Hello! I've been trying all day to boot up the computer, but windows just won't start. It'll take directly to the startup repair, but the repair can't solve the issue. I've tried restarting it and tried to restore it to a prior time without success. So now I've been thinking about Farbar Recovery Scan Tool, it's scanning right now. The computer is an HP Probook 6555b, Windows 7 x32.
Windows won't boot
- Thread starter Zebban
- Start date
Hi! Here's the frst.txt from the scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01
Ran by SYSTEM on 11-05-2013 17:47:06
Running from H:\
Windows 7 Professional (X86) OS Language: Swedish
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [563736 2010-03-06] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [1691192 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [153640 2009-06-04] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [400936 2009-06-04] (ActivIdentity)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-08] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [593920 2011-11-01] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
HKLM\...\Runonce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "" [x]
HKLM\...\runonceex: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, [x]
HKLM\...\Winlogon: [System]
Winlogon\Notify\DeviceNP: DeviceNP.dll [X]
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()
HKU\Erik Kjell\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2010-02-22] (Hewlett-Packard Company)
HKU\Erik Kjell\...\Run: [Google Update] "C:\Users\Erik Kjell\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2010-11-30] (Google Inc.)
HKU\Erik Kjell\...\Run: [HW_OPENEYE_OUC_Telia mobile broadband] "C:\Program Files\Telia mobile broadband\UpdateDog\ouc.exe" [x]
HKU\Erik Kjell\...\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex [x]
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
========================== Services (Whitelisted) =================
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity)
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2010-01-21] (LSI Corporation)
S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-03-31] (DigitalPersona, Inc.)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-12-10] (LogMeIn Inc.)
S2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
S2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P)
S2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
S2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company)
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2010-01-19] (Hewlett-Packard)
S2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
S4 IBUpdaterService; C:\Windows\system32\dmwu.exe [1156400 2013-04-07] ()
S2 klnagent; C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe [127632 2013-01-22] (Kaspersky Lab ZAO)
S2 MSSQL$MAMUT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MAMUT\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [44896 2010-04-03] (Microsoft Corporation)
S2 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [198136 2012-02-08] (Nitro PDF Software)
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc)
S4 SQLAgent$MAMUT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MAMUT\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)
S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [x]
S2 vcsFPService; C:\windows\system32\vcsFPService.exe [x]
==================== Drivers (Whitelisted) ====================
S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2010-11-02] (Microsoft Corporation)
S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2010-11-02] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-02] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-01] (Microsoft Corporation)
S3 Accelerometer; system32\DRIVERS\Accelerometer.sys [x]
S3 AcpiPmi; \SystemRoot\system32\DRIVERS\acpipmi.sys [x]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [x]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [x]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [x]
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [x]
S3 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [x]
S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [x]
S3 aliide; \SystemRoot\system32\DRIVERS\aliide.sys [x]
S3 amdagp; \SystemRoot\system32\DRIVERS\amdagp.sys [x]
S3 amdide; \SystemRoot\system32\DRIVERS\amdide.sys [x]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [x]
S3 amdkmdag; system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap; system32\DRIVERS\atikmpag.sys [x]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [x]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [x]
S0 amdxata; system32\drivers\amdxata.sys [x]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [x]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [x]
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [x]
S0 AtiPcie; system32\DRIVERS\AtiPcie.sys [x]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [x]
S3 b57nd60x; system32\DRIVERS\b57nd60x.sys [x]
S3 BCM43XX; system32\DRIVERS\bcmwl6.sys [x]
S1 blbdrive; \SystemRoot\system32\DRIVERS\blbdrive.sys [x]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [x]
S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [x]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [x]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [x]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [x]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [x]
S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [x]
S3 BthPan; system32\DRIVERS\bthpan.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [x]
S3 cmdide; \SystemRoot\system32\DRIVERS\cmdide.sys [x]
S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [x]
S3 DAMDrv; system32\DRIVERS\DAMDrv.sys [x]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [x]
S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [x]
S3 ErrDev; \SystemRoot\system32\DRIVERS\errdev.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [x]
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [x]
S3 fssfltr; system32\DRIVERS\fssfltr.sys [x]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [x]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [x]
S3 grmnusb; system32\drivers\grmnusb.sys [x]
S3 hamachi; system32\DRIVERS\hamachi.sys [x]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [x]
S3 HidBatt; \SystemRoot\system32\DRIVERS\HidBatt.sys [x]
S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [x]
S0 hpdskflt; system32\DRIVERS\hpdskflt.sys [x]
S3 HpqKbFiltr; \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys [x]
S3 HpSAMD; \SystemRoot\system32\DRIVERS\HpSAMD.sys [x]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x]
S3 htcnprot; system32\DRIVERS\htcnprot.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [x]
S3 intelide; \SystemRoot\system32\DRIVERS\intelide.sys [x]
S3 intelppm; \SystemRoot\system32\DRIVERS\intelppm.sys [x]
S3 IPMIDRV; \SystemRoot\system32\DRIVERS\IPMIDrv.sys [x]
S3 isapnp; \SystemRoot\system32\DRIVERS\isapnp.sys [x]
S3 iScsiPrt; \SystemRoot\system32\DRIVERS\msiscsi.sys [x]
S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [x]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [x]
S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [x]
S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [x]
S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [x]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [x]
S3 mpio; \SystemRoot\system32\DRIVERS\mpio.sys [x]
S0 msahci; system32\DRIVERS\msahci.sys [x]
S3 msdsm; \SystemRoot\system32\DRIVERS\msdsm.sys [x]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [x]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [x]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [x]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [x]
S3 nv_agp; \SystemRoot\system32\DRIVERS\nv_agp.sys [x]
S3 ohci1394; \SystemRoot\system32\DRIVERS\ohci1394.sys [x]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [x]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [x]
S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [x]
S2 rimspci; system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie; system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie; system32\DRIVERS\rixdpe86.sys [x]
S4 RsFx0151; system32\DRIVERS\RsFx0151.sys [x]
S1 RsvLock; No ImagePath
S3 s3cap; \SystemRoot\system32\DRIVERS\vms3cap.sys [x]
S0 SbAlg; No ImagePath
S0 SbFsLock; No ImagePath
S3 sbp2port; \SystemRoot\system32\DRIVERS\sbp2port.sys [x]
S2 secdrv; No ImagePath
S3 sffdisk; \SystemRoot\system32\DRIVERS\sffdisk.sys [x]
S3 sffp_mmc; \SystemRoot\system32\DRIVERS\sffp_mmc.sys [x]
S3 sffp_sd; \SystemRoot\system32\DRIVERS\sffp_sd.sys [x]
S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [x]
S3 sisagp; \SystemRoot\system32\DRIVERS\sisagp.sys [x]
S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [x]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [x]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [x]
S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [x]
S3 STHDA; system32\DRIVERS\stwrt.sys [x]
S0 storflt; system32\DRIVERS\vmstorfl.sys [x]
S3 storvsc; \SystemRoot\system32\DRIVERS\storvsc.sys [x]
S3 swenum; \SystemRoot\system32\DRIVERS\swenum.sys [x]
S3 SynTP; \SystemRoot\system32\DRIVERS\SynTP.sys [x]
S3 Tdsshbecr; system32\DRIVERS\shbecr.sys [x]
S3 TPM; system32\drivers\tpm.sys [x]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [x]
S3 uliagpkx; \SystemRoot\system32\DRIVERS\uliagpkx.sys [x]
S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 usbcir; \SystemRoot\system32\DRIVERS\usbcir.sys [x]
S3 usbprint; \SystemRoot\system32\DRIVERS\usbprint.sys [x]
S3 vhdmp; \SystemRoot\system32\DRIVERS\vhdmp.sys [x]
S3 viaagp; \SystemRoot\system32\DRIVERS\viaagp.sys [x]
S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [x]
S3 viaide; \SystemRoot\system32\DRIVERS\viaide.sys [x]
S3 vmbus; \SystemRoot\system32\DRIVERS\vmbus.sys [x]
S3 VMBusHID; \SystemRoot\system32\DRIVERS\VMBusHID.sys [x]
S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [x]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [x]
S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [x]
S3 yukonw7; system32\DRIVERS\yk62x86.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-11 17:22 - 2013-05-11 17:22 - 00000000 ____D C:\FRST
2013-05-11 14:22 - 2013-05-11 14:22 - 00529309 ____A C:\Users\Erik Kjell\Desktop\disktec.zip
2013-05-11 14:22 - 2013-05-11 14:20 - 00824725 ____A C:\Users\Erik Kjell\Desktop\wiztree_1_05_portable.zip
2013-05-11 14:16 - 2013-05-11 17:17 - 00000000 ____D C:\1a2f23ff9987f364491358
2013-05-11 14:16 - 2013-05-11 17:16 - 00000000 ____D C:\Windows\LastGood
2013-05-11 14:04 - 2013-05-11 14:04 - 00002115 ____A C:\Windows\epplauncher.mif
2013-05-11 13:57 - 2013-05-11 14:04 - 00000000 ____D C:\2989dde06a131b0b224c
2013-05-11 13:54 - 2013-05-11 13:54 - 00000000 ____D C:\Windows\sv
2013-05-11 13:50 - 2013-05-11 13:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-11 13:45 - 2013-05-11 13:54 - 00000000 ____D C:\Program Files\Windows Live
2013-05-11 13:43 - 2013-05-11 13:43 - 00000000 ____D C:\Windows\pss
2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Windows Live
2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-05-01 16:48 - 2013-05-01 16:49 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Personal
2013-05-01 16:48 - 2013-05-01 16:48 - 00000000 ____D C:\Program Files\Personal
2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\InstallShield
2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Program Files\Handelsbanken kortläsare
2013-04-27 17:41 - 2013-04-12 14:58 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-17 18:34 - 2013-04-17 19:38 - 00853645 ____A C:\Users\Erik Kjell\Downloads\Kost för aktiva ungdomar!.pptx
2013-04-16 14:57 - 2013-02-22 05:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-16 14:57 - 2013-02-22 04:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-16 14:57 - 2013-02-22 04:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-16 14:57 - 2013-02-22 04:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-16 14:57 - 2013-02-22 04:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-16 14:57 - 2013-02-22 04:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-16 14:57 - 2013-02-22 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-16 14:57 - 2013-02-22 04:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-16 14:57 - 2013-02-22 04:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-16 14:57 - 2013-02-22 04:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-16 14:57 - 2013-02-22 04:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-16 14:57 - 2013-02-22 04:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-16 14:57 - 2013-02-22 04:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-16 14:57 - 2013-02-22 04:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-16 14:57 - 2013-02-22 04:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-16 14:57 - 2013-02-22 04:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 18:15 - 2013-03-19 06:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-11 18:15 - 2013-03-19 06:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-11 18:15 - 2013-03-19 05:54 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-11 18:15 - 2013-03-19 03:50 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-11 18:15 - 2013-03-01 04:11 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-11 18:15 - 2013-02-12 16:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-11 18:15 - 2013-02-12 16:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-11 18:15 - 2013-02-12 14:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-11 18:15 - 2013-01-24 05:51 - 00195816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-11 18:11 - 2013-05-11 17:17 - 00000000 ____D C:\Windows\System32\jmdp
==================== One Month Modified Files and Folders ========
2013-05-11 17:22 - 2013-05-11 17:22 - 00000000 ____D C:\FRST
2013-05-11 17:17 - 2013-05-11 14:16 - 00000000 ____D C:\1a2f23ff9987f364491358
2013-05-11 17:17 - 2013-04-11 18:11 - 00000000 ____D C:\Windows\System32\jmdp
2013-05-11 17:17 - 2010-11-30 13:48 - 00000000 ____D C:\users\Erik Kjell
2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-05-11 17:16 - 2013-05-11 14:16 - 00000000 ____D C:\Windows\LastGood
2013-05-11 15:38 - 2010-04-25 21:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-11 15:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-11 14:22 - 2013-05-11 14:22 - 00529309 ____A C:\Users\Erik Kjell\Desktop\disktec.zip
2013-05-11 14:20 - 2013-05-11 14:22 - 00824725 ____A C:\Users\Erik Kjell\Desktop\wiztree_1_05_portable.zip
2013-05-11 14:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-11 14:14 - 2010-11-30 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-11 14:11 - 2011-10-26 15:49 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Apple Computer
2013-05-11 14:09 - 2010-11-30 14:12 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-11 14:07 - 2011-10-25 15:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-11 14:06 - 2012-11-17 20:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\uTorrent
2013-05-11 14:05 - 2010-11-30 21:37 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208221703-1258386026-352298716-1002UA.job
2013-05-11 14:04 - 2013-05-11 14:04 - 00002115 ____A C:\Windows\epplauncher.mif
2013-05-11 14:04 - 2013-05-11 13:57 - 00000000 ____D C:\2989dde06a131b0b224c
2013-05-11 14:03 - 2010-11-30 14:52 - 00000000 ____D C:\Users\Erik Kjell\Documents\Outlook-filer
2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\winevt
2013-05-11 13:55 - 2010-09-19 04:49 - 00000000 ____D C:\Windows\System32\Drivers\sv-SE
2013-05-11 13:55 - 2010-09-19 04:47 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\th-TH
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\spool
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\SMI
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sl-SI
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sk-SK
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ro-RO
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\MUI
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\lv-LV
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\lt-LT
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hr-HR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\he-IL
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\et-EE
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\com
2013-05-11 13:54 - 2013-05-11 13:54 - 00000000 ____D C:\Windows\sv
2013-05-11 13:54 - 2013-05-11 13:45 - 00000000 ____D C:\Program Files\Windows Live
2013-05-11 13:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\bg-BG
2013-05-11 13:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ar-SA
2013-05-11 13:52 - 2011-11-08 12:49 - 00000000 ____D C:\Program Files\Yontoo Layers Runtime
2013-05-11 13:50 - 2013-05-11 13:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-11 13:45 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-11 13:43 - 2013-05-11 13:43 - 00000000 ____D C:\Windows\pss
2013-05-11 13:42 - 2011-01-25 09:41 - 00000990 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Windows Live
2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-05-11 13:27 - 2011-01-15 11:32 - 00000000 ____D C:\Program Files\Family Toolbar
2013-05-11 13:20 - 2012-06-30 19:52 - 00000000 ____D C:\ProgramData\ADDICT-THING
2013-05-11 13:16 - 2011-02-12 21:13 - 00000000 ____D C:\Program Files\SFAnytime
2013-05-11 13:09 - 2011-01-25 09:41 - 00000000 ____D C:\ProgramData\Google
2013-05-11 13:09 - 2010-11-30 15:27 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Google
2013-05-11 13:09 - 2010-11-30 15:27 - 00000000 ____D C:\Program Files\Google
2013-05-11 13:01 - 2013-02-02 22:09 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Yontoo
2013-05-11 13:01 - 2012-04-03 07:32 - 00000000 ___RD C:\Users\Erik Kjell\Dropbox
2013-05-11 13:01 - 2012-04-03 07:29 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Dropbox
2013-05-11 13:01 - 2012-02-09 10:56 - 00000000 ___SD C:\Users\Erik Kjell\Soonr Workplace
2013-05-11 13:01 - 2010-11-30 14:24 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\LogMeIn Hamachi
2013-05-11 13:00 - 2011-09-12 16:56 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Htc
2013-05-11 13:00 - 2011-01-25 09:41 - 00000986 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-11 12:39 - 2010-11-02 22:33 - 01459762 ____A C:\Windows\WindowsUpdate.log
2013-05-11 12:36 - 2010-09-19 04:47 - 00000000 ____D C:\ProgramData\PDFC
2013-05-11 12:35 - 2010-09-19 04:47 - 00000000 ____D C:\ProgramData\HPQLOG
2013-05-11 12:35 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-11 12:35 - 2009-07-14 05:39 - 00141136 ____A C:\Windows\setupact.log
2013-05-01 16:49 - 2013-05-01 16:48 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Personal
2013-05-01 16:48 - 2013-05-01 16:48 - 00000000 ____D C:\Program Files\Personal
2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\InstallShield
2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Program Files\Handelsbanken kortläsare
2013-05-01 16:46 - 2010-09-19 04:47 - 00109476 ____A C:\Windows\DPINST.LOG
2013-05-01 16:46 - 2010-09-19 04:39 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-04-27 17:35 - 2010-09-19 05:26 - 00084534 ____A C:\Windows\PFRO.log
2013-04-20 19:01 - 2011-06-16 07:55 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForErik Kjell.job
2013-04-17 19:38 - 2013-04-17 18:34 - 00853645 ____A C:\Users\Erik Kjell\Downloads\Kost för aktiva ungdomar!.pptx
2013-04-12 14:58 - 2013-04-27 17:41 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 19:04 - 2010-11-30 21:38 - 00002393 ____A C:\Users\Erik Kjell\Desktop\Google Chrome.lnk
Other Malware:
===========
C:\Users\Erik Kjell\Microsoft.Crm.Setup.Server.exe
C:\Users\Erik Kjell\SetupServer.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 12:11] - [2012-09-06 17:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-11 14:17:38
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 1782.43 MB
Available physical RAM: 1346.8 MB
Total Pagefile: 1782.43 MB
Available Pagefile: 1357.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.8 GB) (Free:159.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
Drive h: () (Removable) (Total:7.48 GB) (Free:7.46 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B073D52D)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 73696D20)
Partition 1: (Not Active) - (Size=-4750121984) - (Type=0A)
Partition 2: (Not Active) - (Size=260 GB) - (Type=65)
Partition 3: (Not Active) - (Size=0) - (Type=65)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)
Last Boot: 2013-05-11 12:58
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01
Ran by SYSTEM on 11-05-2013 17:47:06
Running from H:\
Windows 7 Professional (X86) OS Language: Swedish
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [563736 2010-03-06] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [1691192 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [153640 2009-06-04] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [400936 2009-06-04] (ActivIdentity)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-08] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [593920 2011-11-01] ()
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
HKLM\...\Runonce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "" [x]
HKLM\...\runonceex: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, [x]
HKLM\...\Winlogon: [System]
Winlogon\Notify\DeviceNP: DeviceNP.dll [X]
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()
HKU\Erik Kjell\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2010-02-22] (Hewlett-Packard Company)
HKU\Erik Kjell\...\Run: [Google Update] "C:\Users\Erik Kjell\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2010-11-30] (Google Inc.)
HKU\Erik Kjell\...\Run: [HW_OPENEYE_OUC_Telia mobile broadband] "C:\Program Files\Telia mobile broadband\UpdateDog\ouc.exe" [x]
HKU\Erik Kjell\...\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex [x]
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
========================== Services (Whitelisted) =================
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity)
S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2010-01-21] (LSI Corporation)
S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()
S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-03-31] (DigitalPersona, Inc.)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-12-10] (LogMeIn Inc.)
S2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
S2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P)
S2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)
S2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company)
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2010-01-19] (Hewlett-Packard)
S2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
S4 IBUpdaterService; C:\Windows\system32\dmwu.exe [1156400 2013-04-07] ()
S2 klnagent; C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe [127632 2013-01-22] (Kaspersky Lab ZAO)
S2 MSSQL$MAMUT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MAMUT\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [44896 2010-04-03] (Microsoft Corporation)
S2 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [198136 2012-02-08] (Nitro PDF Software)
S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc)
S4 SQLAgent$MAMUT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MAMUT\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)
S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [x]
S2 vcsFPService; C:\windows\system32\vcsFPService.exe [x]
==================== Drivers (Whitelisted) ====================
S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2010-11-02] (Microsoft Corporation)
S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2010-11-02] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-02] (Microsoft Corporation)
S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-01] (Microsoft Corporation)
S3 Accelerometer; system32\DRIVERS\Accelerometer.sys [x]
S3 AcpiPmi; \SystemRoot\system32\DRIVERS\acpipmi.sys [x]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [x]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [x]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [x]
S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [x]
S3 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [x]
S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [x]
S3 aliide; \SystemRoot\system32\DRIVERS\aliide.sys [x]
S3 amdagp; \SystemRoot\system32\DRIVERS\amdagp.sys [x]
S3 amdide; \SystemRoot\system32\DRIVERS\amdide.sys [x]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [x]
S3 amdkmdag; system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap; system32\DRIVERS\atikmpag.sys [x]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [x]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [x]
S0 amdxata; system32\drivers\amdxata.sys [x]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [x]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [x]
S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [x]
S0 AtiPcie; system32\DRIVERS\AtiPcie.sys [x]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [x]
S3 b57nd60x; system32\DRIVERS\b57nd60x.sys [x]
S3 BCM43XX; system32\DRIVERS\bcmwl6.sys [x]
S1 blbdrive; \SystemRoot\system32\DRIVERS\blbdrive.sys [x]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [x]
S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [x]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [x]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [x]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [x]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [x]
S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [x]
S3 BthPan; system32\DRIVERS\bthpan.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [x]
S3 cmdide; \SystemRoot\system32\DRIVERS\cmdide.sys [x]
S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [x]
S3 DAMDrv; system32\DRIVERS\DAMDrv.sys [x]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [x]
S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [x]
S3 ErrDev; \SystemRoot\system32\DRIVERS\errdev.sys [x]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [x]
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [x]
S3 fssfltr; system32\DRIVERS\fssfltr.sys [x]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [x]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [x]
S3 grmnusb; system32\drivers\grmnusb.sys [x]
S3 hamachi; system32\DRIVERS\hamachi.sys [x]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [x]
S3 HidBatt; \SystemRoot\system32\DRIVERS\HidBatt.sys [x]
S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [x]
S0 hpdskflt; system32\DRIVERS\hpdskflt.sys [x]
S3 HpqKbFiltr; \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys [x]
S3 HpSAMD; \SystemRoot\system32\DRIVERS\HpSAMD.sys [x]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x]
S3 htcnprot; system32\DRIVERS\htcnprot.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [x]
S3 intelide; \SystemRoot\system32\DRIVERS\intelide.sys [x]
S3 intelppm; \SystemRoot\system32\DRIVERS\intelppm.sys [x]
S3 IPMIDRV; \SystemRoot\system32\DRIVERS\IPMIDrv.sys [x]
S3 isapnp; \SystemRoot\system32\DRIVERS\isapnp.sys [x]
S3 iScsiPrt; \SystemRoot\system32\DRIVERS\msiscsi.sys [x]
S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [x]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [x]
S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [x]
S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [x]
S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [x]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [x]
S3 mpio; \SystemRoot\system32\DRIVERS\mpio.sys [x]
S0 msahci; system32\DRIVERS\msahci.sys [x]
S3 msdsm; \SystemRoot\system32\DRIVERS\msdsm.sys [x]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [x]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [x]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [x]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [x]
S3 nv_agp; \SystemRoot\system32\DRIVERS\nv_agp.sys [x]
S3 ohci1394; \SystemRoot\system32\DRIVERS\ohci1394.sys [x]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [x]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [x]
S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [x]
S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [x]
S2 rimspci; system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie; system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie; system32\DRIVERS\rixdpe86.sys [x]
S4 RsFx0151; system32\DRIVERS\RsFx0151.sys [x]
S1 RsvLock; No ImagePath
S3 s3cap; \SystemRoot\system32\DRIVERS\vms3cap.sys [x]
S0 SbAlg; No ImagePath
S0 SbFsLock; No ImagePath
S3 sbp2port; \SystemRoot\system32\DRIVERS\sbp2port.sys [x]
S2 secdrv; No ImagePath
S3 sffdisk; \SystemRoot\system32\DRIVERS\sffdisk.sys [x]
S3 sffp_mmc; \SystemRoot\system32\DRIVERS\sffp_mmc.sys [x]
S3 sffp_sd; \SystemRoot\system32\DRIVERS\sffp_sd.sys [x]
S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [x]
S3 sisagp; \SystemRoot\system32\DRIVERS\sisagp.sys [x]
S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [x]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [x]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [x]
S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [x]
S3 STHDA; system32\DRIVERS\stwrt.sys [x]
S0 storflt; system32\DRIVERS\vmstorfl.sys [x]
S3 storvsc; \SystemRoot\system32\DRIVERS\storvsc.sys [x]
S3 swenum; \SystemRoot\system32\DRIVERS\swenum.sys [x]
S3 SynTP; \SystemRoot\system32\DRIVERS\SynTP.sys [x]
S3 Tdsshbecr; system32\DRIVERS\shbecr.sys [x]
S3 TPM; system32\drivers\tpm.sys [x]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [x]
S3 uliagpkx; \SystemRoot\system32\DRIVERS\uliagpkx.sys [x]
S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [x]
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 usbcir; \SystemRoot\system32\DRIVERS\usbcir.sys [x]
S3 usbprint; \SystemRoot\system32\DRIVERS\usbprint.sys [x]
S3 vhdmp; \SystemRoot\system32\DRIVERS\vhdmp.sys [x]
S3 viaagp; \SystemRoot\system32\DRIVERS\viaagp.sys [x]
S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [x]
S3 viaide; \SystemRoot\system32\DRIVERS\viaide.sys [x]
S3 vmbus; \SystemRoot\system32\DRIVERS\vmbus.sys [x]
S3 VMBusHID; \SystemRoot\system32\DRIVERS\VMBusHID.sys [x]
S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [x]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [x]
S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [x]
S3 yukonw7; system32\DRIVERS\yk62x86.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-11 17:22 - 2013-05-11 17:22 - 00000000 ____D C:\FRST
2013-05-11 14:22 - 2013-05-11 14:22 - 00529309 ____A C:\Users\Erik Kjell\Desktop\disktec.zip
2013-05-11 14:22 - 2013-05-11 14:20 - 00824725 ____A C:\Users\Erik Kjell\Desktop\wiztree_1_05_portable.zip
2013-05-11 14:16 - 2013-05-11 17:17 - 00000000 ____D C:\1a2f23ff9987f364491358
2013-05-11 14:16 - 2013-05-11 17:16 - 00000000 ____D C:\Windows\LastGood
2013-05-11 14:04 - 2013-05-11 14:04 - 00002115 ____A C:\Windows\epplauncher.mif
2013-05-11 13:57 - 2013-05-11 14:04 - 00000000 ____D C:\2989dde06a131b0b224c
2013-05-11 13:54 - 2013-05-11 13:54 - 00000000 ____D C:\Windows\sv
2013-05-11 13:50 - 2013-05-11 13:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-11 13:45 - 2013-05-11 13:54 - 00000000 ____D C:\Program Files\Windows Live
2013-05-11 13:43 - 2013-05-11 13:43 - 00000000 ____D C:\Windows\pss
2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Windows Live
2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-05-01 16:48 - 2013-05-01 16:49 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Personal
2013-05-01 16:48 - 2013-05-01 16:48 - 00000000 ____D C:\Program Files\Personal
2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\InstallShield
2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Program Files\Handelsbanken kortläsare
2013-04-27 17:41 - 2013-04-12 14:58 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-17 18:34 - 2013-04-17 19:38 - 00853645 ____A C:\Users\Erik Kjell\Downloads\Kost för aktiva ungdomar!.pptx
2013-04-16 14:57 - 2013-02-22 05:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-16 14:57 - 2013-02-22 04:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-16 14:57 - 2013-02-22 04:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-16 14:57 - 2013-02-22 04:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-16 14:57 - 2013-02-22 04:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-16 14:57 - 2013-02-22 04:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-16 14:57 - 2013-02-22 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-16 14:57 - 2013-02-22 04:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-16 14:57 - 2013-02-22 04:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-16 14:57 - 2013-02-22 04:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-16 14:57 - 2013-02-22 04:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-16 14:57 - 2013-02-22 04:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-16 14:57 - 2013-02-22 04:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-16 14:57 - 2013-02-22 04:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-16 14:57 - 2013-02-22 04:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-16 14:57 - 2013-02-22 04:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 18:15 - 2013-03-19 06:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-04-11 18:15 - 2013-03-19 06:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-11 18:15 - 2013-03-19 05:54 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-11 18:15 - 2013-03-19 03:50 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-11 18:15 - 2013-03-01 04:11 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-11 18:15 - 2013-02-12 16:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-11 18:15 - 2013-02-12 16:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-11 18:15 - 2013-02-12 14:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-11 18:15 - 2013-01-24 05:51 - 00195816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-11 18:11 - 2013-05-11 17:17 - 00000000 ____D C:\Windows\System32\jmdp
==================== One Month Modified Files and Folders ========
2013-05-11 17:22 - 2013-05-11 17:22 - 00000000 ____D C:\FRST
2013-05-11 17:17 - 2013-05-11 14:16 - 00000000 ____D C:\1a2f23ff9987f364491358
2013-05-11 17:17 - 2013-04-11 18:11 - 00000000 ____D C:\Windows\System32\jmdp
2013-05-11 17:17 - 2010-11-30 13:48 - 00000000 ____D C:\users\Erik Kjell
2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-05-11 17:16 - 2013-05-11 14:16 - 00000000 ____D C:\Windows\LastGood
2013-05-11 15:38 - 2010-04-25 21:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-11 15:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-11 14:22 - 2013-05-11 14:22 - 00529309 ____A C:\Users\Erik Kjell\Desktop\disktec.zip
2013-05-11 14:20 - 2013-05-11 14:22 - 00824725 ____A C:\Users\Erik Kjell\Desktop\wiztree_1_05_portable.zip
2013-05-11 14:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-11 14:14 - 2010-11-30 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-11 14:11 - 2011-10-26 15:49 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Apple Computer
2013-05-11 14:09 - 2010-11-30 14:12 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-11 14:07 - 2011-10-25 15:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-11 14:06 - 2012-11-17 20:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\uTorrent
2013-05-11 14:05 - 2010-11-30 21:37 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208221703-1258386026-352298716-1002UA.job
2013-05-11 14:04 - 2013-05-11 14:04 - 00002115 ____A C:\Windows\epplauncher.mif
2013-05-11 14:04 - 2013-05-11 13:57 - 00000000 ____D C:\2989dde06a131b0b224c
2013-05-11 14:03 - 2010-11-30 14:52 - 00000000 ____D C:\Users\Erik Kjell\Documents\Outlook-filer
2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\winevt
2013-05-11 13:55 - 2010-09-19 04:49 - 00000000 ____D C:\Windows\System32\Drivers\sv-SE
2013-05-11 13:55 - 2010-09-19 04:47 - 00000000 ____D C:\Windows\System32\Macromed
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\th-TH
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\spool
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\SMI
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sl-SI
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sk-SK
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ro-RO
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\MUI
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\lv-LV
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\lt-LT
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hr-HR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\he-IL
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\et-EE
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\com
2013-05-11 13:54 - 2013-05-11 13:54 - 00000000 ____D C:\Windows\sv
2013-05-11 13:54 - 2013-05-11 13:45 - 00000000 ____D C:\Program Files\Windows Live
2013-05-11 13:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\bg-BG
2013-05-11 13:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ar-SA
2013-05-11 13:52 - 2011-11-08 12:49 - 00000000 ____D C:\Program Files\Yontoo Layers Runtime
2013-05-11 13:50 - 2013-05-11 13:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-11 13:45 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-11 13:43 - 2013-05-11 13:43 - 00000000 ____D C:\Windows\pss
2013-05-11 13:42 - 2011-01-25 09:41 - 00000990 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Windows Live
2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Program Files\Common Files\Windows Live
2013-05-11 13:27 - 2011-01-15 11:32 - 00000000 ____D C:\Program Files\Family Toolbar
2013-05-11 13:20 - 2012-06-30 19:52 - 00000000 ____D C:\ProgramData\ADDICT-THING
2013-05-11 13:16 - 2011-02-12 21:13 - 00000000 ____D C:\Program Files\SFAnytime
2013-05-11 13:09 - 2011-01-25 09:41 - 00000000 ____D C:\ProgramData\Google
2013-05-11 13:09 - 2010-11-30 15:27 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Google
2013-05-11 13:09 - 2010-11-30 15:27 - 00000000 ____D C:\Program Files\Google
2013-05-11 13:01 - 2013-02-02 22:09 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Yontoo
2013-05-11 13:01 - 2012-04-03 07:32 - 00000000 ___RD C:\Users\Erik Kjell\Dropbox
2013-05-11 13:01 - 2012-04-03 07:29 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Dropbox
2013-05-11 13:01 - 2012-02-09 10:56 - 00000000 ___SD C:\Users\Erik Kjell\Soonr Workplace
2013-05-11 13:01 - 2010-11-30 14:24 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\LogMeIn Hamachi
2013-05-11 13:00 - 2011-09-12 16:56 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Htc
2013-05-11 13:00 - 2011-01-25 09:41 - 00000986 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-11 12:39 - 2010-11-02 22:33 - 01459762 ____A C:\Windows\WindowsUpdate.log
2013-05-11 12:36 - 2010-09-19 04:47 - 00000000 ____D C:\ProgramData\PDFC
2013-05-11 12:35 - 2010-09-19 04:47 - 00000000 ____D C:\ProgramData\HPQLOG
2013-05-11 12:35 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-11 12:35 - 2009-07-14 05:39 - 00141136 ____A C:\Windows\setupact.log
2013-05-01 16:49 - 2013-05-01 16:48 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Personal
2013-05-01 16:48 - 2013-05-01 16:48 - 00000000 ____D C:\Program Files\Personal
2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\InstallShield
2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Program Files\Handelsbanken kortläsare
2013-05-01 16:46 - 2010-09-19 04:47 - 00109476 ____A C:\Windows\DPINST.LOG
2013-05-01 16:46 - 2010-09-19 04:39 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-04-27 17:35 - 2010-09-19 05:26 - 00084534 ____A C:\Windows\PFRO.log
2013-04-20 19:01 - 2011-06-16 07:55 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForErik Kjell.job
2013-04-17 19:38 - 2013-04-17 18:34 - 00853645 ____A C:\Users\Erik Kjell\Downloads\Kost för aktiva ungdomar!.pptx
2013-04-12 14:58 - 2013-04-27 17:41 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 19:04 - 2010-11-30 21:38 - 00002393 ____A C:\Users\Erik Kjell\Desktop\Google Chrome.lnk
Other Malware:
===========
C:\Users\Erik Kjell\Microsoft.Crm.Setup.Server.exe
C:\Users\Erik Kjell\SetupServer.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 12:11] - [2012-09-06 17:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-11 14:17:38
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 1782.43 MB
Available physical RAM: 1346.8 MB
Total Pagefile: 1782.43 MB
Available Pagefile: 1357.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.8 GB) (Free:159.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32
Drive h: () (Removable) (Total:7.48 GB) (Free:7.46 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B073D52D)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 73696D20)
Partition 1: (Not Active) - (Size=-4750121984) - (Type=0A)
Partition 2: (Not Active) - (Size=260 GB) - (Type=65)
Partition 3: (Not Active) - (Size=0) - (Type=65)
Partition 4: (Not Active) - (Size=26 MB) - (Type=00)
Last Boot: 2013-05-11 12:58
==================== End Of Log ============================
Upvote
0
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi,
Do you know anything about this folder? C:\Program Files\Handelsbanken kortläsare
Open notepad and copy & paste the following:
and save it as fixlist.txt onto your flash drive.
Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.
Do you know anything about this folder? C:\Program Files\Handelsbanken kortläsare
Open notepad and copy & paste the following:
and save it as fixlist.txt onto your flash drive.
Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.
Upvote
0
Hi!
Yes, C:\Program Files\Handelsbanken kortläsare is a security program for the bank; "Handelsbanken".
I've run the fix and here's the fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by SYSTEM at 2013-05-11 20:28:50 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
IBUpdaterService => Service deleted successfully.
========================= Folder: C:\Windows\System32\jmdp ========================
C:\Windows\System32\jmdp Not Found
====== End of Folder: ======
========================= Folder: C:\1a2f23ff9987f364491358 ========================
C:\1a2f23ff9987f364491358 Not Found
====== End of Folder: ======
==== End of Fixlog ====
Yes, C:\Program Files\Handelsbanken kortläsare is a security program for the bank; "Handelsbanken".
I've run the fix and here's the fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by SYSTEM at 2013-05-11 20:28:50 Run:1
Running from H:\
Boot Mode: Recovery
==============================================
IBUpdaterService => Service deleted successfully.
========================= Folder: C:\Windows\System32\jmdp ========================
C:\Windows\System32\jmdp Not Found
====== End of Folder: ======
========================= Folder: C:\1a2f23ff9987f364491358 ========================
C:\1a2f23ff9987f364491358 Not Found
====== End of Folder: ======
==== End of Fixlog ====
Fiery said:
Upvote
0
Hi!
I've run the fix but it wouldn't start anyway, here's the fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by SYSTEM at 2013-05-11 21:55:56 Run:2
Running from H:\
Boot Mode: Recovery
==============================================
C:\Windows\system32\dmwu.exe => Moved successfully.
==== End of Fixlog ====
I've run the fix but it wouldn't start anyway, here's the fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by SYSTEM at 2013-05-11 21:55:56 Run:2
Running from H:\
Boot Mode: Recovery
==============================================
C:\Windows\system32\dmwu.exe => Moved successfully.
==== End of Fixlog ====
Fiery said:
Upvote
0
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hmmmm.
Open notepad and copy & paste the following:
and save it as fixlist.txt onto your flash drive.
Then, boot to system recovery, plug in your flash drive, open FRST and click fix.
See if that works. If not, go into command prompt and type:
sfc /scannow /offbootdir=c:\ /offwindir=c:\windows
After that is done, type :
chkdsk C: /r
Open notepad and copy & paste the following:
and save it as fixlist.txt onto your flash drive.
Then, boot to system recovery, plug in your flash drive, open FRST and click fix.
See if that works. If not, go into command prompt and type:
sfc /scannow /offbootdir=c:\ /offwindir=c:\windows
After that is done, type :
chkdsk C: /r
Upvote
0
Hi!
Here's the fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by SYSTEM at 2013-05-11 23:11:25 Run:3
Running from H:\
Boot Mode: Recovery
==============================================
========= bootrec /FixMbr =========
ÿþÅ t g ä r d e n ä r k l a r .
========= End of CMD: =========
tg„rden har slutf”rts.
==== End of Fixlog ====
I tried typing in the command prompt: sfc /scannow /offbootdir=c:\ /offwindir=c:\windows but it just said that it cannot start the repair service. Thereafter I tried with chkdsk C: /r and it started, but then it said that it couldn't transfer log message into the event log with the status: 50.
I've also tried to restore it again, without success.
Here's the fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by SYSTEM at 2013-05-11 23:11:25 Run:3
Running from H:\
Boot Mode: Recovery
==============================================
========= bootrec /FixMbr =========
ÿþÅ t g ä r d e n ä r k l a r .
========= End of CMD: =========
tg„rden har slutf”rts.
==== End of Fixlog ====
I tried typing in the command prompt: sfc /scannow /offbootdir=c:\ /offwindir=c:\windows but it just said that it cannot start the repair service. Thereafter I tried with chkdsk C: /r and it started, but then it said that it couldn't transfer log message into the event log with the status: 50.
I've also tried to restore it again, without success.
Fiery said:
Upvote
0
- Oct 23, 2012
- 12,527
Zebban said:Yes I can reformat. Unfortunately I do, I have pictures among other things. Maybe I'll try taking the computer somewhere, but then I guess reformat is the only thing left to do... Thanks for your help anyway, I truly appreciate it
Fiery said:
You could use something like a Linux Live CD.Boot from the live CD then explore the contents of the drive in linux and copy and save them to a USB device from the live CD.Ubuntu Linux is a common one,when you boot from it choose "TRY" and it will act as a live CD.Knoppix is another one
Try this in the giveaway section http://malwaretips.com/Thread-Giveaway-Wondershare-LiveBoot-2012?pid=125383#pid125383
Or you could take out the drive put it into an external USB enclosure,they are not too expensive,and grab what you want off of it.They are between $10-30 USD depending on what you need
After that reformat
You should be able to get your important stuff off the non-bootable drive without taking it somewhere
Upvote
0
danipisca07
New Member
- Aug 11, 2014
- 1
Hi, For me the problem were an exe that was part of Itunes ( "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" ) and at every startup was damaging the bootcat.cache, sovled by deleting the exe and reinstalling Itunes.
I know the post is old but maybe that can help someone ;D
I know the post is old but maybe that can help someone ;D
Upvote
0
