Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection after YTD downloader installation and removal


  • This topic is locked This topic is locked
14 replies to this topic

#1 hjekar

hjekar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 22 May 2015 - 07:10 PM

Hello!
 
So this morning I decided to install YTD downloader, which was probably a mistake... It didn't let me uncheck anything before starting the installation. I used it a lot a few years ago without any problems, but after installing it this time, I read a lot of concerning stuff about it from other users...  About infections, adware, hijakers, hidden programs and all kinds of horrible things Happening to their computer
 
I have since uninstalled the program itself (used the uninstall file that came with it). I know that it changed my home page and search engine to Yahoo (Changed this back in Chromes settings). I do not know if it has installed anything else or done other things to my computer.
 
I have checked Revo uninstaller, and no new programs are registered as installed (but neither was YTDownloader...). I'm not sure if anything else was done by the program, if there are any hidden programs or processes, adware, viruses or malware on my computer now, or how I can check this. I did run adwcleaner, and it deleted something called Spigot among other things. Foolishly, I didn't keep the Log...
 
I just want to be sure that my computer is clean as a whistle. After reading about users getting severely infected by YTD downloader, I'm not going to take any chances. I haven't had any popups or stuff like that, but my computer was infected earlier this year, and there might be traces left of that as well. I currently can't see any symptoms, but I know that doesn't mean my computer is clean. I know that these kind of things can be sneaky.
 
Can you help me clear my computer? 

EDIT: I'm using Windows 8. I do notice that my computer is slower than usual.

Edited by hjekar, 22 May 2015 - 07:45 PM.


BC AdBot (Login to Remove)

 


m

#2 hjekar

hjekar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 25 May 2015 - 06:26 AM

I am still having problems with the pup.optional.spigot.a Malwarebytes keeps detecting it even if I quarantine and delete it. Please help?


Edited by hjekar, 25 May 2015 - 06:52 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 AM

Posted 25 May 2015 - 08:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#4 hjekar

hjekar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 25 May 2015 - 10:08 AM

Thank you for helping me!

 

Adwcleaner logfile:

 

# AdwCleaner v4.205 - Logfile created 25/05/2015 at 16:49:36
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Elise - TARDIS
# Running from : C:\Users\Elise\Desktop\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v32.0.3 (x86 nb-NO)
 
 
-\\ Google Chrome v43.0.2357.65
 
[C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7417 bytes] - [16/02/2015 00:53:35]
AdwCleaner[R10].txt - [1855 bytes] - [25/05/2015 16:45:36]
AdwCleaner[R1].txt - [954 bytes] - [16/02/2015 01:56:10]
AdwCleaner[R2].txt - [1003 bytes] - [17/02/2015 13:31:53]
AdwCleaner[R3].txt - [1445 bytes] - [08/05/2015 12:39:02]
AdwCleaner[R4].txt - [3063 bytes] - [22/05/2015 23:47:01]
AdwCleaner[R5].txt - [1365 bytes] - [23/05/2015 01:56:16]
AdwCleaner[R6].txt - [1424 bytes] - [23/05/2015 10:35:45]
AdwCleaner[R7].txt - [1543 bytes] - [24/05/2015 12:06:47]
AdwCleaner[R8].txt - [1602 bytes] - [25/05/2015 12:47:57]
AdwCleaner[R9].txt - [1795 bytes] - [25/05/2015 16:42:00]
AdwCleaner[S0].txt - [7522 bytes] - [16/02/2015 00:56:35]
AdwCleaner[S1].txt - [1021 bytes] - [16/02/2015 01:58:13]
AdwCleaner[S2].txt - [1069 bytes] - [17/02/2015 13:37:00]
AdwCleaner[S3].txt - [1515 bytes] - [08/05/2015 12:41:06]
AdwCleaner[S4].txt - [3136 bytes] - [22/05/2015 23:51:57]
AdwCleaner[S5].txt - [1489 bytes] - [23/05/2015 10:37:18]
AdwCleaner[S6].txt - [1782 bytes] - [25/05/2015 16:49:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1841  bytes] ##########

 

 
 
FRST .txt file:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Elise (administrator) on TARDIS on 25-05-2015 16:55:22
Running from C:\Users\Elise\Desktop\farbar
Loaded Profiles: Elise (Available Profiles: Elise)
Platform: Windows 8.1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-01-21] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-07-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10842096 2014-07-12] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Atheros Communications)
HKU\S-1-5-21-2358272060-2788243846-1444329666-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-03-16] (Glarysoft Ltd)
HKU\S-1-5-21-2358272060-2788243846-1444329666-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2358272060-2788243846-1444329666-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-2358272060-2788243846-1444329666-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2358272060-2788243846-1444329666-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2358272060-2788243846-1444329666-1002 -> {924964CC-9D7C-4051-8730-236D4C64D8F2} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 84.208.20.110 84.208.20.111
 
FireFox:
========
FF ProfilePath: C:\Users\Elise\AppData\Roaming\Mozilla\Firefox\Profiles\3u435z5z.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-19] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-11-18] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bok-NO.xml [2014-07-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\gulesider-NO.xml [2014-07-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qxl-NO.xml [2014-07-17]
 
Chrome: 
=======
CHR Profile: C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-27]
CHR Extension: (Google Docs) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]
CHR Extension: (Google Drive) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27]
CHR Extension: (YouTube) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27]
CHR Extension: (Google Cast) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-14]
CHR Extension: (Adblock Plus) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-28]
CHR Extension: (Google Search) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27]
CHR Extension: (Google Sheets) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-27]
CHR Extension: (Bookmark Manager) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-08]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-28]
CHR Extension: (Webcam Toy) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-08-27]
CHR Extension: (Hover Zoom) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-08-28]
CHR Extension: (My Chrome Theme) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2014-08-27]
CHR Extension: (Bookmax - Bookmark Manager) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjpkfadmfhloombfmmlllnbhkoehckm [2014-09-12]
CHR Extension: (Recent Bookmarks) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2014-09-12]
CHR Extension: (ThemeBeta.com) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pibalildiehneohnideandbffehpdkik [2015-03-24]
CHR Extension: (Gmail) - C:\Users\Elise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-19] (Advanced Micro Devices, Inc.) []
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S4 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S4 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1850680 2014-09-18] (Maxthon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 memoQauhlp75; C:\Program Files (x86)\Kilgray\memoQ-2014-R2\MemoQ.AutoUpdate.exe [223120 2015-04-29] (Kilgray)
S4 NalServ; C:\windows\SysWOW64\nalserv.exe [146032 2013-09-06] (Nalpeiron Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-01-28] (Electronic Arts)
S4 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-07-12] (Lenovo)
S4 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2014-07-12] (Lenovo)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S4 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-07-12] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) []
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-11] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [224992 2013-11-01] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-03-19] (Glarysoft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9105624 2014-01-21] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 NPF; system32\drivers\NPF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 16:55 - 2015-05-25 16:55 - 00000000 ____D () C:\FRST
2015-05-25 16:54 - 2015-05-25 16:54 - 00001921 _____ () C:\Users\Elise\Desktop\AdwCleaner[S6].txt
2015-05-25 16:50 - 2015-05-25 16:55 - 00000000 ____D () C:\Users\Elise\Desktop\farbar
2015-05-25 16:48 - 2015-05-25 16:48 - 00001855 _____ () C:\Users\Elise\Desktop\AdwCleaner[R10].txt
2015-05-25 16:41 - 2015-05-25 16:41 - 02223104 _____ () C:\Users\Elise\Desktop\adwcleaner_4.205.exe
2015-05-25 14:33 - 2015-05-25 16:50 - 00000381 _____ () C:\windows\setupact.log
2015-05-25 14:33 - 2015-05-25 14:33 - 00000000 _____ () C:\windows\setuperr.log
2015-05-25 13:54 - 2015-05-25 13:54 - 03593707 _____ () C:\Users\Elise\Documents\bookmarks_25.05.2015.html
2015-05-25 13:25 - 2015-05-25 16:55 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2358272060-2788243846-1444329666-1002
2015-05-24 12:49 - 2015-05-24 12:49 - 00266139 _____ () C:\Users\Elise\Documents\Cards Against Humanity.ods
2015-05-23 10:34 - 2015-05-23 10:34 - 00013750 _____ () C:\Users\Elise\Documents\cc_20150523_103452.reg
2015-05-23 10:08 - 2015-05-25 15:15 - 00764162 _____ () C:\windows\WindowsUpdate.log
2015-05-23 10:08 - 2015-05-23 10:08 - 00000000 ____D () C:\Users\Elise\AppData\Roaming\SUPERAntiSpyware.com
2015-05-23 10:07 - 2015-05-25 01:44 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-23 10:07 - 2015-05-23 10:07 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-23 10:07 - 2015-05-23 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-23 01:18 - 2015-05-23 01:20 - 00021024 _____ () C:\Users\Elise\Documents\cc_20150523_011834.reg
2015-05-23 00:12 - 2015-05-23 00:12 - 00000207 _____ () C:\windows\tweaking.com-regbackup-TARDIS-Windows-8.1-(64-bit).dat
2015-05-23 00:12 - 2015-05-23 00:12 - 00000000 ____D () C:\RegBackup
2015-05-23 00:12 - 2015-05-21 08:11 - 02720009 _____ (Thisisu) C:\Users\Elise\Downloads\JRT_NEW.exe
2015-05-14 15:09 - 2015-05-14 15:09 - 00629699 _____ () C:\Users\Elise\Desktop\nb_NO.zip
2015-05-14 12:51 - 2015-05-21 11:51 - 00000000 ____D () C:\Users\Elise\Documents\My memoQ projects
2015-05-14 12:51 - 2015-05-14 12:51 - 00000111 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-05-14 12:43 - 2015-05-21 16:50 - 00000000 ____D () C:\Users\Elise\AppData\Roaming\MemoQ
2015-05-14 12:43 - 2015-05-14 12:43 - 00001280 _____ () C:\Users\Public\Desktop\memoQ 2014 R2.lnk
2015-05-14 12:43 - 2015-05-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\memoQ Content Connector
2015-05-14 12:43 - 2015-05-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\memoQ CAL Management Tool
2015-05-14 12:43 - 2015-05-14 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\memoQ 2014 R2
2015-05-14 12:42 - 2015-05-21 16:47 - 00000000 ____D () C:\ProgramData\MemoQ
2015-05-14 12:42 - 2015-05-14 12:42 - 00000000 ____D () C:\ProgramData\Kilgray CP Client
2015-05-14 12:42 - 2015-05-14 12:42 - 00000000 ____D () C:\Program Files (x86)\Kilgray
2015-05-14 12:42 - 2015-04-29 20:02 - 00284560 _____ (kilgray.com) C:\windows\system32\MemoQProp.dll
2015-05-13 15:42 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 15:42 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:16 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 12:16 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-05-13 12:16 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 12:16 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-05-13 12:16 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 12:16 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 12:16 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 12:16 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-05-13 12:16 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 12:16 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-13 12:16 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 12:16 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-05-13 12:16 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 12:15 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 12:15 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 12:15 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 12:15 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 12:15 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 12:15 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 12:15 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2015-05-13 12:15 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-05-13 12:15 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-05-13 12:15 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 12:15 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-05-13 12:15 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 12:15 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-05-13 12:15 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-05-13 12:15 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-05-13 12:15 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-05-13 12:15 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 12:15 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 12:15 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 12:15 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 12:15 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 12:15 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-05-13 12:15 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-05-13 12:15 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-05-13 12:15 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-05-13 12:15 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-05-13 12:15 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-05-13 12:15 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 12:15 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-05-13 12:15 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-05-13 12:15 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-05-13 12:15 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-05-13 12:15 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 12:15 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 12:15 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-05-13 12:15 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-05-13 12:15 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-05-08 13:09 - 2015-05-08 13:09 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-05-02 23:36 - 2015-05-24 00:23 - 00000000 ____D () C:\Users\Elise\AppData\Roaming\vlc
2015-04-27 10:45 - 2015-05-09 12:58 - 00000000 ____D () C:\Users\Elise\Downloads\Fight Club (1999) [1080p]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 16:54 - 2014-07-12 12:56 - 01304556 _____ () C:\windows\system32\perfh014.dat
2015-05-25 16:54 - 2014-07-12 12:56 - 00352882 _____ () C:\windows\system32\perfc014.dat
2015-05-25 16:54 - 2014-03-18 11:53 - 00005430 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-25 16:51 - 2015-03-19 21:34 - 00000346 _____ () C:\windows\Tasks\GlaryInitialize 5.job
2015-05-25 16:50 - 2014-08-27 17:10 - 00001010 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 16:50 - 2014-08-27 16:53 - 00000000 ___DO () C:\Users\Elise\OneDrive
2015-05-25 16:50 - 2013-08-22 16:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-25 16:49 - 2015-02-16 00:53 - 00000000 ____D () C:\AdwCleaner
2015-05-25 16:49 - 2014-07-12 13:19 - 11809298 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-25 16:49 - 2013-08-22 15:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-05-25 16:41 - 2015-03-19 14:37 - 00000000 ____D () C:\Users\Elise\Desktop\Progz
2015-05-25 15:14 - 2014-08-27 17:10 - 00001014 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-25 15:07 - 2015-02-16 01:10 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\system32\sru
2015-05-25 14:57 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\AppReadiness
2015-05-25 14:34 - 2014-08-31 00:48 - 00210432 ___SH () C:\Users\Elise\Desktop\Thumbs.db
2015-05-25 13:42 - 2014-08-27 19:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-25 13:06 - 2014-08-27 16:47 - 00000000 ____D () C:\Users\Elise
2015-05-25 12:25 - 2015-02-16 01:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-24 15:17 - 2015-01-24 16:53 - 00000000 ____D () C:\Users\Elise\AppData\Roaming\KeePass
2015-05-24 01:03 - 2015-02-23 00:23 - 00000464 _____ () C:\Users\Elise\Documents\med therese.txt
2015-05-23 19:37 - 2015-03-27 23:44 - 00000000 ____D () C:\Users\Elise\Downloads\Interstellar (2014)
2015-05-23 10:32 - 2015-02-15 23:50 - 00000000 ____D () C:\Program Files (x86)\d2edd3fd-22ca-4b16-97e0-bf0ab793836b
2015-05-23 10:32 - 2014-07-12 14:10 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-23 10:03 - 2014-08-27 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-23 01:15 - 2014-09-21 14:48 - 00000000 ____D () C:\Users\Elise\AppData\Local\CrashDumps
2015-05-23 00:57 - 2014-08-27 19:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-23 00:38 - 2014-09-12 20:52 - 00000000 ____D () C:\Users\Elise\Documents\Nedlastinger
2015-05-22 23:57 - 2014-09-20 00:09 - 00287232 ___SH () C:\Users\Elise\Downloads\Thumbs.db
2015-05-20 18:08 - 2013-09-14 22:19 - 00000000 ____D () C:\Users\Elise\Desktop\jobb
2015-05-19 12:40 - 2014-08-28 14:11 - 00000263 _____ () C:\Users\Elise\Documents\serier begynner.txt
2015-05-19 12:38 - 2013-08-22 17:36 - 00000000 ____D () C:\windows\rescache
2015-05-18 00:09 - 2014-08-27 17:10 - 00003986 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 00:09 - 2014-08-27 17:10 - 00003750 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 22:43 - 2014-09-30 14:27 - 00000000 ____D () C:\Users\Elise\Desktop\Monologer
2015-05-14 19:26 - 2013-08-22 17:20 - 00000000 ____D () C:\windows\CbsTemp
2015-05-14 12:21 - 2013-08-22 16:44 - 00384080 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-14 02:23 - 2014-08-28 18:40 - 00000000 ____D () C:\windows\system32\MRT
2015-05-14 02:14 - 2014-08-28 18:40 - 140425016 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 15:37 - 2014-03-18 11:38 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-08 13:02 - 2015-02-16 01:51 - 00005374 _____ () C:\windows\system32\.crusader
2015-05-08 12:43 - 2015-02-16 01:40 - 11024496 _____ (SurfRight B.V.) C:\Users\Elise\Downloads\HitmanPro_x64.exe
2015-05-05 19:59 - 2014-08-28 18:59 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2014-08-28 18:59 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-30 15:16 - 2015-04-22 16:54 - 00000000 ____D () C:\Users\Elise\Desktop\Prøvebilder
2015-04-29 17:04 - 2015-04-05 02:22 - 00000214 _____ () C:\Users\Elise\Documents\Med m og p.txt
2015-04-26 16:27 - 2015-03-30 12:52 - 00001097 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-26 15:46 - 2015-01-01 22:48 - 00000000 ____D () C:\Users\Elise\Documents\EMDB
2015-04-26 15:46 - 2015-01-01 22:48 - 00000000 ____D () C:\Program Files (x86)\EMDB
2015-04-26 12:40 - 2014-08-27 16:48 - 00000000 ____D () C:\Users\Elise\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2015-04-12 21:21 - 2015-04-12 21:21 - 0002338 _____ () C:\Users\Elise\AppData\Local\recently-used.xbel
2014-07-12 13:18 - 2014-07-12 13:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-14 12:51 - 2015-05-14 12:51 - 0000111 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\Elise\AppData\Local\Temp\Quarantine.exe
C:\Users\Elise\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-23 14:16
 
==================== End of log ============================

 

And I attached the "addition" file.

 

The computer seems to be running fine. A little slower than usual. I'm not experiencing any problems at the moment. It looks like adwcleaner found something new (the scan was clean a couple of hours ago).

I won't run anything until I'm asked to do so, so I have no idea if malwarebytes or some other program will find something (like the pup.optional.spigot).

I'm worried about something hiding somewhere, as malware like that one appeared just a day after getting a clean scan.

Attached Files


Edited by hjekar, 25 May 2015 - 11:12 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 AM

Posted 25 May 2015 - 12:20 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
S3 NPF; system32\drivers\NPF.sys [X]
Task: {36FBF9F7-0174-4757-BF5C-29DD8E248DF9} - \Optimize Start Menu Cache Files-S-1-5-21-2358272060-2788243846-1444329666-500 No Task File <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If Malwarebytes reports anything please post the log for my review.

#6 hjekar

hjekar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 25 May 2015 - 01:15 PM

Here's the fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Elise at 2015-05-25 19:24:25 Run:1
Running from C:\Users\Elise\Desktop\farbar
Loaded Profiles: Elise (Available Profiles: Elise)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
S3 NPF; system32\drivers\NPF.sys [X]
Task: {36FBF9F7-0174-4757-BF5C-29DD8E248DF9} - \Optimize Start Menu Cache Files-S-1-5-21-2358272060-2788243846-1444329666-500 No Task File <==== ATTENTION
 
End
*****************
 
Processes closed successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => key Removed successfully
NPF => Service Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36FBF9F7-0174-4757-BF5C-29DD8E248DF9}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FBF9F7-0174-4757-BF5C-29DD8E248DF9}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2358272060-2788243846-1444329666-500" => key Removed successfully
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:24:26 ====
 
I ran malwarebytes, and nothing was reported, but should I post the log if anything is detected later? Those new detections appeared after Chrome had synced my bookmarks, settings, apps etc. this morning (I am not positive that this is related, though.)
At the moment nothing is detected.

Edited by hjekar, 25 May 2015 - 01:23 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 AM

Posted 25 May 2015 - 01:39 PM

Wait a day or two and let me know of any issues.

#8 hjekar

hjekar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 25 May 2015 - 03:01 PM

Thank you for your help so far!
I'll post an update in two days, or before should anything happen.

#9 hjekar

hjekar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 27 May 2015 - 04:48 PM

Hello again,

 

Good news! I've scanned again today with both adwcleaner and malwarebytes, and nothing was found.

Is there something else you want me to do?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 AM

Posted 28 May 2015 - 06:25 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 hjekar

hjekar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 30 May 2015 - 04:52 AM

Hello again,

 

I encountered a problem today. When I opened Chrome, all of my settings were reset to default. My bookmarks and passwords were still there, but extensions, theme, search and page settings etc. were gone. This has never happened to me before. Everything boots up a lot slower, and memory usage is a lot higher than usual.

I have no idea what is causing this.

 

EDIT:

 

Malwarebytes found nothing.

Adwcleaner found this;

 

# AdwCleaner v4.205 - Logfile created 30/05/2015 at 12:16:52
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Elise - TARDIS
# Running from : C:\Users\Elise\Desktop\Progz\adwcleaner_4.205.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Elise\AppData\Local\Temp\Uninstall.exe
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v32.0.3 (x86 nb-NO)
 
 
-\\ Google Chrome v43.0.2357.81
 
 
*************************
 
AdwCleaner[R0].txt - [7417 bytes] - [16/02/2015 00:53:35]
AdwCleaner[R10].txt - [1855 bytes] - [25/05/2015 16:45:36]
AdwCleaner[R11].txt - [1834 bytes] - [25/05/2015 20:24:14]
AdwCleaner[R12].txt - [1894 bytes] - [26/05/2015 13:31:57]
AdwCleaner[R13].txt - [1953 bytes] - [26/05/2015 15:44:23]
AdwCleaner[R14].txt - [2014 bytes] - [27/05/2015 23:06:40]
AdwCleaner[R15].txt - [2143 bytes] - [30/05/2015 12:14:39]
AdwCleaner[R1].txt - [954 bytes] - [16/02/2015 01:56:10]
AdwCleaner[R2].txt - [1003 bytes] - [17/02/2015 13:31:53]
AdwCleaner[R3].txt - [1445 bytes] - [08/05/2015 12:39:02]
AdwCleaner[R4].txt - [3063 bytes] - [22/05/2015 23:47:01]
AdwCleaner[R5].txt - [1365 bytes] - [23/05/2015 01:56:16]
AdwCleaner[R6].txt - [1424 bytes] - [23/05/2015 10:35:45]
AdwCleaner[R7].txt - [1543 bytes] - [24/05/2015 12:06:47]
AdwCleaner[R8].txt - [1602 bytes] - [25/05/2015 12:47:57]
AdwCleaner[R9].txt - [1795 bytes] - [25/05/2015 16:42:00]
AdwCleaner[S0].txt - [7522 bytes] - [16/02/2015 00:56:35]
AdwCleaner[S1].txt - [1021 bytes] - [16/02/2015 01:58:13]
AdwCleaner[S2].txt - [1069 bytes] - [17/02/2015 13:37:00]
AdwCleaner[S3].txt - [1515 bytes] - [08/05/2015 12:41:06]
AdwCleaner[S4].txt - [3136 bytes] - [22/05/2015 23:51:57]
AdwCleaner[S5].txt - [1489 bytes] - [23/05/2015 10:37:18]
AdwCleaner[S6].txt - [1921 bytes] - [25/05/2015 16:49:36]
AdwCleaner[S7].txt - [2069 bytes] - [30/05/2015 12:16:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2128  bytes] ##########

Edited by hjekar, 30 May 2015 - 05:19 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 AM

Posted 30 May 2015 - 08:27 AM

This is not normal. I hope it's not caused by a bad hard disk that is going bad.

===

Restore Windows back to an earlier point in time, any time prior to the start of your problems.

http://windows.microsoft.com/en-CA/windows-8/restore-refresh-reset-pc

You may have to get the Windows updates that were installed since that date.

If any problems please run the Farbar tool and post a fresh FRST log.

#13 hjekar

hjekar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 30 May 2015 - 10:02 AM

Good news! This might have been a one-time occurence. 

According to Glary utilities, boot time is now 40-50 seconds, and mamory usage on startup is usually between 15% and 19%. This sounds reasonabe to me at least, I do not know what's average.

So the computer runs fine. It is quick in general, and less than a year old, so it is probably not  bad hard drive :) 

 

But there's still two things...

 

The fact that Chrome had reset itself bothers me. I have restarted the computer several times, and it hasn't happened again, but I find it weird. 

A family member had messed around with the network (admin computer) a lot before that, but I have turned sync off, so it shouldn't have caused it.

 

Do you think that the uninstall.exe that was found in Temp was just a remnant from an uninstalled program? I recently uninstalled some unneeded ones.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 AM

Posted 30 May 2015 - 10:32 AM

Anything in a \temp folder is no longer required after the program has been installed.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 AM

Posted 05 June 2015 - 07:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users