Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant pop-ups in Chrome for Java update


  • This topic is locked This topic is locked
6 replies to this topic

#1 simonhansen

simonhansen

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 24 May 2014 - 07:55 AM

Hey

 

I will let you know I am looking forward to recieve your help. I am very appreciative of the self-sacrifice of volunteers who give their time to assist people like this. Over the last day I've noticed numerous popups in Chrome for spurious Java updates as well as messages like "this content may require video downloader", "this content requires media Player 12.2" or "Together we can fight cancer" etc. Yesterday i installed VLC, and recieved some malware together with it. I have tried googling a solution at tried different things, but has not yet found a solution. I have tried different software removal programs such as adwcleaner, malwarebytes anit-malware, hitmanpro and spyhunter 4 (free version), but nothing has worked yet.

 

My system is much much slower since this infection. I notice that my browser is continually accessing various sites in the background when I am browsing the web (see numerous websites scrolling in the 'waiting for' status area in the lower left-hand corner of Chrome). I am also worried that security permissions for files on my computer have been compromised and altered. There is only one user account on this computer (Simon) and it is an Administrator account. I am thinking of backing up my files on a USB pen, but affraid that it might get infected too. I can see another user have had the same problem and posted a dds.txt log, and I would love to do the same, but I am not allowed to run dds on my computer. I am using windows 8 64bit.

 

I am looking forward to recieving an answer



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:48 PM

Posted 28 May 2014 - 07:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 simonhansen

simonhansen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 29 May 2014 - 02:04 PM

Hi Nasdaq

Thank you for your help so far. I am a bit in doubt about what to attach so i have attatched everyting:

 

The log from Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 29-05-2014
Scan Time: 18:16:53
Logfile: 1. scan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Simon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296429
Time Elapsed: 47 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)
 
The log from AdwCleaner:
# AdwCleaner v3.211 - Report created 29/05/2014 at 20:50:35
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Simon - SIMON_KJAER
# Running from : C:\Users\Simon\Desktop\Fikse virus\adwcleaner_3.211.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\MSR
File Deleted : C:\WINDOWS\System32\Tasks\fsupdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17037
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5455 octets] - [23/05/2014 14:41:08]
AdwCleaner[R1].txt - [902 octets] - [24/05/2014 09:17:26]
AdwCleaner[R2].txt - [1135 octets] - [29/05/2014 20:46:50]
AdwCleaner[S0].txt - [4343 octets] - [23/05/2014 14:42:30]
AdwCleaner[S1].txt - [968 octets] - [24/05/2014 09:21:26]
AdwCleaner[S2].txt - [1063 octets] - [29/05/2014 20:50:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1123 octets] ##########
 
The log from Farbar Recovery Scan Tool:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Simon (administrator) on SIMON_KJAER on 29-05-2014 20:56:55
Running from C:\Users\Simon\Desktop\Fikse virus
Platform: Windows 8.1 (X64) OS Language: Danish
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
(Dropbox, Inc.) C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2257513283-155794127-412587946-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-2257513283-155794127-412587946-1001\...\Run: [Spotify Web Helper] => C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-2257513283-155794127-412587946-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-17] (DT Soft Ltd)
HKU\S-1-5-21-2257513283-155794127-412587946-1001\...\MountPoints2: {2258dee0-881c-11e3-be9c-7c05072ccfc6} - "D:\HTC_Sync_Manager_PC.exe" 
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.dk/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {1DA59756-01EE-445A-B231-6D63DB5217EC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {1DA59756-01EE-445A-B231-6D63DB5217EC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {1DA59756-01EE-445A-B231-6D63DB5217EC} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf - C:\Simon\Programmer\Foxit\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb - C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @verimatrix.com/ViewRightWeb - C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Dokumenter) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-24]
CHR Extension: (Google Drev) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-24]
CHR Extension: (Google-søgning) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-24]
CHR Extension: (Google Wallet) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-24]
CHR Extension: (Gmail) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-24]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Simon\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-23]
 
==================== Services (Whitelisted) =================
 
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116240 2013-01-04] (Toshiba Europe GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [271424 2014-03-30] (DT Soft Ltd)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2014-03-30] (Duplex Secure Ltd.)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-03] (Microsoft Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-29 20:56 - 2014-05-29 20:56 - 00000000 ____D () C:\FRST
2014-05-29 18:21 - 2014-05-29 18:22 - 02066944 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2014-05-29 18:20 - 2014-05-29 18:21 - 01327971 _____ () C:\Users\Simon\Downloads\adwcleaner_3.211.exe
2014-05-29 18:16 - 2014-05-29 20:53 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 18:16 - 2014-05-29 18:16 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-29 18:16 - 2014-05-29 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-29 18:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-29 18:16 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-29 18:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-29 18:12 - 2014-05-29 18:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-05-28 13:57 - 2014-05-28 13:57 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (20).jnlp
2014-05-28 13:45 - 2014-05-28 13:45 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (19).jnlp
2014-05-28 13:34 - 2014-05-28 13:34 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (18).jnlp
2014-05-28 08:16 - 2014-05-28 08:16 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-28 08:16 - 2014-05-28 08:16 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-28 08:09 - 2014-05-28 08:09 - 00228875 _____ () C:\Users\Simon\Downloads\la01.ps
2014-05-28 06:34 - 2014-05-28 06:36 - 00000098 _____ () C:\Users\Simon\Desktop\Fake mail.txt
2014-05-27 16:00 - 2014-05-27 16:00 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (17).jnlp
2014-05-27 15:53 - 2014-05-27 15:53 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (16).jnlp
2014-05-27 15:51 - 2014-05-27 15:51 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (15).jnlp
2014-05-27 15:50 - 2014-05-27 15:50 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (14).jnlp
2014-05-27 15:41 - 2014-05-27 15:41 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (13).jnlp
2014-05-27 15:40 - 2014-05-27 15:40 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (12).jnlp
2014-05-27 15:25 - 2014-05-27 15:25 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (11).jnlp
2014-05-27 15:09 - 2014-05-27 15:09 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (10).jnlp
2014-05-26 13:21 - 2014-05-26 13:21 - 00051963 _____ () C:\Users\Simon\Desktop\Musik.m3u
2014-05-24 14:46 - 2014-05-29 20:56 - 00000000 ____D () C:\Users\Simon\Desktop\Fikse virus
2014-05-24 14:46 - 2014-05-24 14:46 - 00688992 _____ (Swearware) C:\Users\Simon\Downloads\dds.com
2014-05-24 14:20 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-24 14:20 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-24 14:20 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-24 14:20 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-24 14:20 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-24 14:20 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-24 14:20 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-24 14:20 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-24 14:20 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-24 14:20 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-24 14:20 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-24 14:20 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-24 14:20 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-24 14:20 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-24 14:20 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-24 14:20 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-24 14:20 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-24 14:20 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-24 14:20 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-24 14:20 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-24 14:20 - 2014-04-06 18:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-24 14:20 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-24 14:20 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-24 14:20 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-24 14:20 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-24 14:20 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-24 14:20 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-24 14:20 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-24 14:20 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-24 14:20 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-24 14:20 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-24 14:20 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-24 14:20 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-24 14:20 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-24 14:20 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-24 14:20 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-24 14:20 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-24 14:20 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-24 14:20 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-24 14:20 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-24 14:20 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-24 14:20 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-24 14:20 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-24 14:20 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-24 14:20 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-24 14:20 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-24 14:20 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-24 14:20 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-24 14:20 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-24 14:20 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-24 14:20 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-24 14:20 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-24 14:20 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-24 14:20 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-24 14:20 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-24 14:20 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-24 14:20 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-24 14:20 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-24 14:20 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-24 14:20 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-24 14:20 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-24 14:20 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-05-24 14:20 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-24 14:20 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-24 14:20 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-24 14:20 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-24 14:20 - 2014-03-31 07:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-24 14:20 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-24 14:20 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-05-24 14:20 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-05-24 14:20 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-24 14:20 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-24 14:20 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-24 14:20 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-24 14:20 - 2014-03-30 23:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-24 14:20 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-24 14:20 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-24 14:20 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-24 14:20 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-24 14:20 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-24 14:20 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-24 14:20 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-24 14:20 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-24 14:20 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-24 14:20 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-24 14:20 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-24 14:20 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-24 14:20 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-24 14:20 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-24 14:20 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-24 14:20 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-24 14:20 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-24 14:20 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-24 14:20 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-24 14:20 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-24 14:20 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-24 14:20 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-24 14:20 - 2014-03-18 10:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-24 14:20 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-24 14:20 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-24 14:20 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-24 14:20 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-24 14:20 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-24 14:20 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-24 14:20 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-24 14:20 - 2014-03-06 14:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-24 14:19 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-24 14:19 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-24 14:19 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-24 14:19 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-24 14:19 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-24 14:19 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-24 14:19 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-24 14:19 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-24 14:19 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-24 14:19 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-24 14:19 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-24 14:19 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-24 14:19 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-24 14:19 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-24 14:19 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-24 14:19 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-24 14:19 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-24 14:19 - 2014-04-03 04:22 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-24 14:19 - 2014-04-01 08:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-24 14:19 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-24 14:19 - 2014-03-31 07:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-24 14:19 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-24 14:19 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-24 14:19 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-24 14:19 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-24 14:19 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-24 14:19 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-24 14:19 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-24 14:15 - 2014-05-24 14:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-24 14:04 - 2014-05-24 14:04 - 01326389 _____ () C:\Users\Simon\Downloads\AdwCleaner (1).exe
2014-05-24 11:38 - 2014-05-24 11:38 - 00000000 _____ () C:\autoexec.bat
2014-05-24 11:37 - 2014-05-24 11:37 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-24 11:36 - 2014-05-28 07:53 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-24 11:35 - 2014-05-24 11:35 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Simon\Downloads\SpyHunter-Installer.exe
2014-05-24 11:29 - 2014-05-29 20:55 - 00002226 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-24 11:29 - 2014-05-24 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-24 10:36 - 2014-05-24 10:36 - 00000295 _____ () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papirkurv.lnk
2014-05-23 21:11 - 2014-05-23 21:11 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-05-23 21:11 - 2014-05-23 21:11 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-05-23 21:11 - 2014-05-23 21:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-05-23 21:11 - 2014-05-23 21:11 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-05-23 21:11 - 2014-05-23 21:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-23 21:09 - 2014-05-23 21:09 - 00921512 _____ (Oracle Corporation) C:\Users\Simon\Downloads\chromeinstall-7u55.exe
2014-05-23 18:19 - 2014-05-23 18:19 - 00000426 _____ () C:\WINDOWS\system32\.crusader
2014-05-23 16:06 - 2014-05-23 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-23 16:04 - 2014-05-23 16:05 - 10971424 _____ (SurfRight B.V.) C:\Users\Simon\Downloads\HitmanPro_x64.exe
2014-05-23 15:00 - 2014-05-23 15:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-23 14:58 - 2014-05-23 14:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-23 14:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-05-23 14:41 - 2014-05-29 20:50 - 00000000 ____D () C:\AdwCleaner
2014-05-23 14:39 - 2014-05-23 14:39 - 01326389 _____ () C:\Users\Simon\Downloads\AdwCleaner.exe
2014-05-23 13:50 - 2014-05-23 14:23 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-21 01:14 - 2014-05-21 01:12 - 00066525 _____ () C:\Users\Simon\Desktop\Exam2014_Part2.xlsm
2014-05-20 19:47 - 2014-05-21 21:27 - 00000000 ____D () C:\Users\Simon\Desktop\FE
2014-05-19 19:34 - 2014-05-19 19:35 - 02075213 _____ () C:\Users\Simon\Downloads\OF_Ch11.pptx
2014-05-19 10:00 - 2014-05-19 10:00 - 00014290 _____ () C:\Users\Simon\Downloads\FEExamData.xlsm
2014-05-15 06:08 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-15 06:08 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 12:49 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 12:49 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 12:49 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 12:49 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 12:48 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 12:48 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 12:48 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 12:48 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 12:48 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 08:01 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 08:01 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 08:01 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 08:01 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 08:01 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 08:01 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 08:01 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:01 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 08:01 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 08:01 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 08:01 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 08:01 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 08:01 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 08:01 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 08:01 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 08:01 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 08:01 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 08:01 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 08:00 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 08:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 08:00 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 08:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-13 18:30 - 2014-05-13 18:30 - 00072986 _____ () C:\Users\Simon\Downloads\Exam2012SolutionEx1Ex2Ex3.xlsm
2014-05-13 12:55 - 2014-05-13 12:55 - 29164456 _____ (Oracle Corporation) C:\Users\Simon\Downloads\jre-7u55-windows-i586.exe
2014-05-13 09:22 - 2014-05-13 09:22 - 00053633 _____ () C:\Users\Simon\Downloads\Ex_04_2014_Solution_Part_1.xlsm
2014-05-11 19:35 - 2014-05-11 19:35 - 00462336 _____ () C:\Users\Simon\Downloads\Porteføjle teori (1).xls
2014-05-11 19:34 - 2014-05-11 19:34 - 00462336 _____ () C:\Users\Simon\Downloads\Porteføjle teori.xls
2014-05-08 08:22 - 2014-05-08 08:23 - 00000000 ____D () C:\Users\Simon\Desktop\Victor Cheng - Look Over My Shoulder
2014-05-06 19:50 - 2014-05-06 19:50 - 00000000 __SHD () C:\Users\Simon\AppData\Local\EmieUserList
2014-05-06 19:50 - 2014-05-06 19:50 - 00000000 __SHD () C:\Users\Simon\AppData\Local\EmieSiteList
2014-05-05 09:55 - 2014-05-05 09:55 - 00000000 ____D () C:\Users\Simon\Desktop\Business Analysis & Valuation
2014-05-03 06:36 - 2014-05-29 20:54 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\DropboxMaster
2014-05-03 06:36 - 2014-05-03 06:36 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 06:36 - 2014-05-03 06:36 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-30 14:42 - 2014-04-30 14:49 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\LyX2.1
2014-04-30 14:42 - 2014-04-30 14:42 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\MiKTeX
2014-04-30 13:03 - 2014-04-30 13:03 - 00002018 _____ () C:\Users\Public\Desktop\LyX 2.1.lnk
2014-04-30 13:03 - 2014-04-30 13:03 - 00000000 ____D () C:\Users\Simon\AppData\Local\MiKTeX
2014-04-30 13:03 - 2014-04-30 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LyX 2.1
2014-04-30 13:01 - 2014-04-30 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2014-04-30 12:59 - 2014-04-30 12:59 - 00000000 ____D () C:\ProgramData\MiKTeX
2014-04-30 12:56 - 2014-04-30 14:48 - 00000000 ____D () C:\Program Files (x86)\MiKTeX 2.9
2014-04-30 12:53 - 2014-04-30 13:03 - 00000000 ____D () C:\Program Files (x86)\LyX 2.1
2014-04-30 12:43 - 2014-04-30 12:46 - 218870807 _____ () C:\Users\Simon\Downloads\LyX-2.1.0-Bundle-2.exe
2014-04-30 11:22 - 2014-04-30 11:22 - 00009285 _____ () C:\Users\Simon\Downloads\08 Finite Difference methods.lyx
2014-04-30 11:22 - 2014-04-30 11:22 - 00003526 _____ () C:\Users\Simon\Downloads\07 Binomial Trees notes.lyx
 
==================== One Month Modified Files and Folders =======
 
2014-05-29 20:57 - 2013-07-02 08:00 - 00000000 ____D () C:\Users\Simon\Documents\Outlook Files
2014-05-29 20:56 - 2014-05-29 20:56 - 00000000 ____D () C:\FRST
2014-05-29 20:56 - 2014-05-24 14:46 - 00000000 ____D () C:\Users\Simon\Desktop\Fikse virus
2014-05-29 20:55 - 2014-05-24 11:29 - 00002226 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-29 20:55 - 2014-03-15 21:51 - 00003936 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7FCC2E5F-EE71-465B-9799-ACE63624B0FF}
2014-05-29 20:55 - 2013-12-03 16:35 - 00000000 __RDO () C:\Users\Simon\SkyDrive
2014-05-29 20:55 - 2013-07-03 07:45 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Dropbox
2014-05-29 20:54 - 2014-05-03 06:36 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\DropboxMaster
2014-05-29 20:54 - 2013-07-03 07:47 - 00000000 ___RD () C:\Users\Simon\Google Drev
2014-05-29 20:54 - 2013-07-03 07:47 - 00000000 ___RD () C:\Users\Simon\Dropbox
2014-05-29 20:53 - 2014-05-29 18:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 20:53 - 2013-06-26 22:28 - 00000950 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 20:52 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-29 20:51 - 2013-09-29 21:02 - 00033000 _____ () C:\WINDOWS\PFRO.log
2014-05-29 20:51 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-29 20:50 - 2014-05-23 14:41 - 00000000 ____D () C:\AdwCleaner
2014-05-29 20:03 - 2013-06-26 22:28 - 00000954 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-29 18:24 - 2013-09-27 23:02 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Spotify
2014-05-29 18:22 - 2014-05-29 18:21 - 02066944 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2014-05-29 18:21 - 2014-05-29 18:20 - 01327971 _____ () C:\Users\Simon\Downloads\adwcleaner_3.211.exe
2014-05-29 18:16 - 2014-05-29 18:16 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-29 18:16 - 2014-05-29 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-29 18:12 - 2014-05-29 18:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-05-29 14:20 - 2013-12-03 16:13 - 01741840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-29 13:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-05-29 11:13 - 2013-06-24 07:15 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2257513283-155794127-412587946-1001
2014-05-29 06:29 - 2013-12-03 16:10 - 01395240 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-29 06:29 - 2013-09-30 05:56 - 00464834 _____ () C:\WINDOWS\system32\perfh006.dat
2014-05-29 06:29 - 2013-09-30 05:56 - 00079560 _____ () C:\WINDOWS\system32\perfc006.dat
2014-05-28 13:57 - 2014-05-28 13:57 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (20).jnlp
2014-05-28 13:45 - 2014-05-28 13:45 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (19).jnlp
2014-05-28 13:34 - 2014-05-28 13:34 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (18).jnlp
2014-05-28 10:42 - 2013-09-27 23:02 - 00000000 ____D () C:\Users\Simon\AppData\Local\Spotify
2014-05-28 08:16 - 2014-05-28 08:16 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-28 08:16 - 2014-05-28 08:16 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-28 08:09 - 2014-05-28 08:09 - 00228875 _____ () C:\Users\Simon\Downloads\la01.ps
2014-05-28 07:53 - 2014-05-24 11:36 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-28 06:36 - 2014-05-28 06:34 - 00000098 _____ () C:\Users\Simon\Desktop\Fake mail.txt
2014-05-28 06:29 - 2013-06-24 07:08 - 00000000 ___RD () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 06:28 - 2013-07-03 07:46 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 16:00 - 2014-05-27 16:00 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (17).jnlp
2014-05-27 15:53 - 2014-05-27 15:53 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (16).jnlp
2014-05-27 15:51 - 2014-05-27 15:51 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (15).jnlp
2014-05-27 15:50 - 2014-05-27 15:50 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (14).jnlp
2014-05-27 15:41 - 2014-05-27 15:41 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (13).jnlp
2014-05-27 15:40 - 2014-05-27 15:40 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (12).jnlp
2014-05-27 15:25 - 2014-05-27 15:25 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (11).jnlp
2014-05-27 15:09 - 2014-05-27 15:09 - 00002284 _____ () C:\Users\Simon\Downloads\smartdesigner (10).jnlp
2014-05-26 13:21 - 2014-05-26 13:21 - 00051963 _____ () C:\Users\Simon\Desktop\Musik.m3u
2014-05-26 08:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-24 14:46 - 2014-05-24 14:46 - 00688992 _____ (Swearware) C:\Users\Simon\Downloads\dds.com
2014-05-24 14:29 - 2013-06-24 07:08 - 00000000 ___RD () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-24 14:28 - 2013-08-22 16:44 - 00474352 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-24 14:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-24 14:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-05-24 14:25 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-05-24 14:15 - 2014-05-24 14:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-24 14:04 - 2014-05-24 14:04 - 01326389 _____ () C:\Users\Simon\Downloads\AdwCleaner (1).exe
2014-05-24 11:38 - 2014-05-24 11:38 - 00000000 _____ () C:\autoexec.bat
2014-05-24 11:37 - 2014-05-24 11:37 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-24 11:35 - 2014-05-24 11:35 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Simon\Downloads\SpyHunter-Installer.exe
2014-05-24 11:29 - 2014-05-24 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-24 11:29 - 2013-06-26 22:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-24 10:36 - 2014-05-24 10:36 - 00000295 _____ () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papirkurv.lnk
2014-05-23 21:11 - 2014-05-23 21:11 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-05-23 21:11 - 2014-05-23 21:11 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-05-23 21:11 - 2014-05-23 21:11 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-05-23 21:11 - 2014-05-23 21:11 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-05-23 21:11 - 2014-05-23 21:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-23 21:11 - 2013-10-28 10:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-23 21:09 - 2014-05-23 21:09 - 00921512 _____ (Oracle Corporation) C:\Users\Simon\Downloads\chromeinstall-7u55.exe
2014-05-23 18:20 - 2014-05-23 16:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-23 18:19 - 2014-05-23 18:19 - 00000426 _____ () C:\WINDOWS\system32\.crusader
2014-05-23 16:05 - 2014-05-23 16:04 - 10971424 _____ (SurfRight B.V.) C:\Users\Simon\Downloads\HitmanPro_x64.exe
2014-05-23 15:59 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-05-23 15:00 - 2014-05-23 15:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-23 14:59 - 2014-05-23 14:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-23 14:39 - 2014-05-23 14:39 - 01326389 _____ () C:\Users\Simon\Downloads\AdwCleaner.exe
2014-05-23 14:23 - 2014-05-23 13:50 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-23 14:06 - 2013-12-03 16:25 - 00001457 _____ () C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-23 09:52 - 2013-06-29 20:18 - 00935567 _____ () C:\Users\Simon\danid.log
2014-05-21 21:27 - 2014-05-20 19:47 - 00000000 ____D () C:\Users\Simon\Desktop\FE
2014-05-21 02:05 - 2013-08-22 16:46 - 00305616 _____ () C:\WINDOWS\setupact.log
2014-05-21 01:12 - 2014-05-21 01:14 - 00066525 _____ () C:\Users\Simon\Desktop\Exam2014_Part2.xlsm
2014-05-19 19:35 - 2014-05-19 19:34 - 02075213 _____ () C:\Users\Simon\Downloads\OF_Ch11.pptx
2014-05-19 10:00 - 2014-05-19 10:00 - 00014290 _____ () C:\Users\Simon\Downloads\FEExamData.xlsm
2014-05-17 06:38 - 2013-09-01 13:10 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 23:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 23:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 23:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 23:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 23:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 23:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 13:16 - 2013-08-20 19:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 13:14 - 2013-06-28 00:49 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 08:14 - 2013-06-30 08:31 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-13 18:30 - 2014-05-13 18:30 - 00072986 _____ () C:\Users\Simon\Downloads\Exam2012SolutionEx1Ex2Ex3.xlsm
2014-05-13 12:55 - 2014-05-13 12:55 - 29164456 _____ (Oracle Corporation) C:\Users\Simon\Downloads\jre-7u55-windows-i586.exe
2014-05-13 09:22 - 2014-05-13 09:22 - 00053633 _____ () C:\Users\Simon\Downloads\Ex_04_2014_Solution_Part_1.xlsm
2014-05-12 07:26 - 2014-05-29 18:16 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-29 18:16 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-29 18:16 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-11 19:35 - 2014-05-11 19:35 - 00462336 _____ () C:\Users\Simon\Downloads\Porteføjle teori (1).xls
2014-05-11 19:34 - 2014-05-11 19:34 - 00462336 _____ () C:\Users\Simon\Downloads\Porteføjle teori.xls
2014-05-09 10:58 - 2013-06-26 22:28 - 00003926 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 10:58 - 2013-06-26 22:28 - 00003690 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 09:35 - 2013-06-25 11:59 - 00000000 ____D () C:\Users\Simon\Desktop\Fikumdik
2014-05-08 08:23 - 2014-05-08 08:22 - 00000000 ____D () C:\Users\Simon\Desktop\Victor Cheng - Look Over My Shoulder
2014-05-07 11:59 - 2013-07-03 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-06 19:50 - 2014-05-06 19:50 - 00000000 __SHD () C:\Users\Simon\AppData\Local\EmieUserList
2014-05-06 19:50 - 2014-05-06 19:50 - 00000000 __SHD () C:\Users\Simon\AppData\Local\EmieSiteList
2014-05-06 11:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-06 06:40 - 2014-05-14 08:00 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 08:00 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 08:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 08:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-05 09:55 - 2014-05-05 09:55 - 00000000 ____D () C:\Users\Simon\Desktop\Business Analysis & Valuation
2014-05-03 06:36 - 2014-05-03 06:36 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-03 06:36 - 2014-05-03 06:36 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2014-05-15 06:08 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2014-05-15 06:08 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 14:49 - 2014-04-30 14:42 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\LyX2.1
2014-04-30 14:48 - 2014-04-30 12:56 - 00000000 ____D () C:\Program Files (x86)\MiKTeX 2.9
2014-04-30 14:42 - 2014-04-30 14:42 - 00000000 ____D () C:\Users\Simon\AppData\Roaming\MiKTeX
2014-04-30 13:03 - 2014-04-30 13:03 - 00002018 _____ () C:\Users\Public\Desktop\LyX 2.1.lnk
2014-04-30 13:03 - 2014-04-30 13:03 - 00000000 ____D () C:\Users\Simon\AppData\Local\MiKTeX
2014-04-30 13:03 - 2014-04-30 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LyX 2.1
2014-04-30 13:03 - 2014-04-30 12:53 - 00000000 ____D () C:\Program Files (x86)\LyX 2.1
2014-04-30 13:01 - 2014-04-30 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2014-04-30 12:59 - 2014-04-30 12:59 - 00000000 ____D () C:\ProgramData\MiKTeX
2014-04-30 12:46 - 2014-04-30 12:43 - 218870807 _____ () C:\Users\Simon\Downloads\LyX-2.1.0-Bundle-2.exe
2014-04-30 11:22 - 2014-04-30 11:22 - 00009285 _____ () C:\Users\Simon\Downloads\08 Finite Difference methods.lyx
2014-04-30 11:22 - 2014-04-30 11:22 - 00003526 _____ () C:\Users\Simon\Downloads\07 Binomial Trees notes.lyx
 
Some content of TEMP:
====================
C:\Users\Simon\AppData\Local\Temp\0226F60D.dll
C:\Users\Simon\AppData\Local\Temp\023234CA.dll
C:\Users\Simon\AppData\Local\Temp\0234D034.dll
C:\Users\Simon\AppData\Local\Temp\0238487C.dll
C:\Users\Simon\AppData\Local\Temp\09339472.dll
C:\Users\Simon\AppData\Local\Temp\0994FAF9.dll
C:\Users\Simon\AppData\Local\Temp\0C725EA3.dll
C:\Users\Simon\AppData\Local\Temp\0C745745.dll
C:\Users\Simon\AppData\Local\Temp\13B4845D.dll
C:\Users\Simon\AppData\Local\Temp\280AE166.dll
C:\Users\Simon\AppData\Local\Temp\2810EDB0.dll
C:\Users\Simon\AppData\Local\Temp\39BEED4F.dll
C:\Users\Simon\AppData\Local\Temp\39C0B0B3.dll
C:\Users\Simon\AppData\Local\Temp\39C0FC95.dll
C:\Users\Simon\AppData\Local\Temp\3F7C22A2.dll
C:\Users\Simon\AppData\Local\Temp\3F811615.dll
C:\Users\Simon\AppData\Local\Temp\4F615A74.dll
C:\Users\Simon\AppData\Local\Temp\4F680903.dll
C:\Users\Simon\AppData\Local\Temp\4F68B7DC.dll
C:\Users\Simon\AppData\Local\Temp\668D6CBC.dll
C:\Users\Simon\AppData\Local\Temp\668F4829.dll
C:\Users\Simon\AppData\Local\Temp\669295A0.dll
C:\Users\Simon\AppData\Local\Temp\66939B9E.dll
C:\Users\Simon\AppData\Local\Temp\66A36D3A.dll
C:\Users\Simon\AppData\Local\Temp\67FE955A.dll
C:\Users\Simon\AppData\Local\Temp\69262672.dll
C:\Users\Simon\AppData\Local\Temp\692630C4.dll
C:\Users\Simon\AppData\Local\Temp\844A1A77.dll
C:\Users\Simon\AppData\Local\Temp\844CFE85.dll
C:\Users\Simon\AppData\Local\Temp\84502978.dll
C:\Users\Simon\AppData\Local\Temp\845D047A.dll
C:\Users\Simon\AppData\Local\Temp\845F1973.dll
C:\Users\Simon\AppData\Local\Temp\9B08DA3C.dll
C:\Users\Simon\AppData\Local\Temp\9B0A12D6.dll
C:\Users\Simon\AppData\Local\Temp\9B0C2263.dll
C:\Users\Simon\AppData\Local\Temp\9EF80187.dll
C:\Users\Simon\AppData\Local\Temp\AA959956.dll
C:\Users\Simon\AppData\Local\Temp\B98C2A9F.dll
C:\Users\Simon\AppData\Local\Temp\B98DD4FB.dll
C:\Users\Simon\AppData\Local\Temp\BBF0395B.dll
C:\Users\Simon\AppData\Local\Temp\C7539AEE.dll
C:\Users\Simon\AppData\Local\Temp\C7579C8F.dll
C:\Users\Simon\AppData\Local\Temp\C7601FBC.dll
C:\Users\Simon\AppData\Local\Temp\C760E62C.dll
C:\Users\Simon\AppData\Local\Temp\C76DE4EC.dll
C:\Users\Simon\AppData\Local\Temp\C76FCC18.dll
C:\Users\Simon\AppData\Local\Temp\C773855E.dll
C:\Users\Simon\AppData\Local\Temp\C774A6AC.dll
C:\Users\Simon\AppData\Local\Temp\CF3BD40E.dll
C:\Users\Simon\AppData\Local\Temp\D46866D0.dll
C:\Users\Simon\AppData\Local\Temp\D7C3332A.dll
C:\Users\Simon\AppData\Local\Temp\D7D353E6.dll
C:\Users\Simon\AppData\Local\Temp\DD691F18.dll
C:\Users\Simon\AppData\Local\Temp\DD6C87BE.dll
C:\Users\Simon\AppData\Local\Temp\DD6E7DBC.dll
C:\Users\Simon\AppData\Local\Temp\DD7571AA.dll
C:\Users\Simon\AppData\Local\Temp\DD76AD14.dll
C:\Users\Simon\AppData\Local\Temp\DD785D15.dll
C:\Users\Simon\AppData\Local\Temp\DD7896FB.dll
C:\Users\Simon\AppData\Local\Temp\DD78D467.dll
C:\Users\Simon\AppData\Local\Temp\DD7D941B.dll
C:\Users\Simon\AppData\Local\Temp\DD7E878D.dll
C:\Users\Simon\AppData\Local\Temp\DD8948EF.dll
C:\Users\Simon\AppData\Local\Temp\DD8CBD9F.dll
C:\Users\Simon\AppData\Local\Temp\DD8D168F.dll
C:\Users\Simon\AppData\Local\Temp\DD8E8516.dll
C:\Users\Simon\AppData\Local\Temp\DE4C1BEE.dll
C:\Users\Simon\AppData\Local\Temp\DED29D9C.dll
C:\Users\Simon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi424_j.dll
C:\Users\Simon\AppData\Local\Temp\E7691837.dll
C:\Users\Simon\AppData\Local\Temp\E95DDE38.dll
C:\Users\Simon\AppData\Local\Temp\F2ED4AD7.dll
C:\Users\Simon\AppData\Local\Temp\F2EEA7BD.dll
C:\Users\Simon\AppData\Local\Temp\F2F052CC.dll
C:\Users\Simon\AppData\Local\Temp\F2F0FBCB.dll
C:\Users\Simon\AppData\Local\Temp\F307D150.dll
C:\Users\Simon\AppData\Local\Temp\F309DA42.dll
C:\Users\Simon\AppData\Local\Temp\F30A278D.dll
C:\Users\Simon\AppData\Local\Temp\F30AFEC4.dll
C:\Users\Simon\AppData\Local\Temp\F31279C0.dll
C:\Users\Simon\AppData\Local\Temp\F3C725F8.dll
C:\Users\Simon\AppData\Local\Temp\F3D9B942.dll
C:\Users\Simon\AppData\Local\Temp\F924B3F8.dll
C:\Users\Simon\AppData\Local\Temp\FBE1F578.dll
C:\Users\Simon\AppData\Local\Temp\FBE3BCE0.dll
C:\Users\Simon\AppData\Local\Temp\FBE614C3.dll
C:\Users\Simon\AppData\Local\Temp\FBE79F62.dll
C:\Users\Simon\AppData\Local\Temp\FBE846D0.dll
C:\Users\Simon\AppData\Local\Temp\FF854DD2.dll
C:\Users\Simon\AppData\Local\Temp\HitmanPro.exe
C:\Users\Simon\AppData\Local\Temp\Quarantine.exe
C:\Users\Simon\AppData\Local\Temp\SHSetup.exe
C:\Users\Simon\AppData\Local\Temp\wlan_test.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-24 14:20] - [2014-03-28 17:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972
 
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-24 14:20] - [2014-03-06 14:42] - 0310616 ___AC (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663
 
 
 
LastRegBack: 2014-05-29 08:57
 
==================== End Of Log ============================
 
The Addition file from Farbar Recovery Scan Tool:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Simon at 2014-05-29 20:58:48
Running from C:\Users\Simon\Desktop\Fikse virus
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Reader XI (11.0.07) - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programunderstøttelse (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 4.41.0315.0262 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
EViews 8 (HKLM-x32\...\InstallShield_{1D78E62C-B585-446A-8FC7-2754332C0521}) (Version: 8.00.0000 - IHS Global Inc.)
EViews 8 (x32 Version: 8.00.0000 - IHS Global Inc.) Hidden
Foxit PhantomPDF (HKLM-x32\...\{BD1D7C83-6BBC-4AC3-9F72-44206623E765}) (Version: 5.5.6.218 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Legathåndbogen Uddannelse (HKLM-x32\...\{AF881EE7-778E-4243-974C-8D0D49E9E343}) (Version: 5.10.0010 - Billesø & Baltzer)
LyX 2.1.0 (HKLM-x32\...\LyX210) (Version: 2.1.0 - LyX Team)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Access MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - Danish/dansk (HKLM-x32\...\Office14.OMUI.da-dk) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office O MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Swedish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Danish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (Danish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DAN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DAN) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DAN (Version: 10.0.50325 - Microsoft Corporation) Hidden
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{E9B456A4-0C64-4337-AD45-2547B84043CB}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 2.00.973 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.3.3 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.21-A - Toshiba Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.da-dk_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{FAFF5277-C8A7-47E4-85F9-FD95CDBC1171}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CDB6D503-FD52-440A-A185-AB9692F2A31B}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
ViewRight Web PC (HKLM-x32\...\{0AEF5F93-DE30-4D0A-A879-B3BB72000F52}) (Version: 2.1.2.3 - Verimatrix, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
 
==================== Restore Points  =========================
 
13-05-2014 10:55:50 Installed Java 7 Update 55
21-05-2014 07:50:33 Planlagt kontrolpunkt
23-05-2014 19:10:19 Removed Java 7 Update 55
28-05-2014 05:50:49 Removed SpyHunter
 
==================== Hosts content: ==========================
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {271E0009-D06A-4788-B1E6-48C56B1514B8} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {347B180A-4F67-487B-8DFA-2B7B8DC8536F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BF3951F-454D-4782-80B4-0267AA4EB51F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {55218675-727F-4639-80F8-83A6D5A5BFA7} - \fsupdate No Task File <==== ATTENTION
Task: {5EAA2706-8349-47E7-85E3-CD6D6DD72CFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {619676BB-D977-4D69-8726-6F437432B587} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A56FA951-5D44-41B5-A93B-54A3859C44BC} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
Task: {BAEA52C5-7A01-40FF-874D-22BC08457716} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C8854472-75CB-447F-9149-1AC949AA308F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {CAEB88F8-18EB-4C0D-9D45-F0038A0D8A7C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F9C36E83-F09C-4CC8-8823-960A76BD5BDC} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2013-01-04] (Toshiba Europe GmbH)
Task: {FAFC6D9B-CA2F-4B6D-BD0A-8F61D67E061C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-10-13 14:38 - 2011-10-13 14:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2013-09-23 19:23 - 2012-03-11 14:56 - 00086608 _____ () C:\WINDOWS\System32\cpwmon64.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-21 04:22 - 2013-09-21 04:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 16:15 - 2012-10-31 16:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 20:13 - 2012-08-13 20:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-24 11:29 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-24 11:29 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-29 20:54 - 2014-05-29 20:54 - 00043008 _____ () c:\users\simon\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi424_j.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Simon\AppData\Roaming\Dropbox\bin\libcef.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00063032 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
2014-05-29 20:54 - 2014-05-29 20:54 - 00098816 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32api.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00110080 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\pywintypes27.dll
2014-05-29 20:54 - 2014-05-29 20:54 - 00364544 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\pythoncom27.dll
2014-05-29 20:54 - 2014-05-29 20:54 - 00045568 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\_socket.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 01159680 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\_ssl.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00320512 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32com.shell.shell.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00713216 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\_hashlib.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 01175040 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\wx._core_.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00805888 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\wx._gdi_.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00811008 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\wx._windows_.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 01062400 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\wx._controls_.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00735232 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\wx._misc_.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00128512 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\_elementtree.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00127488 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\pyexpat.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00557056 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\pysqlite2._sqlite.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00087552 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\_ctypes.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00119808 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32file.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00108544 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32security.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00018432 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32event.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00038912 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32inet.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00070656 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\wx._html2.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00167936 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32gui.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00011264 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32crypt.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00027136 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\_multiprocessing.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00122368 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\wx._wizard.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00010240 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\select.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00024064 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32pipe.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00686080 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\unicodedata.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00025600 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32pdh.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00525640 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\windows._lib_cacheinvalidation.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00035840 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32process.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00017408 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32profile.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00022528 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\win32ts.pyd
2014-05-29 20:54 - 2014-05-29 20:54 - 00078336 _____ () C:\Users\Simon\AppData\Local\Temp\_MEI42363\wx._animate.pyd
2014-05-24 11:29 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-24 11:29 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-24 11:29 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2013-03-31 17:29 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Simon\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Simon\Desktop\Exam2014_Part2.xlsm:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/29/2014 06:44:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe version 17.4.9600.16384 afbrød kommunikationen med Windows og blev afsluttet. Hvis du vil se, om der findes flere oplysninger om problemet, kan du læse om problemets historik via Løsningscenter.
 
Proces-id: 1a68
 
Starttidspunkt: 01cf7b5c7b7e4b6d
 
Afslutningstidspunkt: 4294967295
 
Programsti: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe
 
Rapport-id: 70c2002b-e750-11e3-beb5-7c05072ccfc6
 
Fuldt navn på program med fejl: microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe
 
Relativt program-id for program med fejl: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (05/29/2014 08:32:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1677250
 
Error: (05/29/2014 08:32:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1677250
 
Error: (05/29/2014 08:32:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 06:27:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28061781
 
Error: (05/29/2014 06:27:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28061781
 
Error: (05/29/2014 06:27:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/28/2014 06:40:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Navn på program med fejl: TCrdMain_Win8.exe, version: 2.0.7.64, tidsstempel: 0x5091827a
Navn på modul med fejl: SynCOM.dll_unloaded, version: 16.3.4.0, tidsstempel: 0x50b86421
Undtagelseskode: 0xc0000005
Forskydning med fejl 0x000000000001f368
Proces-id 0x1fa0
Programmets starttidspunkt 0xTCrdMain_Win8.exe0
Programsti: TCrdMain_Win8.exe1
Modulsti: TCrdMain_Win8.exe2
Rapport-id: TCrdMain_Win8.exe3
Fuldt navn på program med fejl: TCrdMain_Win8.exe4
Relativt program-id for program med fejl: TCrdMain_Win8.exe5
 
Error: (05/26/2014 08:34:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13687
 
Error: (05/26/2014 08:34:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13687
 
 
System errors:
=============
Error: (05/29/2014 08:52:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den foregående systemlukning kl. 20:31:09 d. ‎29-‎05-‎2014 var uventet.
 
Error: (05/29/2014 08:51:51 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driveren har opdaget en intern fejl i sine datastrukturer for .
 
Error: (05/28/2014 07:47:03 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Computeren er konfigureret som et medlem af en arbejdsgruppe, ikke som
et medlem af et domæne. Tjenesten Netlogon behøver ikke at køre i denne
konfiguration.
 
Error: (05/28/2014 07:46:55 AM) (Source: Service Control Manager) (EventID: 7018) (User: )
Description: Der blev fundet cirkulær afhængighed, da tjenester blev startet automatisk. Kontrollér tjenesteafhængighedstræet.
 
Error: (05/28/2014 07:46:55 AM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: Tjenesten EsgScanner afhænger af en tjeneste i en gruppe, som starter senere. Skift rækkefølgende i tjenesteafhængighedstræet for at sikre, at alle tjenester, der skal starte denne tjeneste, startes før denne tjeneste.
 
Error: (05/28/2014 07:46:38 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driveren har opdaget en intern fejl i sine datastrukturer for .
 
Error: (05/25/2014 06:23:39 PM) (Source: Server) (EventID: 2505) (User: )
Description: Serveren blev ikke bundet til transportprotokollen \Device\NetBT_Tcpip_{B99AB6E4-8B40-4798-AD39-B13B9711798B}, fordi en anden computer i netværket har det samme navn. Serveren blev ikke startet.
 
Error: (05/25/2014 06:22:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Der opstod en timeout (30000 millisekunder), mens der ventedes på et transaktionssvar fra tjenesten UNS.
 
Error: (05/25/2014 00:25:24 PM) (Source: Service Control Manager) (EventID: 7017) (User: )
Description: Der blev fundet cirkulær afhængighed, da EsgScanner skulle startes. Kontrollér tjenesteafhængighedstræet.
 
Error: (05/25/2014 00:25:24 PM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: Tjenesten EsgScanner afhænger af en tjeneste i en gruppe, som starter senere. Skift rækkefølgende i tjenesteafhængighedstræet for at sikre, at alle tjenester, der skal starte denne tjeneste, startes før denne tjeneste.
 
 
Microsoft Office Sessions:
=========================
Error: (05/29/2014 06:44:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.4.9600.163841a6801cf7b5c7b7e4b6d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\LiveComm.exe70c2002b-e750-11e3-beb5-7c05072ccfc6microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (05/29/2014 08:32:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1677250
 
Error: (05/29/2014 08:32:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1677250
 
Error: (05/29/2014 08:32:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2014 06:27:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28061781
 
Error: (05/29/2014 06:27:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28061781
 
Error: (05/29/2014 06:27:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/28/2014 06:40:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: TCrdMain_Win8.exe2.0.7.645091827aSynCOM.dll_unloaded16.3.4.050b86421c0000005000000000001f3681fa001cf7a2ccfe0c1bfC:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeSynCOM.dll291b446d-e622-11e3-beb4-7c05072ccfc6
 
Error: (05/26/2014 08:34:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13687
 
Error: (05/26/2014 08:34:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13687
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-28 11:38:02.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:24.289
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:24.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:23.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:23.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:23.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:23.500
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:23.291
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:23.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-05-26 11:19:22.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 3979.22 MB
Available physical RAM: 2396.88 MB
Total Pagefile: 4683.22 MB
Available Pagefile: 2982.47 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
 
==================== Drives ================================
 
Drive c: (TI31061100A) (Fixed) (Total:285.94 GB) (Free:104.52 GB) NTFS
Drive d: (OFFICE14) (CDROM) (Total:0.71 GB) (Free:0 GB) UDF
Drive e: (DVDVolume) (CDROM) (Total:6.83 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

I am looking forward for the next steps.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:48 PM

Posted 30 May 2014 - 06:42 AM

This fix will not stop the popups from Chrome. Only some cosmetic cleanup.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {1DA59756-01EE-445A-B231-6D63DB5217EC} URL =
C:\Users\Simon\AppData\Local\Temp\0226F60D.dll
C:\Users\Simon\AppData\Local\Temp\023234CA.dll
C:\Users\Simon\AppData\Local\Temp\0234D034.dll
C:\Users\Simon\AppData\Local\Temp\0238487C.dll
C:\Users\Simon\AppData\Local\Temp\09339472.dll
C:\Users\Simon\AppData\Local\Temp\0994FAF9.dll
C:\Users\Simon\AppData\Local\Temp\0C725EA3.dll
C:\Users\Simon\AppData\Local\Temp\0C745745.dll
C:\Users\Simon\AppData\Local\Temp\13B4845D.dll
C:\Users\Simon\AppData\Local\Temp\280AE166.dll
C:\Users\Simon\AppData\Local\Temp\2810EDB0.dll
C:\Users\Simon\AppData\Local\Temp\39BEED4F.dll
C:\Users\Simon\AppData\Local\Temp\39C0B0B3.dll
C:\Users\Simon\AppData\Local\Temp\39C0FC95.dll
C:\Users\Simon\AppData\Local\Temp\3F7C22A2.dll
C:\Users\Simon\AppData\Local\Temp\3F811615.dll
C:\Users\Simon\AppData\Local\Temp\4F615A74.dll
C:\Users\Simon\AppData\Local\Temp\4F680903.dll
C:\Users\Simon\AppData\Local\Temp\4F68B7DC.dll
C:\Users\Simon\AppData\Local\Temp\668D6CBC.dll
C:\Users\Simon\AppData\Local\Temp\668F4829.dll
C:\Users\Simon\AppData\Local\Temp\669295A0.dll
C:\Users\Simon\AppData\Local\Temp\66939B9E.dll
C:\Users\Simon\AppData\Local\Temp\66A36D3A.dll
C:\Users\Simon\AppData\Local\Temp\67FE955A.dll
C:\Users\Simon\AppData\Local\Temp\69262672.dll
C:\Users\Simon\AppData\Local\Temp\692630C4.dll
C:\Users\Simon\AppData\Local\Temp\844A1A77.dll
C:\Users\Simon\AppData\Local\Temp\844CFE85.dll
C:\Users\Simon\AppData\Local\Temp\84502978.dll
C:\Users\Simon\AppData\Local\Temp\845D047A.dll
C:\Users\Simon\AppData\Local\Temp\845F1973.dll
C:\Users\Simon\AppData\Local\Temp\9B08DA3C.dll
C:\Users\Simon\AppData\Local\Temp\9B0A12D6.dll
C:\Users\Simon\AppData\Local\Temp\9B0C2263.dll
C:\Users\Simon\AppData\Local\Temp\9EF80187.dll
C:\Users\Simon\AppData\Local\Temp\AA959956.dll
C:\Users\Simon\AppData\Local\Temp\B98C2A9F.dll
C:\Users\Simon\AppData\Local\Temp\B98DD4FB.dll
C:\Users\Simon\AppData\Local\Temp\BBF0395B.dll
C:\Users\Simon\AppData\Local\Temp\C7539AEE.dll
C:\Users\Simon\AppData\Local\Temp\C7579C8F.dll
C:\Users\Simon\AppData\Local\Temp\C7601FBC.dll
C:\Users\Simon\AppData\Local\Temp\C760E62C.dll
C:\Users\Simon\AppData\Local\Temp\C76DE4EC.dll
C:\Users\Simon\AppData\Local\Temp\C76FCC18.dll
C:\Users\Simon\AppData\Local\Temp\C773855E.dll
C:\Users\Simon\AppData\Local\Temp\C774A6AC.dll
C:\Users\Simon\AppData\Local\Temp\CF3BD40E.dll
C:\Users\Simon\AppData\Local\Temp\D46866D0.dll
C:\Users\Simon\AppData\Local\Temp\D7C3332A.dll
C:\Users\Simon\AppData\Local\Temp\D7D353E6.dll
C:\Users\Simon\AppData\Local\Temp\DD691F18.dll
C:\Users\Simon\AppData\Local\Temp\DD6C87BE.dll
C:\Users\Simon\AppData\Local\Temp\DD6E7DBC.dll
C:\Users\Simon\AppData\Local\Temp\DD7571AA.dll
C:\Users\Simon\AppData\Local\Temp\DD76AD14.dll
C:\Users\Simon\AppData\Local\Temp\DD785D15.dll
C:\Users\Simon\AppData\Local\Temp\DD7896FB.dll
C:\Users\Simon\AppData\Local\Temp\DD78D467.dll
C:\Users\Simon\AppData\Local\Temp\DD7D941B.dll
C:\Users\Simon\AppData\Local\Temp\DD7E878D.dll
C:\Users\Simon\AppData\Local\Temp\DD8948EF.dll
C:\Users\Simon\AppData\Local\Temp\DD8CBD9F.dll
C:\Users\Simon\AppData\Local\Temp\DD8D168F.dll
C:\Users\Simon\AppData\Local\Temp\DD8E8516.dll
C:\Users\Simon\AppData\Local\Temp\DE4C1BEE.dll
C:\Users\Simon\AppData\Local\Temp\DED29D9C.dll
C:\Users\Simon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi424_j.dll
C:\Users\Simon\AppData\Local\Temp\E7691837.dll
C:\Users\Simon\AppData\Local\Temp\E95DDE38.dll
C:\Users\Simon\AppData\Local\Temp\F2ED4AD7.dll
C:\Users\Simon\AppData\Local\Temp\F2EEA7BD.dll
C:\Users\Simon\AppData\Local\Temp\F2F052CC.dll
C:\Users\Simon\AppData\Local\Temp\F2F0FBCB.dll
C:\Users\Simon\AppData\Local\Temp\F307D150.dll
C:\Users\Simon\AppData\Local\Temp\F309DA42.dll
C:\Users\Simon\AppData\Local\Temp\F30A278D.dll
C:\Users\Simon\AppData\Local\Temp\F30AFEC4.dll
C:\Users\Simon\AppData\Local\Temp\F31279C0.dll
C:\Users\Simon\AppData\Local\Temp\F3C725F8.dll
C:\Users\Simon\AppData\Local\Temp\F3D9B942.dll
C:\Users\Simon\AppData\Local\Temp\F924B3F8.dll
C:\Users\Simon\AppData\Local\Temp\FBE1F578.dll
C:\Users\Simon\AppData\Local\Temp\FBE3BCE0.dll
C:\Users\Simon\AppData\Local\Temp\FBE614C3.dll
C:\Users\Simon\AppData\Local\Temp\FBE79F62.dll
C:\Users\Simon\AppData\Local\Temp\FBE846D0.dll
C:\Users\Simon\AppData\Local\Temp\FF854DD2.dll
C:\Users\Simon\AppData\Local\Temp\HitmanPro.exe
C:\Users\Simon\AppData\Local\Temp\Quarantine.exe
C:\Users\Simon\AppData\Local\Temp\SHSetup.exe
C:\Users\Simon\AppData\Local\Temp\wlan_test.exe
Task: {55218675-727F-4639-80F8-83A6D5A5BFA7} - \fsupdate No Task File <==== ATTENTION
End

Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists try this.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart chrome.

===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Keep me posted.

#5 simonhansen

simonhansen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 30 May 2014 - 08:45 AM

Is it correct that the part, where I should reset Chrome, is only necessary if the solution from FRST did not work?

 

The log from FRST:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Simon at 2014-05-30 15:31:45 Run:1
Running from C:\Users\Simon\Desktop\Fikse virus
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {1DA59756-01EE-445A-B231-6D63DB5217EC} URL =
C:\Users\Simon\AppData\Local\Temp\0226F60D.dll
C:\Users\Simon\AppData\Local\Temp\023234CA.dll
C:\Users\Simon\AppData\Local\Temp\0234D034.dll
C:\Users\Simon\AppData\Local\Temp\0238487C.dll
C:\Users\Simon\AppData\Local\Temp\09339472.dll
C:\Users\Simon\AppData\Local\Temp\0994FAF9.dll
C:\Users\Simon\AppData\Local\Temp\0C725EA3.dll
C:\Users\Simon\AppData\Local\Temp\0C745745.dll
C:\Users\Simon\AppData\Local\Temp\13B4845D.dll
C:\Users\Simon\AppData\Local\Temp\280AE166.dll
C:\Users\Simon\AppData\Local\Temp\2810EDB0.dll
C:\Users\Simon\AppData\Local\Temp\39BEED4F.dll
C:\Users\Simon\AppData\Local\Temp\39C0B0B3.dll
C:\Users\Simon\AppData\Local\Temp\39C0FC95.dll
C:\Users\Simon\AppData\Local\Temp\3F7C22A2.dll
C:\Users\Simon\AppData\Local\Temp\3F811615.dll
C:\Users\Simon\AppData\Local\Temp\4F615A74.dll
C:\Users\Simon\AppData\Local\Temp\4F680903.dll
C:\Users\Simon\AppData\Local\Temp\4F68B7DC.dll
C:\Users\Simon\AppData\Local\Temp\668D6CBC.dll
C:\Users\Simon\AppData\Local\Temp\668F4829.dll
C:\Users\Simon\AppData\Local\Temp\669295A0.dll
C:\Users\Simon\AppData\Local\Temp\66939B9E.dll
C:\Users\Simon\AppData\Local\Temp\66A36D3A.dll
C:\Users\Simon\AppData\Local\Temp\67FE955A.dll
C:\Users\Simon\AppData\Local\Temp\69262672.dll
C:\Users\Simon\AppData\Local\Temp\692630C4.dll
C:\Users\Simon\AppData\Local\Temp\844A1A77.dll
C:\Users\Simon\AppData\Local\Temp\844CFE85.dll
C:\Users\Simon\AppData\Local\Temp\84502978.dll
C:\Users\Simon\AppData\Local\Temp\845D047A.dll
C:\Users\Simon\AppData\Local\Temp\845F1973.dll
C:\Users\Simon\AppData\Local\Temp\9B08DA3C.dll
C:\Users\Simon\AppData\Local\Temp\9B0A12D6.dll
C:\Users\Simon\AppData\Local\Temp\9B0C2263.dll
C:\Users\Simon\AppData\Local\Temp\9EF80187.dll
C:\Users\Simon\AppData\Local\Temp\AA959956.dll
C:\Users\Simon\AppData\Local\Temp\B98C2A9F.dll
C:\Users\Simon\AppData\Local\Temp\B98DD4FB.dll
C:\Users\Simon\AppData\Local\Temp\BBF0395B.dll
C:\Users\Simon\AppData\Local\Temp\C7539AEE.dll
C:\Users\Simon\AppData\Local\Temp\C7579C8F.dll
C:\Users\Simon\AppData\Local\Temp\C7601FBC.dll
C:\Users\Simon\AppData\Local\Temp\C760E62C.dll
C:\Users\Simon\AppData\Local\Temp\C76DE4EC.dll
C:\Users\Simon\AppData\Local\Temp\C76FCC18.dll
C:\Users\Simon\AppData\Local\Temp\C773855E.dll
C:\Users\Simon\AppData\Local\Temp\C774A6AC.dll
C:\Users\Simon\AppData\Local\Temp\CF3BD40E.dll
C:\Users\Simon\AppData\Local\Temp\D46866D0.dll
C:\Users\Simon\AppData\Local\Temp\D7C3332A.dll
C:\Users\Simon\AppData\Local\Temp\D7D353E6.dll
C:\Users\Simon\AppData\Local\Temp\DD691F18.dll
C:\Users\Simon\AppData\Local\Temp\DD6C87BE.dll
C:\Users\Simon\AppData\Local\Temp\DD6E7DBC.dll
C:\Users\Simon\AppData\Local\Temp\DD7571AA.dll
C:\Users\Simon\AppData\Local\Temp\DD76AD14.dll
C:\Users\Simon\AppData\Local\Temp\DD785D15.dll
C:\Users\Simon\AppData\Local\Temp\DD7896FB.dll
C:\Users\Simon\AppData\Local\Temp\DD78D467.dll
C:\Users\Simon\AppData\Local\Temp\DD7D941B.dll
C:\Users\Simon\AppData\Local\Temp\DD7E878D.dll
C:\Users\Simon\AppData\Local\Temp\DD8948EF.dll
C:\Users\Simon\AppData\Local\Temp\DD8CBD9F.dll
C:\Users\Simon\AppData\Local\Temp\DD8D168F.dll
C:\Users\Simon\AppData\Local\Temp\DD8E8516.dll
C:\Users\Simon\AppData\Local\Temp\DE4C1BEE.dll
C:\Users\Simon\AppData\Local\Temp\DED29D9C.dll
C:\Users\Simon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi424_j.dll
C:\Users\Simon\AppData\Local\Temp\E7691837.dll
C:\Users\Simon\AppData\Local\Temp\E95DDE38.dll
C:\Users\Simon\AppData\Local\Temp\F2ED4AD7.dll
C:\Users\Simon\AppData\Local\Temp\F2EEA7BD.dll
C:\Users\Simon\AppData\Local\Temp\F2F052CC.dll
C:\Users\Simon\AppData\Local\Temp\F2F0FBCB.dll
C:\Users\Simon\AppData\Local\Temp\F307D150.dll
C:\Users\Simon\AppData\Local\Temp\F309DA42.dll
C:\Users\Simon\AppData\Local\Temp\F30A278D.dll
C:\Users\Simon\AppData\Local\Temp\F30AFEC4.dll
C:\Users\Simon\AppData\Local\Temp\F31279C0.dll
C:\Users\Simon\AppData\Local\Temp\F3C725F8.dll
C:\Users\Simon\AppData\Local\Temp\F3D9B942.dll
C:\Users\Simon\AppData\Local\Temp\F924B3F8.dll
C:\Users\Simon\AppData\Local\Temp\FBE1F578.dll
C:\Users\Simon\AppData\Local\Temp\FBE3BCE0.dll
C:\Users\Simon\AppData\Local\Temp\FBE614C3.dll
C:\Users\Simon\AppData\Local\Temp\FBE79F62.dll
C:\Users\Simon\AppData\Local\Temp\FBE846D0.dll
C:\Users\Simon\AppData\Local\Temp\FF854DD2.dll
C:\Users\Simon\AppData\Local\Temp\HitmanPro.exe
C:\Users\Simon\AppData\Local\Temp\Quarantine.exe
C:\Users\Simon\AppData\Local\Temp\SHSetup.exe
C:\Users\Simon\AppData\Local\Temp\wlan_test.exe
Task: {55218675-727F-4639-80F8-83A6D5A5BFA7} - \fsupdate No Task File <==== ATTENTION
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1DA59756-01EE-445A-B231-6D63DB5217EC} => Key deleted successfully.
HKCR\CLSID\{1DA59756-01EE-445A-B231-6D63DB5217EC} => Key not found.
C:\Users\Simon\AppData\Local\Temp\0226F60D.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\023234CA.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\0234D034.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\0238487C.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\09339472.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\0994FAF9.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\0C725EA3.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\0C745745.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\13B4845D.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\280AE166.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\2810EDB0.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\39BEED4F.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\39C0B0B3.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\39C0FC95.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\3F7C22A2.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\3F811615.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\4F615A74.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\4F680903.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\4F68B7DC.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\668D6CBC.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\668F4829.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\669295A0.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\66939B9E.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\66A36D3A.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\67FE955A.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\69262672.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\692630C4.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\844A1A77.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\844CFE85.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\84502978.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\845D047A.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\845F1973.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\9B08DA3C.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\9B0A12D6.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\9B0C2263.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\9EF80187.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\AA959956.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\B98C2A9F.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\B98DD4FB.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\BBF0395B.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\C7539AEE.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\C7579C8F.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\C7601FBC.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\C760E62C.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\C76DE4EC.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\C76FCC18.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\C773855E.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\C774A6AC.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\CF3BD40E.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\D46866D0.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\D7C3332A.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\D7D353E6.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD691F18.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD6C87BE.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD6E7DBC.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD7571AA.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD76AD14.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD785D15.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD7896FB.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD78D467.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD7D941B.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD7E878D.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD8948EF.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD8CBD9F.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD8D168F.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DD8E8516.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DE4C1BEE.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\DED29D9C.dll => Moved successfully.
"C:\Users\Simon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi424_j.dll" => File/Directory not found.
C:\Users\Simon\AppData\Local\Temp\E7691837.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\E95DDE38.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F2ED4AD7.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F2EEA7BD.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F2F052CC.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F2F0FBCB.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F307D150.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F309DA42.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F30A278D.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F30AFEC4.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F31279C0.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F3C725F8.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F3D9B942.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\F924B3F8.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\FBE1F578.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\FBE3BCE0.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\FBE614C3.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\FBE79F62.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\FBE846D0.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\FF854DD2.dll => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\HitmanPro.exe => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Simon\AppData\Local\Temp\wlan_test.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55218675-727F-4639-80F8-83A6D5A5BFA7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55218675-727F-4639-80F8-83A6D5A5BFA7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fsupdate => Key deleted successfully.
 

 

==== End of Fixlog ====

 

The log from Security Check - checkup.txt:

 Results of screen317's Security Check version 0.99.83  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Reader XI  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Simon Desktop Fikse virus SecurityCheck.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
Looking forward to hear from you


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:48 PM

Posted 30 May 2014 - 12:43 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u60.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 55

===

If all is well:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:48 PM

Posted 06 June 2014 - 09:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users