Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

random redirect to 9t3zz.isolate.hahi.gdn -Malware?


  • Please log in to reply
9 replies to this topic

#1 slugg0

slugg0

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 10 August 2017 - 07:39 PM

Recently (a few weeks ago), I started getting random redirects to "http:// 9t3zz.isolate.hahi.gdn/ ..." that shows a "Congratulations Windows User" or similar.
It doesn't happen when entering any specific page, but seems to load at any time, on any page (even when a page has been loaded for a while and is "idle").
I've also noticed my browser has slowed down a lot, and in the last few days, the computer itself too.
I Think the redirect has only happened in Firefox, but that might be just because I almost exclusively use that, sometimes I have chrome running on the side for alternate logins on some pages ie. but I don't use that nearly as much.

I thought my slow browser was caused by bugs in Firefox or pluginContainer, since most often, firefox hangs completely for a few seconds then works for a minute, then hangs again until I restart it. -When I do, Windows always shows an error message saying "PluginContainer crashed" or something like that (other language, haven't got a screenshot at the moment. This all began before the redirects, so it might not be related(?)

The rest of the computer shouldn't be as slow as it is in my mind, I'm very careful about what I install, I recently (just under a year ago) did a format and "full cleanse" of the system.
I don't run any particularly heavy software, Main harddrives are not full CPU-use is normally under 20%, Physical memory normally under 60%.

Started googling once I reallised the redirects weren't normal ads and saw that this might be malware/adware?
If so, how do I remove it?
-I'd rather not do a format again, since it feels like I've just gotten my setup the way I like it agan after my last format (and I need my computer as-is for current projects)

I've tried running Malwarebytes Anti-Malware, Avast, Avira and SUPERAntiSpyware, all in Free mode and full scans. All came out clean.
My system:
MSI68A-GD55 (G3), Intel Core I7-2600K, 2x4GB RAM (DDR3 CL9 Vengance LP)
using:
Win 7 64bit
Avast, Avira, Malwarebytes Anti-Malware, SUPERAntiSpyware
Firefox 54.0.1 (32bit)


Edited by slugg0, 10 August 2017 - 08:01 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 10 August 2017 - 08:43 PM

Welcome aboard p22002758.gif

 

Which browser is affected?

Did you try different browser?

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 slugg0

slugg0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 11 August 2017 - 09:01 AM

So I did The above steps and after rusning Rkill (which didn't show any issues), I can't access The network anymore. Network control panel shows no errors, says it is connected to the internet and is receiving and sending data. But I can't access internet att all via Firefox, Chrome or Explorer. When trying to access my router, it loads a page that says "Settings have been updated". Changes have been made on IP-address or portnumber. You will now be disconnected from Asus RT-AC66U. ..."
Logged on to the router via my phone and checked the IP for my computer and it's thesame as before. In router:static 192.168.1.2 In PC Network settings: Static 192.168.1.2 Netmask 255.255.255.0 Standard gateway and DNS 192.168.1.1
Tried changing to dynamic IP in both PC and Router, but it made no difference.

Edited by slugg0, 11 August 2017 - 09:48 AM.


#4 slugg0

slugg0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 11 August 2017 - 09:05 AM

[Removed post (found Edit-button)]

Edited by slugg0, 11 August 2017 - 09:49 AM.


#5 slugg0

slugg0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 11 August 2017 - 09:18 AM

I can still successfully ping google (216.58.209.142) via cmd, so it seems I do have network access, but not through browsers (?)

#6 slugg0

slugg0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 11 August 2017 - 09:45 AM

I managed to copy the reports to my phone, so I could upload the results here (Still can't access internet via my PC):
Some text in the reports (mainly network settings) are in Swedish. If you need me to translate something, just let me know.

checkup.txt
-----------

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Avast Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
iSpy package installer (64 bit)
Java 8 Update 141
Java version 32-bit out of Date!
Adobe Flash Player 26.0.0.151
Mozilla Firefox (54.0.1)
Mozilla Thunderbird (52.2.1)
Google Chrome (60.0.3112.90)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Antivirus Avast AvastSvc.exe
Antivirus SUPERAntiSpyware SUPERANTISPYWARE.EXE
Antivirus Avast AvastUI.exe
Antivirus SUPERAntiSpyware SASCORE64.EXE
Antivirus Avast x64 aswidsagenta.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0
````````````````````End of Log``````````````````````







FSS.txt
-------

Farbar Service Scanner Version: 27-01-2016
Ran by Sluggo (administrator) on 11-08-2017 at 14:23:45
Running from "C:\Users\Sluggo\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****






MTB.txt
-------

MiniToolBox by Farbar Version: 17-06-2016
Ran by Sluggo (administrator) on 11-08-2017 at 14:26:07
Running from "C:\Users\Sluggo\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Model: MS-7681 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
TP-LINK 300Mbps Wireless N Adapter = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4-konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1 publish=Ja
add address name="Local Area Connection" address=192.168.1.2 mask=255.255.255.0


popd
# Slut p IPv4-konfigurationen



IP-konfiguration fr Windows

Vrddatornamn . . . . . . . . . . : Mainframe
Primrt DNS-suffix. . . . . . . . :
Nodtyp. . . . . . . . . . . . . . : Hybrid
IP-routning aktiverat . . . . . . : Nej
WINS-proxy aktiverat. . . . . . . : Nej

Ethernet-anslutning Local Area Connection:

Anslutningsspecifika DNS-suffix . :
Beskrivning . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Fysisk adress . . . . . . . . . . : 8C-89-A5-6F-4C-B2
DHCP aktiverat. . . . . . . . . . : Nej
Autokonfiguration aktiverat . . . : Ja
Lnklokal IPv6-adress . . . . . . : fe80::7c8c:4d04:12:2fbf%12(Standard)
IPv4-adress . . . . . . . . . . . : 192.168.1.2(Standard)
Ntmask . . . . . . . . . . . . . : 255.255.255.0
Standard-gateway. . . . . . . . . : 192.168.1.1
IAID fr DHCPv6 . . . . . . . . . : 344754597
DUID fr DHCPv6-klient. . . . . . : 00-01-00-01-1C-43-9E-B8-B0-48-7A-FA-43-F0
DNS-servrar . . . . . . . . . . . : 192.168.1.1
NetBIOS ver TCP/IP . . . . . . . : Aktiverat

Tunnelanslutning: isatap.lan:

Tillstnd . . . . . . . . . . . . : Frnkopplad
Anslutningsspecifika DNS-suffix . :
Beskrivning . . . . . . . . . . . : Microsoft ISATAP Adapter
Fysisk adress . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiverat. . . . . . . . . . : Nej
Autokonfiguration aktiverat . . . : Ja

Tunnelanslutning: Teredo Tunneling Pseudo-Interface:

Anslutningsspecifika DNS-suffix . :
Beskrivning . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Fysisk adress . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiverat. . . . . . . . . . : Nej
Autokonfiguration aktiverat . . . : Ja
IPv6-adress . . . . . . . . . . . : 2001:0:4137:9e76:ca4:3f4d:e02f:e9fc(Standard)
Lnklokal IPv6-adress . . . . . . : fe80::ca4:3f4d:e02f:e9fc%14(Standard)
Standard-gateway. . . . . . . . . : ::
NetBIOS ver TCP/IP . . . . . . . : Inaktiverat

Tunnelanslutning: isatap.{5A015FFD-3262-48B8-BE9F-BB6503FF208C}:

Tillstnd . . . . . . . . . . . . : Frnkopplad
Anslutningsspecifika DNS-suffix . :
Beskrivning . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Fysisk adress . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiverat. . . . . . . . . . : Nej
Autokonfiguration aktiverat . . . : Ja
Server: router.asus.com
Address: 192.168.1.1

Namn: google.com
Addresses: 2a00:1450:400f:805::200e
216.58.209.142


Skickar ping-signal till google.com [216.58.209.142] med 32 byte data:
Svar frn 216.58.209.142: byte=32 tid=8ms TTL=56
Svar frn 216.58.209.142: byte=32 tid=9ms TTL=56

Ping-statistik fr 216.58.209.142:
Paket: Skickade = 2, Mottagna = 2, Frlorade = 0 (0 %),
Ungefrlig verfringstid i millisekunder:
Lgsta = 8 ms, Hgsta = 9 ms, Medel = 8 ms
Server: router.asus.com
Address: 192.168.1.1

Namn: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:44:204::a7
2001:4998:58:c02::a9
206.190.36.45
98.139.180.149
98.138.253.109


Skickar ping-signal till yahoo.com [98.138.253.109] med 32 byte data:
Svar frn 98.138.253.109: byte=32 tid=149ms TTL=50
Svar frn 98.138.253.109: byte=32 tid=149ms TTL=50

Ping-statistik fr 98.138.253.109:
Paket: Skickade = 2, Mottagna = 2, Frlorade = 0 (0 %),
Ungefrlig verfringstid i millisekunder:
Lgsta = 149 ms, Hgsta = 149 ms, Medel = 149 ms

Skickar ping-signal till 127.0.0.1 med 32 byte data:
Svar frn 127.0.0.1: byte=32 tid < 1 ms TTL=128
Svar frn 127.0.0.1: byte=32 tid < 1 ms TTL=128

Ping-statistik fr 127.0.0.1:
Paket: Skickade = 2, Mottagna = 2, Frlorade = 0 (0 %),
Ungefrlig verfringstid i millisekunder:
Lgsta = 0 ms, Hgsta = 0 ms, Medel = 0 ms
===========================================================================
Grnssnittslista
12...8c 89 a5 6f 4c b2 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

Vgtabell fr IPv4
===========================================================================
Aktiva vgar:
Ntverksadress Ntmask Gateway-adress Grnssnitt Mtt
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 266
127.0.0.0 255.0.0.0 Vid lan 127.0.0.1 306
127.0.0.1 255.255.255.255 Vid lan 127.0.0.1 306
127.255.255.255 255.255.255.255 Vid lan 127.0.0.1 306
192.168.1.0 255.255.255.0 Vid lan 192.168.1.2 266
192.168.1.2 255.255.255.255 Vid lan 192.168.1.2 266
192.168.1.255 255.255.255.255 Vid lan 192.168.1.2 266
224.0.0.0 240.0.0.0 Vid lan 127.0.0.1 306
224.0.0.0 240.0.0.0 Vid lan 192.168.1.2 266
255.255.255.255 255.255.255.255 Vid lan 127.0.0.1 306
255.255.255.255 255.255.255.255 Vid lan 192.168.1.2 266
===========================================================================
Bestndiga vgar:
Ntverksadress Ntmask Gateway-adress Mtt
0.0.0.0 0.0.0.0 192.168.1.1 Standard
===========================================================================

Vgtabell fr IPv6
===========================================================================
Aktiva vgar:
Gr Mtt Ntverk Ml Gateway
14 58 ::/0 Vid lan
1 306 ::1/128 Vid lan
14 58 2001::/32 Vid lan
14 306 2001:0:4137:9e76:ca4:3f4d:e02f:e9fc/128
Vid lan
12 266 fe80::/64 Vid lan
14 306 fe80::/64 Vid lan
14 306 fe80::ca4:3f4d:e02f:e9fc/128
Vid lan
12 266 fe80::7c8c:4d04:12:2fbf/128
Vid lan
1 306 ff00::/8 Vid lan
14 306 ff00::/8 Vid lan
12 266 ff00::/8 Vid lan
===========================================================================
Bestndiga vgar:
Inga
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/10/2017 09:22:26 AM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 54.0.1.6388, tidsst䭰el 0x5953d640
, felet uppstod i modulen med namn: xul.dll, version 54.0.1.6388, tidsst䭰el 0x5953d62e
Undantagskod: 0x80000003
Felf��jutning: 0x008a6bcb
Process-ID: 0x2278
Programmets starttid: 0xplugin-container.exe0
S��g till program: plugin-container.exe1
S��g till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3

Error: (08/10/2017 09:22:16 AM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: firefox.exe, version 54.0.1.6388, tidsst䭰el 0x5953d1f8
, felet uppstod i modulen med namn: xul.dll, version 54.0.1.6388, tidsst䭰el 0x5953d62e
Undantagskod: 0x80000003
Felf��jutning: 0x008a6bcb
Process-ID: 0x2168
Programmets starttid: 0xfirefox.exe0
S��g till program: firefox.exe1
S��g till modul: firefox.exe2
Rapport-ID: firefox.exe3

Error: (08/09/2017 03:58:07 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext f��icrosoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1.
Den beroende sammans䴴ningen Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" kunde inte hittas.
Anv䮤 sxstrace.exe om du vill diagnostisera ytterligare.

Error: (08/08/2017 03:52:48 PM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext f��icrosoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1.
Den beroende sammans䴴ningen Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" kunde inte hittas.
Anv䮤 sxstrace.exe om du vill diagnostisera ytterligare.

Error: (08/08/2017 11:49:03 AM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 54.0.1.6388, tidsst䭰el 0x5953d640
, felet uppstod i modulen med namn: xul.dll, version 54.0.1.6388, tidsst䭰el 0x5953d62e
Undantagskod: 0x80000003
Felf��jutning: 0x008a6bcb
Process-ID: 0x1200
Programmets starttid: 0xplugin-container.exe0
S��g till program: plugin-container.exe1
S��g till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3

Error: (08/07/2017 12:21:27 PM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 54.0.1.6388, tidsst䭰el 0x5953d640
, felet uppstod i modulen med namn: xul.dll, version 54.0.1.6388, tidsst䭰el 0x5953d62e
Undantagskod: 0x80000003
Felf��jutning: 0x008a6bcb
Process-ID: 0x12f8
Programmets starttid: 0xplugin-container.exe0
S��g till program: plugin-container.exe1
S��g till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3

Error: (08/07/2017 02:46:58 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext f��icrosoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1.
Den beroende sammans䴴ningen Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" kunde inte hittas.
Anv䮤 sxstrace.exe om du vill diagnostisera ytterligare.

Error: (08/06/2017 01:32:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2017 01:18:49 PM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 54.0.1.6388, tidsst䭰el 0x5953d640
, felet uppstod i modulen med namn: xul.dll, version 54.0.1.6388, tidsst䭰el 0x5953d62e
Undantagskod: 0x80000003
Felf��jutning: 0x008a6bcb
Process-ID: 0x2edc
Programmets starttid: 0xplugin-container.exe0
S��g till program: plugin-container.exe1
S��g till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3

Error: (08/06/2017 01:16:52 PM) (Source: Application Error) (User: )
Description: Felet uppstod i programmet med namn: plugin-container.exe, version 54.0.1.6388, tidsst䭰el 0x5953d640
, felet uppstod i modulen med namn: xul.dll, version 54.0.1.6388, tidsst䭰el 0x5953d62e
Undantagskod: 0x80000003
Felf��jutning: 0x008a6bcb
Process-ID: 0x27b4
Programmets starttid: 0xplugin-container.exe0
S��g till program: plugin-container.exe1
S��g till modul: plugin-container.exe2
Rapport-ID: plugin-container.exe3


System errors:
=============
Error: (08/11/2017 12:51:58 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/11/2017 12:51:28 PM) (Source: Service Control Manager) (User: )
Description: Tj䮳ten Windows Modules Installer avbr��med f��nde fel:
%%5 = Ŵkomst nekad.


Error: (08/11/2017 02:50:55 AM) (Source: Service Control Manager) (User: )
Description: Tj䮳ten Windows Modules Installer avbr��med f��nde fel:
%%5 = Ŵkomst nekad.


Error: (08/10/2017 09:50:23 PM) (Source: Service Control Manager) (User: )
Description: Tj䮳ten Windows Modules Installer avbr��med f��nde fel:
%%5 = Ŵkomst nekad.


Error: (08/10/2017 04:49:09 PM) (Source: Service Control Manager) (User: )
Description: Tj䮳ten Windows Modules Installer avbr��med f��nde fel:
%%5 = Ŵkomst nekad.


Error: (08/10/2017 11:49:08 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/10/2017 11:48:38 AM) (Source: Service Control Manager) (User: )
Description: Tj䮳ten Windows Modules Installer avbr��med f��nde fel:
%%5 = Ŵkomst nekad.


Error: (08/10/2017 06:48:07 AM) (Source: Service Control Manager) (User: )
Description: Tj䮳ten Windows Modules Installer avbr��med f��nde fel:
%%5 = Ŵkomst nekad.


Error: (08/10/2017 01:47:33 AM) (Source: Service Control Manager) (User: )
Description: Tj䮳ten Windows Modules Installer avbr��med f��nde fel:
%%5 = Ŵkomst nekad.


Error: (08/09/2017 08:46:58 PM) (Source: Service Control Manager) (User: )
Description: Tj䮳ten Windows Modules Installer avbr��med f��nde fel:
%%5 = Ŵkomst nekad.



Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2016-09-21 01:15:06.603
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-09-21 01:15:06.602
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 10:01:26.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Antivirus\Sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 10:00:40.310
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\avipbb.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 10:00:40.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\avkmgr.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 10:00:40.154
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 10:00:40.061
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Torrent (HKCU\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AC0F074E4100}) (Version: 17.012.20093 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Fran硩s, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3 64-bit (HKLM\...\{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}) (Version: 3.0.2 - Adobe)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programst��HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ASUS RT-AC66U Wireless Router Utilities (HKLM-x32\...\{266E41AB-D928-4AF2-A8E4-B24E31F5758C}) (Version: 4.2.6.0 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity_is1) (Version: 2.1.2 - Audacity Team)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 7.0.5.154 - Autodesk)
Autodesk Fusion 360 (HKCU\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.2727 - Autodesk, Inc.)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Manufacturing Data Exchange Utility 2017 (HKLM\...\Autodesk Manufacturing Data Exchange Utility 8.6.10) (Version: 8.6.10 - Autodesk)
Autodesk Manufacturing Data Exchange Utility Premium 2017 FCS Licence (HKLM\...\{F9B201A4-F2F8-4BDF-BF06-C54186B7EE9A}) (Version: 0.0.4 - Autodesk)
Autodesk Netfabb Premium 2017 (HKLM\...\{BFAF58A1-D0FE-4389-AB02-34028140F829}) (Version: 8.3.1508 - Autodesk) Hidden
Autodesk Netfabb Premium 2017 (HKLM\...\Autodesk Netfabb Premium 2017) (Version: 8.3.1508 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.29.32 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
BankID s䫥rhetsprogram (HKLM-x32\...\{77B5BCDC-5496-48DA-8B16-5EE2AF08CA31}) (Version: 7.3.0.18 - Finansiell ID-Teknik BID AB)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.40.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.1.0.6 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.10.2 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.1.7 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version: - Cisco Systems, Inc.)
Cura 2.3 (HKLM-x32\...\Cura 2.3) (Version: 2.3.1 - Ultimaker)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.0909 - CyberLink Corp.)
Earthworm Jim (HKLM-x32\...\1207663103_is1) (Version: 2.1.0.12 - GOG.com)
ECigStats (HKCU\...\ECigStats) (Version: - ECigStats)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EScribe Suite (HKCU\...\EScribe) (Version: - Evolv)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
FastStone Capture 6.6 (HKLM-x32\...\FastStone Capture) (Version: 6.6 - FastStone Soft)
FileZilla Client 3.17.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.17.0.1 - Tim Kosse)
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Graph 4.4.2 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen)
Handelsbanken kortl䳡re (HKLM-x32\...\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}) (Version: 1.00.0000 - Todos Data System AB)
High-Definition Video Playback 10 (HKLM-x32\...\{237CCB62-8454-43E3-B158-3ACD0134852E}) (Version: 7.0.11400.29.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iSpy (64 bit) (HKLM\...\{C4E675C9-06AC-4CD2-96F4-C5A9DE1FF17D}) (Version: 6.8.2.0 - DeveloperInABox)
iSpy package installer (64 bit) (HKLM-x32\...\{621b700d-ea57-447a-bc3d-5c66df050574}) (Version: 6.8.2.0 - DeveloperInABox)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Meshmixer (HKLM\...\Meshmixer_x64) (Version: 11.0.544 - Autodesk, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 sv-SE)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 sv-SE) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 sv-SE)) (Version: 52.2.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Workbench 6.2 CE (HKLM\...\{B632465A-857D-4FC2-A76E-B1F3693527D8}) (Version: 6.2.4 - Oracle Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
NVIDIA 3D Vision drivrutin 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin f��tyrenhet 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7960 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Repetier-Host version 1.6.2 (HKLM\...\{1143F758-929B-4EEB-8784-46CCB622F037}_is1) (Version: 1.6.2 - repetier)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.101 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TI Connect CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
WANHAO-16.01 (HKLM-x32\...\{F5AF594C-DA73-4029-98EE-24EA8066133F}) (Version: 16.01 - WANHAO 3D PRINTER) Hidden
WANHAO-16.01 (HKLM-x32\...\WANHAO-16.01 16.01) (Version: 16.01 - WANHAO 3D PRINTER)
Wanscam (HKLM\...\{3442293B-19C5-416C-BE86-D02638EA83C1}_is1) (Version: 1.1.2.4 - Wanscam)
WANSCAM (HKLM\...\{38BE5D36-4EEA-4AB1-9D7D-AB744E17792E}_is1) (Version: 1.2.2.10 - )
web control version 1.0.0.9 (HKLM-x32\...\{7DEBACD4-13DE-46DF-974F-F3F264D1E897}_is1) (Version: 1.0.0.9 - )
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino USB Driver (01/04/2013 1.0.0.0) (HKLM\...\1E3EA5624DD04BEFECF3FFF6D3A21CCE9CD70A91) (Version: 01/04/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
Windows-drivrutinspaket - Dimension Engineering USB Serial Converter (07/23/2016 1.0.3.17) (HKLM\...\A47B0ACE2D6E8887115B5A5AE0998558DE698070) (Version: 07/23/2016 1.0.3.17 - Dimension Engineering)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, https://www.wireshark.org)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version: - )
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)

========================= Devices: ================================

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (USB-standardv䲤styrenhet)
Service:
Device ID: USB\VID_0000&PID_0000\7&1BBB1DBD&0&3
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: TP-LINK 300Mbps Wireless N Adapter
Description: TP-LINK 300Mbps Wireless N Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TP-LINK
Service: athr
Device ID: PCI\VEN_168C&DEV_002D&SUBSYS_0300168C&REV_01\5&2CE2B8E1&0&0000E4
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 84%
Total physical RAM: 8094.83 MB
Available physical RAM: 1282.84 MB
Total Virtual: 16187.85 MB
Available Virtual: 7538.75 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:234.52 GB) (Free:101.27 GB) NTFS
2 Drive d: (Main) (Fixed) (Total:231.24 GB) (Free:130.39 GB) NTFS
3 Drive e: (Bilder) (Fixed) (Total:552.15 GB) (Free:244.06 GB) NTFS
4 Drive f: (Media) (Fixed) (Total:1863.01 GB) (Free:104.98 GB) NTFS
5 Drive g: (DL) (Fixed) (Total:298.09 GB) (Free:13.72 GB) NTFS
6 Drive h: (Gamla_XP) (Fixed) (Total:146.48 GB) (Free:71.35 GB) NTFS

========================= Users: ========================================

Anvndarkonton fr \\MAINFRAME

Administrator Guest Sluggo
Kommandot har utfrts.

========================= Restore Points ==================================

11-08-2017 01:33:21 Scheduled Checkpoint

**** End of log ****








Malwarebytes Ant-malware
------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Skanningsdatum: 2017-08-11
Skanningstid: 01:35
Loggfil: malwarebytes_am_log_08-11.txt
Administrat��Ja

Version: 2.2.1.1043
Databas med skadliga program: v2017.08.10.05
Databas med rootkit: v2017.08.02.01
Licens: Gratis
Skydd mot skadliga program: Inaktiverat
Skydd mot skadliga webbplatser: Inaktiverat
Sj䬶f��ar: Inaktiverat

OS: Windows 7 Service Pack 1
CPU: x64
Filsystem: NTFS
Anv䮤are: Sluggo

Skanningstyp: Hotskanning
Resultat: Slutf��
Skannade objekt: 295647
F��uten tid: 31 min, 4 sek

Minne: Aktiverat
Autostart: Aktiverat
Filsystem: Aktiverat
Arkivfiler: Aktiverat
Rootkits: Inaktiverat
Heuristik: Aktiverat
PUP: Aktiverat
PUM: Aktiverat

Processer: 0
(Inga skadliga poster uppt䣫ta)

Moduler: 0
(Inga skadliga poster uppt䣫ta)

Registernycklar: 0
(Inga skadliga poster uppt䣫ta)

Registerv䲤en: 0
(Inga skadliga poster uppt䣫ta)

Registerdata: 0
(Inga skadliga poster uppt䣫ta)

Mappar: 0
(Inga skadliga poster uppt䣫ta)

Filer: 0
(Inga skadliga poster uppt䣫ta)

Fysiska sektorer: 0
(Inga skadliga poster uppt䣫ta)


(end)





Mbar System-log.txt
-------------------

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18665

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 8488046592, free: 1394671616

Downloaded database version: v2017.08.11.04
Downloaded database version: v2017.08.02.01
Downloaded database version: v2017.08.09.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
08/11/2017 14:31:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\aswRvrt.sys
\SystemRoot\system32\drivers\aswVmm.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avdevprot.sys
\SystemRoot\system32\drivers\aswbuniva.sys
\SystemRoot\system32\drivers\aswbloga.sys
\SystemRoot\system32\drivers\aswbidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\??\C:\Program Files\Antivirus\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\Antivirus\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\drivers\aswbidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\SMCLIB.SYS
\SystemRoot\system32\DRIVERS\lvbflt64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\SysWOW64\speedfan.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\shbecr.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\user32.dll
\Windows\System32\nsi.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\wininet.dll
\Windows\System32\lpk.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2017.08.11.04
rootkit: v2017.08.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8007f7d060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f7db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007f7d060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007a52520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007c33060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007f7a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f7ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007f7a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007c31510, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007aa5680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 10311338

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 307194867
Partition is bootable
Partition file system is NTFS

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 307194930 Numsec = 1157949135
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007f7b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f7bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007f7b060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007aa9520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007c3e680, DeviceName: \Device\Ide\IdeDeviceP1T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AF1AAF1A

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition is not bootable
Partition file system is NTFS

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8007f7c060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007f7cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007f7c060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007c3d520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007aa1060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D170D17

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 3907024002
Partition is not bootable
Partition file system is NTFS

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Drive 3
This is a System drive
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DA1B1796

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 491819008
Partition is bootable
Partition file system is NTFS

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 491823041 Numsec = 484950079
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-307194930-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-1-491823041-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished





mbar-log-2017-08-11 (14-32-15).txt
----------------------------------


Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2017.08.11.04
rootkit: v2017.08.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18665
Sluggo :: MAINFRAME [administrator]

2017-08-11 14:32:15
mbar-log-2017-08-11 (14-32-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 297138
Time elapsed: 29 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)







Rkill.txt
---------

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/11/2017 03:24:03 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Defender Disabled

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com

Program finished at: 08/11/2017 03:24:11 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

Edited by slugg0, 11 August 2017 - 09:52 AM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 11 August 2017 - 07:30 PM

I don't see much there.

For now I suggest new topic in Networking forum until connection issue is resolved.

Then you may want to come back here.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 slugg0

slugg0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 11 August 2017 - 08:20 PM

so if we disregard the connection issue, you can't see any solution to my original issue?

I also think my connection issue is caused by thesame virus; I can ping outside my network and network status comes up as normal, so i think something is blocking the browsers from showing the requested pages.
Firefox statusbar also shows "performing TLS handshake with www.bleepingcomputer.com", but pages never loads like the connection is too slow. If I disable my network, pages immediately shows "server not found", as it's supposed too if there is no network connection.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:05 PM

Posted 11 August 2017 - 08:49 PM

If you can handle this through your phone...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.


-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 slugg0

slugg0
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 11 August 2017 - 09:56 PM

thanks! I'll try to get these programs to my computer and get back to ya.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users