05:25 - 00000000 ____D () C:\Users\Örjan\Desktop\Storskolan klass 5 o 6
2014-02-10 05:16 - 2013-07-18 22:47 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForÖrjan
2014-02-10 05:16 - 2013-07-18 22:47 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForÖrjan.job
2014-02-09 08:47 - 2014-01-14 06:38 - 00000000 ____D () C:\Users\Örjan\Desktop\Nya berättelser
2014-02-09 01:50 - 2014-01-18 04:16 - 00000000 ____D () C:\Users\Örjan\Desktop\HOCKEY
2014-02-09 00:32 - 2010-12-14 01:30 - 01114126 _____ () C:\Users\Örjan\Desktop\RAAS.pptx
2014-02-08 05:22 - 2013-08-15 04:52 - 00000000 ____D () C:\Windows\Minidump
2014-02-08 00:32 - 2013-05-13 22:41 - 00000000 ____D () C:\Users\Örjan\Desktop\Örjan
2014-02-07 22:58 - 2013-10-31 20:50 - 00000450 _____ () C:\Users\Örjan\Desktop\Mailerna.lnk
2014-02-07 09:35 - 2014-02-07 09:35 - 05498679 _____ () C:\Users\Örjan\Desktop\Kopia studentfoto 1967.psd
2014-02-07 07:36 - 2014-02-07 07:36 - 00000815 _____ () C:\Users\Örjan\Desktop\Gymnasium.lnk
2014-02-06 06:33 - 2014-02-06 06:33 - 02002216 _____ (PC Drivers HeadQuarters) C:\Users\Örjan\Downloads\DriverDetective.exe
2014-02-06 06:30 - 2014-02-06 06:22 - 00000000 ____D () C:\Users\Örjan\Desktop\Ekeby HC
2014-02-06 06:19 - 2014-02-06 06:18 - 01973800 _____ (PCRx.com, LLC ) C:\Users\Örjan\Downloads\PCRxSetup (1).exe
2014-02-06 06:18 - 2014-02-06 06:17 - 01973800 _____ (PCRx.com, LLC ) C:\Users\Örjan\Downloads\PCRxSetup.exe
2014-02-06 04:16 - 2014-02-12 01:25 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-06 03:30 - 2014-02-12 01:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-06 03:30 - 2014-02-12 01:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-12 01:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-06 03:07 - 2014-02-12 01:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-06 03:06 - 2014-02-12 01:25 - 00048640 _____ () C:\Windows\System32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-12 01:25 - 00053760 _____ () C:\Windows\System32\jsproxy.dll
2014-02-06 02:56 - 2014-02-12 01:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-06 02:52 - 2014-02-12 01:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-06 02:49 - 2014-02-12 01:25 - 00139264 _____ () C:\Windows\System32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-12 01:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-12 01:25 - 00111616 _____ () C:\Windows\System32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-12 01:25 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-12 01:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-12 01:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-12 01:25 - 00195584 _____ () C:\Windows\System32\msrating.dll
2014-02-06 02:11 - 2014-02-12 01:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-06 02:01 - 2014-02-12 01:25 - 00061952 _____ () C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-12 01:25 - 00051200 _____ () C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 01:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-12 01:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-06 01:52 - 2014-02-12 01:25 - 00043008 _____ () C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 01:25 - 00032768 _____ () C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-12 01:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-12 01:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-12 01:25 - 00112128 _____ () C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-12 01:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-12 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-12 01:25 - 00164864 _____ () C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-12 01:25 - 02334208 _____ () C:\Windows\System32\wininet.dll
2014-02-06 01:22 - 2014-02-12 01:25 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-06 01:13 - 2014-02-12 01:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 01:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 01:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-12 01:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-06 00:41 - 2014-02-12 01:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-12 01:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-12 01:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-12 01:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 23:47 - 2014-02-05 23:47 - 00000723 _____ () C:\Users\Örjan\Desktop\Bröllopsfoton och andra fina.lnk
2014-02-05 10:21 - 2014-02-03 05:50 - 00000000 ____D () C:\Users\Örjan\Desktop\TURIP
2014-02-05 06:18 - 2013-12-26 02:37 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-05 05:20 - 2014-02-05 05:19 - 00000000 ____D () C:\Users\Örjan\Desktop\Div Bilder
2014-02-05 05:19 - 2013-12-25 00:14 - 00000000 ____D () C:\Users\Örjan\Desktop\Bilder
2014-02-05 01:12 - 2013-07-14 04:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 01:12 - 2013-07-14 04:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 01:12 - 2013-07-14 04:50 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 23:28 - 2014-02-03 22:55 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 23:26 - 2014-02-03 22:55 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 23:26 - 2012-12-06 09:04 - 00000000 ____D () C:\Users\Örjan\Desktop\Dig Austr NZ
2014-02-04 23:26 - 2011-04-20 15:49 - 00000000 ____D () C:\ProgramData\Norton
2014-02-04 23:26 - 2010-12-19 02:06 - 00000000 ____D () C:\Users\Örjan\Desktop\FOTO
2014-02-04 23:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\spool
2014-02-03 22:53 - 2014-02-03 22:53 - 00000000 _____ () C:\END
2014-02-03 09:09 - 2010-08-25 06:41 - 00000000 ____D () C:\Users\Örjan\Desktop\Släkt
2014-02-03 04:37 - 2014-02-03 04:37 - 00000000 ____D () C:\Users\Örjan\Desktop\Einstein
2014-02-01 06:06 - 2014-01-17 05:12 - 00000000 ____D () C:\Users\Örjan\Desktop\Till Birg
2014-01-31 08:18 - 2014-01-31 08:18 - 00000000 ____D () C:\Users\Örjan\Desktop\SI system
2014-01-31 01:14 - 2014-01-31 00:59 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\systweak
2014-01-31 01:09 - 2014-01-31 01:09 - 00003240 _____ () C:\Windows\System32\Tasks\bench-sys
2014-01-31 01:09 - 2014-01-31 01:09 - 00003218 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-3269205654-4152037324-689232134-1001
2014-01-31 01:09 - 2014-01-31 01:09 - 00000848 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 01:09 - 2014-01-31 01:09 - 00000000 ____D () C:\Users\Örjan\AppData\Local\Discount Dragon
2014-01-31 01:09 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-01-31 01:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-30 00:17 - 2014-01-05 05:47 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-01-29 04:26 - 2014-01-28 01:53 - 00000000 ____D () C:\Users\Örjan\Desktop\E Kumlien
2014-01-29 04:26 - 2013-08-27 23:11 - 00000000 ____D () C:\Users\Örjan\Desktop\Kopiera o bilder
2014-01-29 04:10 - 2014-01-27 06:20 - 00000000 ____D () C:\Users\Örjan\Desktop\Celldiff
2014-01-29 01:01 - 2013-09-01 05:51 - 00000000 ____D () C:\Users\Örjan\Desktop\Inför Nora
2014-01-28 09:33 - 2014-01-28 09:33 - 00003696 _____ () C:\Users\Örjan\Downloads\Mejllogga-mindre
2014-01-25 08:48 - 2014-01-05 04:28 - 00000000 ____D () C:\Users\Örjan\Desktop\Div Program
2014-01-25 05:02 - 2013-08-12 05:19 - 00001456 _____ () C:\Users\Örjan\AppData\Local\Adobe Spara för webben 12.0 Prefs
2014-01-25 04:52 - 2014-01-05 04:21 - 00000000 ___RD () C:\Users\Örjan\Desktop\Norton
2014-01-25 01:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-01-24 09:11 - 2014-01-05 04:39 - 00000634 _____ () C:\Users\Örjan\Desktop\Musikadresser ALLT.doc.lnk
2014-01-24 06:23 - 2014-01-07 00:13 - 00000000 ____D () C:\Users\Örjan\Desktop\MUSIK
2014-01-23 06:20 - 2013-12-01 06:09 - 00000000 ____D () C:\Users\Örjan\Desktop\Skämtmail alla
2014-01-21 01:21 - 2011-04-20 16:00 - 00661494 _____ () C:\Windows\System32\perfh01D.dat
2014-01-21 01:21 - 2011-04-20 16:00 - 00141296 _____ () C:\Windows\System32\perfc01D.dat
2014-01-21 01:21 - 2009-07-13 21:13 - 01573176 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-01-18 04:59 - 2014-01-18 04:58 - 00000000 ____D () C:\Users\Örjan\Desktop\Till Staffan
2014-01-18 00:11 - 2014-01-05 02:39 - 00003139 _____ () C:\Windows\wmsetup.log

Files to move or delete:
====================
C:\Users\Margareta\hpothb07.dat


==================== Known DLLs (Whitelisted) ================

[2014-02-12 01:25] - [2014-02-06 01:24] - 2334208 ____A () C:\Windows\System32\WININET.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-02-08 04:41:03
Restore point made on: 2014-02-10 00:17:56
Restore point made on: 2014-02-10 23:31:22
Restore point made on: 2014-02-12 00:08:40
Restore point made on: 2014-02-12 01:25:24
Restore point made on: 2014-02-12 01:35:19
Restore point made on: 2014-02-14 12:19:58
Restore point made on: 2014-02-15 05:04:41
Restore point made on: 2014-02-17 10:33:41

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 4078.54 MB
Available physical RAM: 3206.39 MB
Total Pagefile: 4076.69 MB
Available Pagefile: 3171.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.94 GB) (Free:618.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:14.6 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: () (Removable) (Total:7.53 GB) (Free:1.32 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 3261C258)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2014-02-14 12:36

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 19 February 2014 - 02:12 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 bomiba67

bomiba67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 18 February 2014 - 02:52 PM

Could somebody please tell me how to proceed with this?

Thanks in advance!

/bomiba



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 AM

Posted 20 February 2014 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
startHKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2013-12-25] ()
HKLM-x32\...\RunOnce: [Discount Dragon-repairJob] - wscript.exe "C:\Users\Örjan\AppData\Local\Discount Dragon\repair.js" "Discount Dragon-repairJob" [1846 2013-12-18] ()
HKLM-x32\...\RunOnce: [upfst_se_25.exe] - C:\Users\Örjan\AppData\Local\fst_se_25\upfst_se_25.exe -runonce [3153864 2013-12-31] ()
HKU\Örjan\...\Run: [iLivid] - "C:\Users\Örjan\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\Örjan\...\Run: [Driver Pro] - C:\Program Files (x86)\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => File Not Found
AppInit_DLLs: C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll => File Not Found
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\MOVIES~1\Datamngr\mgrldr.dll => File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Örjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S1 jumngrnr; \??\C:\Windows\system32\drivers\jumngrnr.sys [X]
C:\Program Files (x86)\Mobogenie
C:\Users\Örjan\AppData\Local\Discount Dragon
C:\Users\Örjan\AppData\Local\fst_se_25
C:\Users\Örjan\AppData\Local\iLivid
C:\Program Files (x86)\Driver Pro
C:\Users\Örjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Movies Toolbar\Datamngr

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normall if you can.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Run the Farbar Recovery Scan in normal mode and post a fresh log.

Please let me know what problem persists.

#4 bomiba67

bomiba67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 20 February 2014 - 12:57 PM

So, here is the first log (Fixlog.txt).

But I cannot start AdwCleaner.exe since Explorer restart every second.

I cannot even manage to start ANY program from desktop or start menu.

Any suggestions how to proceed?

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 AM

Posted 20 February 2014 - 01:47 PM

Can you look at the process manager and stop any process not related to the operating system. f not sure what the process does leave it alone.
===

Run the Farbar Recovery Scan in what ever mode you can and post a fresh log.

#6 bomiba67

bomiba67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 20 February 2014 - 02:59 PM

I have problems deciding which processes are related to the operating systems, since I cannot even right-click the process to open the location.
Nevertheless, I tried to stop all processes that I didn't recognise but I didn't help.
Here is the fresh log from the command prompt in "Repair Computer".
 
ps. I cannot start in any Safe Mode.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by SYSTEM on MININT-JI8KS94 on 20-02-2014 20:50:36
Running from L:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\Margareta\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Margareta\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Privat\...\RunOnce: [DPAPIKeyMig] - C:\Windows\system32\dpapimig.exe [74752 2009-07-13] (Microsoft Corporation)
HKU\Privat\...\RunOnce: [WAB Migrate] - C:\Program Files (x86)\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Örjan\...\Run: [Spotify Web Helper] - C:\Users\Örjan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-26] (Spotify Ltd)
HKU\Örjan\...\Run: [BearShare] - "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
Startup: C:\Users\Örjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2010.lnk
ShortcutTarget: Skärmurklipp och start för OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-22] (Adobe Systems Incorporated)
S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-05] (Hewlett-Packard)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-02-06] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-01] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-01] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140130.001\IDSvia64.sys [521944 2014-01-18] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140130.023\ENG64.SYS [126040 2014-01-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140130.023\EX64.SYS [2099288 2014-01-01] (Symantec Corporation)
S3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [98304 2008-07-31] (OEM)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-01-01] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 20:21 - 2014-02-20 20:50 - 00000000 ____D () C:\FRST
2014-02-17 11:33 - 2014-02-17 11:33 - 00003536 ____N () C:\bootsqm.dat
2014-02-17 11:31 - 2014-02-17 11:31 - 00000000 __SHD () C:\found.000
2014-02-17 10:53 - 2014-02-17 10:55 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-17 10:52 - 2014-02-17 10:52 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro (2).exe
2014-02-17 10:51 - 2014-02-17 10:52 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro (1).exe
2014-02-17 10:51 - 2014-02-17 10:51 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro.exe
2014-02-15 03:54 - 2014-02-15 03:54 - 00000272 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{70D4D7E4-ED33-414E-B6B9-438A3250124C}.job
2014-02-15 03:53 - 2014-02-15 03:53 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\Malwarebytes
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-15 03:53 - 2013-04-04 05:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-02-12 01:25 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-12 01:25 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-12 01:25 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-12 01:25 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-12 01:25 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-12 01:25 - 2014-02-06 03:06 - 00048640 _____ () C:\Windows\System32\ieetwproxystub.dll
2014-02-12 01:25 - 2014-02-06 02:57 - 00053760 _____ () C:\Windows\System32\jsproxy.dll
2014-02-12 01:25 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-12 01:25 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-12 01:25 - 2014-02-06 02:49 - 00139264 _____ () C:\Windows\System32\ieUnatt.exe
2014-02-12 01:25 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-12 01:25 - 2014-02-06 02:48 - 00111616 _____ () C:\Windows\System32\ieetwcollector.exe
2014-02-12 01:25 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 01:25 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-12 01:25 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 01:25 - 2014-02-06 02:17 - 00195584 _____ () C:\Windows\System32\msrating.dll
2014-02-12 01:25 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-12 01:25 - 2014-02-06 02:01 - 00061952 _____ () C:\Windows\SysWOW64\iesetup.dll
2014-02-12 01:25 - 2014-02-06 02:00 - 00051200 _____ () C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 01:25 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 01:25 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-12 01:25 - 2014-02-06 01:52 - 00043008 _____ () C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 01:25 - 2014-02-06 01:52 - 00032768 _____ () C:\Windows\SysWOW64\iernonce.dll
2014-02-12 01:25 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-12 01:25 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 01:25 - 2014-02-06 01:47 - 00112128 _____ () C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 01:25 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 01:25 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 01:25 - 2014-02-06 01:25 - 00164864 _____ () C:\Windows\SysWOW64\msrating.dll
2014-02-12 01:25 - 2014-02-06 01:24 - 02334208 _____ () C:\Windows\System32\wininet.dll
2014-02-12 01:25 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-12 01:25 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 01:25 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 01:25 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 01:25 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-12 01:25 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 01:25 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-12 01:25 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 01:25 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 01859497 _____ () C:\Users\Örjan\Desktop\Namnlöst-3.psd
2014-02-11 08:03 - 2014-02-11 08:05 - 00000000 ____D () C:\Users\Örjan\Desktop\Bengt Englund
2014-02-10 05:25 - 2014-02-10 05:25 - 00000000 ____D () C:\Users\Örjan\Desktop\Storskolan klass 5 o 6
2014-02-07 09:35 - 2014-02-07 09:35 - 05498679 _____ () C:\Users\Örjan\Desktop\Kopia studentfoto 1967.psd
2014-02-07 07:36 - 2014-02-07 07:36 - 00000815 _____ () C:\Users\Örjan\Desktop\Gymnasium.lnk
2014-02-06 06:33 - 2014-02-06 06:33 - 02002216 _____ (PC Drivers HeadQuarters) C:\Users\Örjan\Downloads\DriverDetective.exe
2014-02-06 06:22 - 2014-02-06 06:30 - 00000000 ____D () C:\Users\Örjan\Desktop\Ekeby HC
2014-02-06 06:18 - 2014-02-06 06:19 - 01973800 _____ (PCRx.com, LLC ) C:\Users\Örjan\Downloads\PCRxSetup (1).exe
2014-02-06 06:17 - 2014-02-06 06:18 - 01973800 _____ (PCRx.com, LLC ) C:\Users\Örjan\Downloads\PCRxSetup.exe
2014-02-05 23:47 - 2014-02-05 23:47 - 00000723 _____ () C:\Users\Örjan\Desktop\Bröllopsfoton och andra fina.lnk
2014-02-05 05:19 - 2014-02-05 05:20 - 00000000 ____D () C:\Users\Örjan\Desktop\Div Bilder
2014-02-03 22:55 - 2014-02-04 23:28 - 00000000 ____D () C:\ProgramData\WPM
2014-02-03 22:55 - 2014-02-04 23:26 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-03 22:53 - 2014-02-03 22:53 - 00000000 _____ () C:\END
2014-02-03 05:50 - 2014-02-05 10:21 - 00000000 ____D () C:\Users\Örjan\Desktop\TURIP
2014-02-03 04:37 - 2014-02-03 04:37 - 00000000 ____D () C:\Users\Örjan\Desktop\Einstein
2014-01-31 08:18 - 2014-01-31 08:18 - 00000000 ____D () C:\Users\Örjan\Desktop\SI system
2014-01-31 01:09 - 2014-02-20 09:31 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 01:09 - 2014-02-15 04:28 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-01-31 01:09 - 2014-01-31 01:09 - 00003240 _____ () C:\Windows\System32\Tasks\bench-sys
2014-01-31 01:09 - 2014-01-31 01:09 - 00003218 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-3269205654-4152037324-689232134-1001
2014-01-31 00:59 - 2014-01-31 01:14 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\systweak
2014-01-31 00:59 - 2012-01-20 05:14 - 00018816 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2014-01-28 09:33 - 2014-01-28 09:33 - 00003696 _____ () C:\Users\Örjan\Downloads\Mejllogga-mindre
2014-01-28 01:53 - 2014-01-29 04:26 - 00000000 ____D () C:\Users\Örjan\Desktop\E Kumlien
2014-01-27 06:20 - 2014-01-29 04:10 - 00000000 ____D () C:\Users\Örjan\Desktop\Celldiff

==================== One Month Modified Files and Folders =======

2014-02-20 20:50 - 2014-02-17 20:21 - 00000000 ____D () C:\FRST
2014-02-20 18:28 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-02-20 09:47 - 2013-11-26 09:07 - 00000000 ____D () C:\Users\Örjan\AppData\Local\CrashDumps
2014-02-20 09:44 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-20 09:44 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-20 09:40 - 2011-04-20 15:28 - 00028791 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 09:39 - 2013-08-15 04:57 - 00000268 _____ () C:\Windows\Tasks\spmonitor.job
2014-02-20 09:39 - 2013-08-15 04:57 - 00000258 _____ () C:\Windows\Tasks\SpeedUpMyPC.job
2014-02-20 09:37 - 2013-06-27 12:55 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 09:36 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 09:36 - 2009-07-13 20:51 - 00056628 _____ () C:\Windows\setupact.log
2014-02-20 09:31 - 2014-01-31 01:09 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-02-20 09:24 - 2011-04-20 16:00 - 00661494 _____ () C:\Windows\System32\perfh01D.dat
2014-02-20 09:24 - 2011-04-20 16:00 - 00141296 _____ () C:\Windows\System32\perfc01D.dat
2014-02-20 09:24 - 2009-07-13 21:13 - 01573176 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-17 20:18 - 2013-06-27 19:24 - 00000000 ____D () C:\ProgramData\Recovery
2014-02-17 11:37 - 2009-07-13 21:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-17 11:33 - 2014-02-17 11:33 - 00003536 ____N () C:\bootsqm.dat
2014-02-17 11:31 - 2014-02-17 11:31 - 00000000 __SHD () C:\found.000
2014-02-17 10:56 - 2013-12-04 01:14 - 00029369 _____ () C:\Users\Örjan\daemonprocess.txt
2014-02-17 10:55 - 2014-02-17 10:53 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-17 10:55 - 2013-07-12 00:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-17 10:52 - 2014-02-17 10:52 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro (2).exe
2014-02-17 10:52 - 2014-02-17 10:51 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro (1).exe
2014-02-17 10:51 - 2014-02-17 10:51 - 04721144 _____ (Piriform Ltd) C:\Users\Örjan\Downloads\ccsetup410pro.exe
2014-02-15 12:44 - 2013-06-27 21:52 - 00000000 ____D () C:\users\Privat
2014-02-15 12:44 - 2013-06-27 21:52 - 00000000 ____D () C:\users\Margareta
2014-02-15 12:44 - 2013-06-27 09:59 - 00000000 ____D () C:\users\Örjan
2014-02-15 12:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-02-15 12:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-15 06:21 - 2013-06-27 18:27 - 01728508 _____ () C:\Windows\PFRO.log
2014-02-15 05:08 - 2013-12-21 06:00 - 00000000 ____D () C:\Program Files (x86)\Movies Toolbar
2014-02-15 05:05 - 2013-06-28 07:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-15 04:28 - 2014-01-31 01:09 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-02-15 04:27 - 2014-01-05 01:57 - 00000000 ____D () C:\Users\Örjan\AppData\Local\genienext
2014-02-15 04:27 - 2013-12-21 06:00 - 00000000 ____D () C:\ProgramData\Wincert
2014-02-15 04:27 - 2013-11-25 02:03 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\SimplyTech
2014-02-15 04:27 - 2013-08-09 08:48 - 00000000 ____D () C:\ProgramData\eSafe
2014-02-15 04:14 - 2014-01-05 01:56 - 00000000 ____D () C:\Program Files (x86)\fst_se_25
2014-02-15 03:54 - 2014-02-15 03:54 - 00000272 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{70D4D7E4-ED33-414E-B6B9-438A3250124C}.job
2014-02-15 03:53 - 2014-02-15 03:53 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\Malwarebytes
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-15 03:53 - 2014-02-15 03:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 12:19 - 2013-06-27 12:55 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 02:20 - 2013-06-28 06:46 - 00003924 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{70D4D7E4-ED33-414E-B6B9-438A3250124C}
2014-02-12 01:32 - 2013-10-31 20:49 - 00000000 ____D () C:\Users\Örjan\Desktop\Mailerna
2014-02-12 01:18 - 2011-04-20 15:44 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-12 00:29 - 2013-07-14 04:50 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-12 00:09 - 2013-07-14 05:42 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-02-11 23:55 - 2013-10-27 07:18 - 00000000 ____D () C:\Users\Örjan\AppData\Local\Torch
2014-02-11 08:08 - 2014-02-11 08:08 - 01859497 _____ () C:\Users\Örjan\Desktop\Namnlöst-3.psd
2014-02-11 08:05 - 2014-02-11 08:03 - 00000000 ____D () C:\Users\Örjan\Desktop\Bengt Englund
2014-02-11 00:14 - 2013-06-27 12:55 - 00003988 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 00:14 - 2013-06-27 12:55 - 00003736 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-10 23:37 - 2013-06-27 10:04 - 00001389 _____ () C:\Users\Örjan\Desktop\Internet Explorer.lnk
2014-02-10 05:25 - 2014-02-10 05:25 - 00000000 ____D () C:\Users\Örjan\Desktop\Storskolan klass 5 o 6
2014-02-10 05:16 - 2013-07-18 22:47 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForÖrjan
2014-02-10 05:16 - 2013-07-18 22:47 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForÖrjan.job
2014-02-09 08:47 - 2014-01-14 06:38 - 00000000 ____D () C:\Users\Örjan\Desktop\Nya berättelser
2014-02-09 01:50 - 2014-01-18 04:16 - 00000000 ____D () C:\Users\Örjan\Desktop\HOCKEY
2014-02-09 00:32 - 2010-12-14 01:30 - 01114126 _____ () C:\Users\Örjan\Desktop\RAAS.pptx
2014-02-08 05:22 - 2013-08-15 04:52 - 00000000 ____D () C:\Windows\Minidump
2014-02-08 00:32 - 2013-05-13 22:41 - 00000000 ____D () C:\Users\Örjan\Desktop\Örjan
2014-02-07 22:58 - 2013-10-31 20:50 - 00000450 _____ () C:\Users\Örjan\Desktop\Mailerna.lnk
2014-02-07 09:35 - 2014-02-07 09:35 - 05498679 _____ () C:\Users\Örjan\Desktop\Kopia studentfoto 1967.psd
2014-02-07 07:36 - 2014-02-07 07:36 - 00000815 _____ () C:\Users\Örjan\Desktop\Gymnasium.lnk
2014-02-06 06:33 - 2014-02-06 06:33 - 02002216 _____ (PC Drivers HeadQuarters) C:\Users\Örjan\Downloads\DriverDetective.exe
2014-02-06 06:30 - 2014-02-06 06:22 - 00000000 ____D () C:\Users\Örjan\Desktop\Ekeby HC
2014-02-06 06:19 - 2014-02-06 06:18 - 01973800 _____ (PCRx.com, LLC ) C:\Users\Örjan\Downloads\PCRxSetup (1).exe
2014-02-06 06:18 - 2014-02-06 06:17 - 01973800 _____ (PCRx.com, LLC ) C:\Users\Örjan\Downloads\PCRxSetup.exe
2014-02-06 04:16 - 2014-02-12 01:25 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-06 03:30 - 2014-02-12 01:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-06 03:30 - 2014-02-12 01:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-12 01:25 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-06 03:07 - 2014-02-12 01:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-06 03:06 - 2014-02-12 01:25 - 00048640 _____ () C:\Windows\System32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-12 01:25 - 00053760 _____ () C:\Windows\System32\jsproxy.dll
2014-02-06 02:56 - 2014-02-12 01:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-06 02:52 - 2014-02-12 01:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-06 02:49 - 2014-02-12 01:25 - 00139264 _____ () C:\Windows\System32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-12 01:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-12 01:25 - 00111616 _____ () C:\Windows\System32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-12 01:25 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-12 01:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-12 01:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-12 01:25 - 00195584 _____ () C:\Windows\System32\msrating.dll
2014-02-06 02:11 - 2014-02-12 01:25 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-06 02:01 - 2014-02-12 01:25 - 00061952 _____ () C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-12 01:25 - 00051200 _____ () C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 01:25 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-12 01:25 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-06 01:52 - 2014-02-12 01:25 - 00043008 _____ () C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 01:25 - 00032768 _____ () C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-12 01:25 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-12 01:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-12 01:25 - 00112128 _____ () C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-12 01:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-12 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-12 01:25 - 00164864 _____ () C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-12 01:25 - 02334208 _____ () C:\Windows\System32\wininet.dll
2014-02-06 01:22 - 2014-02-12 01:25 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-06 01:13 - 2014-02-12 01:25 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 01:25 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 01:25 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-12 01:25 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-06 00:41 - 2014-02-12 01:25 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-12 01:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-12 01:25 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-12 01:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 23:47 - 2014-02-05 23:47 - 00000723 _____ () C:\Users\Örjan\Desktop\Bröllopsfoton och andra fina.lnk
2014-02-05 10:21 - 2014-02-03 05:50 - 00000000 ____D () C:\Users\Örjan\Desktop\TURIP
2014-02-05 06:18 - 2013-12-26 02:37 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-05 05:20 - 2014-02-05 05:19 - 00000000 ____D () C:\Users\Örjan\Desktop\Div Bilder
2014-02-05 05:19 - 2013-12-25 00:14 - 00000000 ____D () C:\Users\Örjan\Desktop\Bilder
2014-02-05 01:12 - 2013-07-14 04:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 01:12 - 2013-07-14 04:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 01:12 - 2013-07-14 04:50 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 23:28 - 2014-02-03 22:55 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 23:26 - 2014-02-03 22:55 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 23:26 - 2012-12-06 09:04 - 00000000 ____D () C:\Users\Örjan\Desktop\Dig Austr NZ
2014-02-04 23:26 - 2011-04-20 15:49 - 00000000 ____D () C:\ProgramData\Norton
2014-02-04 23:26 - 2010-12-19 02:06 - 00000000 ____D () C:\Users\Örjan\Desktop\FOTO
2014-02-04 23:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\spool
2014-02-03 22:53 - 2014-02-03 22:53 - 00000000 _____ () C:\END
2014-02-03 09:09 - 2010-08-25 06:41 - 00000000 ____D () C:\Users\Örjan\Desktop\Släkt
2014-02-03 04:37 - 2014-02-03 04:37 - 00000000 ____D () C:\Users\Örjan\Desktop\Einstein
2014-02-01 06:06 - 2014-01-17 05:12 - 00000000 ____D () C:\Users\Örjan\Desktop\Till Birg
2014-01-31 08:18 - 2014-01-31 08:18 - 00000000 ____D () C:\Users\Örjan\Desktop\SI system
2014-01-31 01:14 - 2014-01-31 00:59 - 00000000 ____D () C:\Users\Örjan\AppData\Roaming\systweak
2014-01-31 01:09 - 2014-01-31 01:09 - 00003240 _____ () C:\Windows\System32\Tasks\bench-sys
2014-01-31 01:09 - 2014-01-31 01:09 - 00003218 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-3269205654-4152037324-689232134-1001
2014-01-31 01:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-30 00:17 - 2014-01-05 05:47 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-01-29 04:26 - 2014-01-28 01:53 - 00000000 ____D () C:\Users\Örjan\Desktop\E Kumlien
2014-01-29 04:26 - 2013-08-27 23:11 - 00000000 ____D () C:\Users\Örjan\Desktop\Kopiera o bilder
2014-01-29 04:10 - 2014-01-27 06:20 - 00000000 ____D () C:\Users\Örjan\Desktop\Celldiff
2014-01-29 01:01 - 2013-09-01 05:51 - 00000000 ____D () C:\Users\Örjan\Desktop\Inför Nora
2014-01-28 09:33 - 2014-01-28 09:33 - 00003696 _____ () C:\Users\Örjan\Downloads\Mejllogga-mindre
2014-01-25 08:48 - 2014-01-05 04:28 - 00000000 ____D () C:\Users\Örjan\Desktop\Div Program
2014-01-25 05:02 - 2013-08-12 05:19 - 00001456 _____ () C:\Users\Örjan\AppData\Local\Adobe Spara för webben 12.0 Prefs
2014-01-25 04:52 - 2014-01-05 04:21 - 00000000 ___RD () C:\Users\Örjan\Desktop\Norton
2014-01-25 01:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-01-24 09:11 - 2014-01-05 04:39 - 00000634 _____ () C:\Users\Örjan\Desktop\Musikadresser ALLT.doc.lnk
2014-01-24 06:23 - 2014-01-07 00:13 - 00000000 ____D () C:\Users\Örjan\Desktop\MUSIK
2014-01-23 06:20 - 2013-12-01 06:09 - 00000000 ____D () C:\Users\Örjan\Desktop\Skämtmail alla

Files to move or delete:
====================
C:\Users\Margareta\hpothb07.dat


==================== Known DLLs (Whitelisted) ================

[2014-02-12 01:25] - [2014-02-06 01:24] - 2334208 ____A () C:\Windows\System32\WININET.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-02-08 04:41:03
Restore point made on: 2014-02-10 00:17:56
Restore point made on: 2014-02-10 23:31:22
Restore point made on: 2014-02-12 00:08:40
Restore point made on: 2014-02-12 01:25:24
Restore point made on: 2014-02-12 01:35:19
Restore point made on: 2014-02-14 12:19:58
Restore point made on: 2014-02-15 05:04:41
Restore point made on: 2014-02-17 10:33:41
Restore point made on: 2014-02-20 09:40:30

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 4078.54 MB
Available physical RAM: 3204.67 MB
Total Pagefile: 4076.69 MB
Available Pagefile: 3175.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.94 GB) (Free:618.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:14.6 GB) (Free:1.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: () (Removable) (Total:7.53 GB) (Free:1.31 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 3261C258)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=684 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2014-02-14 12:36

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   30.68KB   2 downloads

Edited by nasdaq, 21 February 2014 - 07:24 AM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 AM

Posted 21 February 2014 - 07:34 AM

Try this clean Startup.

Follow the instructions on the page.

Windows 7: Troubleshoot Application Conflicts by Performing a Clean Startup
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

Let me know what you find.

#8 bomiba67

bomiba67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 21 February 2014 - 11:39 AM

So... I cannot even start msconfig, since Explorer is restarting every second.

There is simply no time...

Can anything be done in "Repair computer" mode?

Perhaps a clean install is the only solution...



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 AM

Posted 21 February 2014 - 01:33 PM

You can possibly try this before re-installing.

PLEASE NOTE: Most authorities say that a PC with a polymorphic file infector can never again be trusted and should be reformatted. You should seriously consider reformatting and reinstalling Windows.

That said, if you wish we can attempt disinfection but you are cautioned that theoretically you can never be sure cleaning is 100% complete.

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


Summarizing:
  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.
Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:
Restart your computer and put the disk in the drive while booting.
Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu (select Windows whatever)
Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
Click My Update Center and update if any available
Back to other tab and click Start Object Scan.
(It took 3 hours to scan my 47G)
When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
On the upper right hand corner of the Detailed report window, click on the Save button.
After clicking Detailed Report and 'SAVE', a browse window opens.
Double-click on the \
Click 'disks'.
All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
Click on the Save button.
The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Post the KasperskyRescueDisk10.txt and let me know if you now can boot in normal mode.

===

#10 bomiba67

bomiba67
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 21 February 2014 - 04:39 PM

Ok, thanks for your help and time.

I will perform a full re-install.

Best regards

/bomiba



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,938 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:11 AM

Posted 22 February 2014 - 08:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users