Reply to thread

Message: <blockquote data-quote="Zebban" data-source="post: 120090" data-attributes="member: 8144">Hi! Here's the frst.txt from the scan:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01Ran by SYSTEM on 11-05-2013 17:47:06Running from H:\Windows 7 Professional (X86) OS Language: SwedishInternet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [256056 2010-03-01] (Hewlett-Packard Company)HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [563736 2010-03-06] (PDF Complete Inc)HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [1691192 2010-04-05] (Hewlett-Packard)HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-04-05] (Hewlett-Packard)HKLM\...\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [153640 2009-06-04] (ActivIdentity)HKLM\...\Run: []  [x]HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [400936 2009-06-04] (ActivIdentity)HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-08] (Advanced Micro Devices, Inc.)HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-17] (IDT, Inc.)HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [593920 2011-11-01] ()HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)HKLM\...\Runonce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "" [x]HKLM\...\runonceex: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, [x]HKLM\...\Winlogon: [System] Winlogon\Notify\DeviceNP: DeviceNP.dll [X]HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [ 2010-02-10] ()HKU\Erik Kjell\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [ 2010-02-22] (Hewlett-Packard Company)HKU\Erik Kjell\...\Run: [Google Update] "C:\Users\Erik Kjell\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2010-11-30] (Google Inc.)HKU\Erik Kjell\...\Run: [HW_OPENEYE_OUC_Telia mobile broadband] "C:\Program Files\Telia mobile broadband\UpdateDog\ouc.exe" [x]HKU\Erik Kjell\...\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe -update activex [x]Lsa: [Notification Packages] DPPassFilter scecliStartup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)========================== Services (Whitelisted) =================S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-04] (ActivIdentity)S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2010-01-21] (LSI Corporation)S2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] ()S2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2010-03-31] (DigitalPersona, Inc.)S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-12-10] (LogMeIn Inc.)S2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [103992 2010-04-05] (Hewlett-Packard)S2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P)S2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-04-05] (Hewlett-Packard)S2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [90112 2010-06-14] (Hewlett-Packard Company)S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2010-01-19] (Hewlett-Packard)S2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)S4 IBUpdaterService; C:\Windows\system32\dmwu.exe [1156400 2013-04-07] ()S2 klnagent; C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe [127632 2013-01-22] (Kaspersky Lab ZAO)S2 MSSQL$MAMUT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MAMUT\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [44896 2010-04-03] (Microsoft Corporation)S2 NitroReaderDriverReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [198136 2012-02-08] (Nitro PDF Software)S2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc)S4 SQLAgent$MAMUT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MAMUT\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)S2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_7b6e808b01435efc\STacSV.exe [229458 2010-03-17] (IDT, Inc.)S2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-29] ()S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [x]S2 vcsFPService; C:\windows\system32\vcsFPService.exe [x]==================== Drivers (Whitelisted) ====================S0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [110520 2010-02-02] (McAfee, Inc.)S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2010-11-02] (Microsoft Corporation)S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2010-11-02] (Microsoft Corporation)S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-02] (Microsoft Corporation)S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-01] (Microsoft Corporation)S3 Accelerometer; system32\DRIVERS\Accelerometer.sys [x]S3 AcpiPmi; \SystemRoot\system32\DRIVERS\acpipmi.sys [x]S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [x]S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [x]S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [x]S3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [x]S3 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [x]S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [x]S3 aliide; \SystemRoot\system32\DRIVERS\aliide.sys [x]S3 amdagp; \SystemRoot\system32\DRIVERS\amdagp.sys [x]S3 amdide; \SystemRoot\system32\DRIVERS\amdide.sys [x]S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [x]S3 amdkmdag; system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap; system32\DRIVERS\atikmpag.sys [x]S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [x]S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [x]S0 amdxata; system32\drivers\amdxata.sys [x]S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [x]S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [x]S3 AtiHdmiService; system32\drivers\AtiHdmi.sys [x]S0 AtiPcie; system32\DRIVERS\AtiPcie.sys [x]S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [x]S3 b57nd60x; system32\DRIVERS\b57nd60x.sys [x]S3 BCM43XX; system32\DRIVERS\bcmwl6.sys [x]S1 blbdrive; \SystemRoot\system32\DRIVERS\blbdrive.sys [x]S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [x]S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [x]S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [x]S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [x]S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [x]S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [x]S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [x]S3 BthPan; system32\DRIVERS\bthpan.sys [x]S3 btwaudio; system32\drivers\btwaudio.sys [x]S3 btwavdt; system32\DRIVERS\btwavdt.sys [x]S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [x]S3 cmdide; \SystemRoot\system32\DRIVERS\cmdide.sys [x]S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [x]S3 DAMDrv; system32\DRIVERS\DAMDrv.sys [x]S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [x]S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [x]S3 ErrDev; \SystemRoot\system32\DRIVERS\errdev.sys [x]S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [x]S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [x]S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [x]S3 fssfltr; system32\DRIVERS\fssfltr.sys [x]S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [x]S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [x]S3 grmnusb; system32\drivers\grmnusb.sys [x]S3 hamachi; system32\DRIVERS\hamachi.sys [x]S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [x]S3 HidBatt; \SystemRoot\system32\DRIVERS\HidBatt.sys [x]S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [x]S0 hpdskflt; system32\DRIVERS\hpdskflt.sys [x]S3 HpqKbFiltr; \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys [x]S3 HpSAMD; \SystemRoot\system32\DRIVERS\HpSAMD.sys [x]S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [x]S3 htcnprot; system32\DRIVERS\htcnprot.sys [x]S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [x]S3 igfx; system32\DRIVERS\igdkmd32.sys [x]S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [x]S3 intelide; \SystemRoot\system32\DRIVERS\intelide.sys [x]S3 intelppm; \SystemRoot\system32\DRIVERS\intelppm.sys [x]S3 IPMIDRV; \SystemRoot\system32\DRIVERS\IPMIDrv.sys [x]S3 isapnp; \SystemRoot\system32\DRIVERS\isapnp.sys [x]S3 iScsiPrt; \SystemRoot\system32\DRIVERS\msiscsi.sys [x]S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [x]S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [x]S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [x]S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [x]S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [x]S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [x]S3 mpio; \SystemRoot\system32\DRIVERS\mpio.sys [x]S0 msahci; system32\DRIVERS\msahci.sys [x]S3 msdsm; \SystemRoot\system32\DRIVERS\msdsm.sys [x]S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [x]S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [x]S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [x]S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [x]S3 nv_agp; \SystemRoot\system32\DRIVERS\nv_agp.sys [x]S3 ohci1394; \SystemRoot\system32\DRIVERS\ohci1394.sys [x]S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [x]S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [x]S0 PxHelp20; System32\Drivers\PxHelp20.sys [x]S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [x]S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [x]S2 rimspci; system32\DRIVERS\rimspe86.sys [x]S2 risdpcie; system32\DRIVERS\risdpe86.sys [x]S2 rixdpcie; system32\DRIVERS\rixdpe86.sys [x]S4 RsFx0151; system32\DRIVERS\RsFx0151.sys [x]S1 RsvLock; No ImagePathS3 s3cap; \SystemRoot\system32\DRIVERS\vms3cap.sys [x]S0 SbAlg; No ImagePathS0 SbFsLock; No ImagePathS3 sbp2port; \SystemRoot\system32\DRIVERS\sbp2port.sys [x]S2 secdrv; No ImagePathS3 sffdisk; \SystemRoot\system32\DRIVERS\sffdisk.sys [x]S3 sffp_mmc; \SystemRoot\system32\DRIVERS\sffp_mmc.sys [x]S3 sffp_sd; \SystemRoot\system32\DRIVERS\sffp_sd.sys [x]S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [x]S3 sisagp; \SystemRoot\system32\DRIVERS\sisagp.sys [x]S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [x]S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [x]S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [x]S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [x]S3 STHDA; system32\DRIVERS\stwrt.sys [x]S0 storflt; system32\DRIVERS\vmstorfl.sys [x]S3 storvsc; \SystemRoot\system32\DRIVERS\storvsc.sys [x]S3 swenum; \SystemRoot\system32\DRIVERS\swenum.sys [x]S3 SynTP; \SystemRoot\system32\DRIVERS\SynTP.sys [x]S3 Tdsshbecr; system32\DRIVERS\shbecr.sys [x]S3 TPM; system32\drivers\tpm.sys [x]S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [x]S3 uliagpkx; \SystemRoot\system32\DRIVERS\uliagpkx.sys [x]S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [x]S3 USBAAPL; System32\Drivers\usbaapl.sys [x]S3 usbcir; \SystemRoot\system32\DRIVERS\usbcir.sys [x]S3 usbprint; \SystemRoot\system32\DRIVERS\usbprint.sys [x]S3 vhdmp; \SystemRoot\system32\DRIVERS\vhdmp.sys [x]S3 viaagp; \SystemRoot\system32\DRIVERS\viaagp.sys [x]S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [x]S3 viaide; \SystemRoot\system32\DRIVERS\viaide.sys [x]S3 vmbus; \SystemRoot\system32\DRIVERS\vmbus.sys [x]S3 VMBusHID; \SystemRoot\system32\DRIVERS\VMBusHID.sys [x]S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [x]S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [x]S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [x]S3 yukonw7; system32\DRIVERS\yk62x86.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-05-11 17:22 - 2013-05-11 17:22 - 00000000 ____D C:\FRST2013-05-11 14:22 - 2013-05-11 14:22 - 00529309 ____A C:\Users\Erik Kjell\Desktop\disktec.zip2013-05-11 14:22 - 2013-05-11 14:20 - 00824725 ____A C:\Users\Erik Kjell\Desktop\wiztree_1_05_portable.zip2013-05-11 14:16 - 2013-05-11 17:17 - 00000000 ____D C:\1a2f23ff9987f3644913582013-05-11 14:16 - 2013-05-11 17:16 - 00000000 ____D C:\Windows\LastGood2013-05-11 14:04 - 2013-05-11 14:04 - 00002115 ____A C:\Windows\epplauncher.mif2013-05-11 13:57 - 2013-05-11 14:04 - 00000000 ____D C:\2989dde06a131b0b224c2013-05-11 13:54 - 2013-05-11 13:54 - 00000000 ____D C:\Windows\sv2013-05-11 13:50 - 2013-05-11 13:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition2013-05-11 13:45 - 2013-05-11 13:54 - 00000000 ____D C:\Program Files\Windows Live2013-05-11 13:43 - 2013-05-11 13:43 - 00000000 ____D C:\Windows\pss2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Windows Live2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Program Files\Common Files\Windows Live2013-05-01 16:48 - 2013-05-01 16:49 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Personal2013-05-01 16:48 - 2013-05-01 16:48 - 00000000 ____D C:\Program Files\Personal2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\InstallShield2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Program Files\Handelsbanken kortläsare2013-04-27 17:41 - 2013-04-12 14:58 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-04-17 18:34 - 2013-04-17 19:38 - 00853645 ____A C:\Users\Erik Kjell\Downloads\Kost för aktiva ungdomar!.pptx2013-04-16 14:57 - 2013-02-22 05:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-04-16 14:57 - 2013-02-22 04:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-04-16 14:57 - 2013-02-22 04:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-04-16 14:57 - 2013-02-22 04:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-04-16 14:57 - 2013-02-22 04:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-04-16 14:57 - 2013-02-22 04:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-04-16 14:57 - 2013-02-22 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-04-16 14:57 - 2013-02-22 04:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-04-16 14:57 - 2013-02-22 04:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-04-16 14:57 - 2013-02-22 04:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-04-16 14:57 - 2013-02-22 04:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-04-16 14:57 - 2013-02-22 04:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-04-16 14:57 - 2013-02-22 04:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-04-16 14:57 - 2013-02-22 04:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-04-16 14:57 - 2013-02-22 04:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-04-16 14:57 - 2013-02-22 04:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-04-11 18:15 - 2013-03-19 06:06 - 03958120 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe2013-04-11 18:15 - 2013-03-19 06:06 - 03902312 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-04-11 18:15 - 2013-03-19 05:54 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll2013-04-11 18:15 - 2013-03-19 03:50 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe2013-04-11 18:15 - 2013-03-01 04:11 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-04-11 18:15 - 2013-02-12 16:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll2013-04-11 18:15 - 2013-02-12 16:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll2013-04-11 18:15 - 2013-02-12 14:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll2013-04-11 18:15 - 2013-01-24 05:51 - 00195816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys2013-04-11 18:11 - 2013-05-11 17:17 - 00000000 ____D C:\Windows\System32\jmdp==================== One Month Modified Files and Folders ========2013-05-11 17:22 - 2013-05-11 17:22 - 00000000 ____D C:\FRST2013-05-11 17:17 - 2013-05-11 14:16 - 00000000 ____D C:\1a2f23ff9987f3644913582013-05-11 17:17 - 2013-04-11 18:11 - 00000000 ____D C:\Windows\System32\jmdp2013-05-11 17:17 - 2010-11-30 13:48 - 00000000 ____D C:\users\Erik Kjell2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore2013-05-11 17:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration2013-05-11 17:16 - 2013-05-11 14:16 - 00000000 ____D C:\Windows\LastGood2013-05-11 15:38 - 2010-04-25 21:36 - 00000000 ___RD C:\Users\Public\Recorded TV2013-05-11 15:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles2013-05-11 14:22 - 2013-05-11 14:22 - 00529309 ____A C:\Users\Erik Kjell\Desktop\disktec.zip2013-05-11 14:20 - 2013-05-11 14:22 - 00824725 ____A C:\Users\Erik Kjell\Desktop\wiztree_1_05_portable.zip2013-05-11 14:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET2013-05-11 14:14 - 2010-11-30 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help2013-05-11 14:11 - 2011-10-26 15:49 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Apple Computer2013-05-11 14:09 - 2010-11-30 14:12 - 00000000 ____D C:\Program Files\Microsoft.NET2013-05-11 14:07 - 2011-10-25 15:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server2013-05-11 14:06 - 2012-11-17 20:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\uTorrent2013-05-11 14:05 - 2010-11-30 21:37 - 00001024 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208221703-1258386026-352298716-1002UA.job2013-05-11 14:04 - 2013-05-11 14:04 - 00002115 ____A C:\Windows\epplauncher.mif2013-05-11 14:04 - 2013-05-11 13:57 - 00000000 ____D C:\2989dde06a131b0b224c2013-05-11 14:03 - 2010-11-30 14:52 - 00000000 ____D C:\Users\Erik Kjell\Documents\Outlook-filer2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN2013-05-11 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\winevt2013-05-11 13:55 - 2010-09-19 04:49 - 00000000 ____D C:\Windows\System32\Drivers\sv-SE2013-05-11 13:55 - 2010-09-19 04:47 - 00000000 ____D C:\Windows\System32\Macromed2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\tr-TR2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\th-TH2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\spool2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\SMI2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sl-SI2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sk-SK2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ro-RO2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pl-PL2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\MUI2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\Msdtc2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\lv-LV2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\lt-LT2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ko-KR2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hr-HR2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\he-IL2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\et-EE2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE2013-05-11 13:55 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\com2013-05-11 13:54 - 2013-05-11 13:54 - 00000000 ____D C:\Windows\sv2013-05-11 13:54 - 2013-05-11 13:45 - 00000000 ____D C:\Program Files\Windows Live2013-05-11 13:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\bg-BG2013-05-11 13:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ar-SA2013-05-11 13:52 - 2011-11-08 12:49 - 00000000 ____D C:\Program Files\Yontoo Layers Runtime2013-05-11 13:50 - 2013-05-11 13:50 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition2013-05-11 13:45 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2013-05-11 13:43 - 2013-05-11 13:43 - 00000000 ____D C:\Windows\pss2013-05-11 13:42 - 2011-01-25 09:41 - 00000990 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Windows Live2013-05-11 13:41 - 2013-05-11 13:41 - 00000000 ____D C:\Program Files\Common Files\Windows Live2013-05-11 13:27 - 2011-01-15 11:32 - 00000000 ____D C:\Program Files\Family Toolbar2013-05-11 13:20 - 2012-06-30 19:52 - 00000000 ____D C:\ProgramData\ADDICT-THING2013-05-11 13:16 - 2011-02-12 21:13 - 00000000 ____D C:\Program Files\SFAnytime2013-05-11 13:09 - 2011-01-25 09:41 - 00000000 ____D C:\ProgramData\Google2013-05-11 13:09 - 2010-11-30 15:27 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Google2013-05-11 13:09 - 2010-11-30 15:27 - 00000000 ____D C:\Program Files\Google2013-05-11 13:01 - 2013-02-02 22:09 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Yontoo2013-05-11 13:01 - 2012-04-03 07:32 - 00000000 ___RD C:\Users\Erik Kjell\Dropbox2013-05-11 13:01 - 2012-04-03 07:29 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Dropbox2013-05-11 13:01 - 2012-02-09 10:56 - 00000000 ___SD C:\Users\Erik Kjell\Soonr Workplace2013-05-11 13:01 - 2010-11-30 14:24 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\LogMeIn Hamachi2013-05-11 13:00 - 2011-09-12 16:56 - 00000000 ____D C:\Users\Erik Kjell\AppData\Local\Htc2013-05-11 13:00 - 2011-01-25 09:41 - 00000986 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-05-11 12:39 - 2010-11-02 22:33 - 01459762 ____A C:\Windows\WindowsUpdate.log2013-05-11 12:36 - 2010-09-19 04:47 - 00000000 ____D C:\ProgramData\PDFC2013-05-11 12:35 - 2010-09-19 04:47 - 00000000 ____D C:\ProgramData\HPQLOG2013-05-11 12:35 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-05-11 12:35 - 2009-07-14 05:39 - 00141136 ____A C:\Windows\setupact.log2013-05-01 16:49 - 2013-05-01 16:48 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\Personal2013-05-01 16:48 - 2013-05-01 16:48 - 00000000 ____D C:\Program Files\Personal2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Users\Erik Kjell\AppData\Roaming\InstallShield2013-05-01 16:46 - 2013-05-01 16:46 - 00000000 ____D C:\Program Files\Handelsbanken kortläsare2013-05-01 16:46 - 2010-09-19 04:47 - 00109476 ____A C:\Windows\DPINST.LOG2013-05-01 16:46 - 2010-09-19 04:39 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2013-04-27 17:35 - 2010-09-19 05:26 - 00084534 ____A C:\Windows\PFRO.log2013-04-20 19:01 - 2011-06-16 07:55 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForErik Kjell.job2013-04-17 19:38 - 2013-04-17 18:34 - 00853645 ____A C:\Users\Erik Kjell\Downloads\Kost för aktiva ungdomar!.pptx2013-04-12 14:58 - 2013-04-27 17:41 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-04-11 19:04 - 2010-11-30 21:38 - 00002393 ____A C:\Users\Erik Kjell\Desktop\Google Chrome.lnkOther Malware:===========C:\Users\Erik Kjell\Microsoft.Crm.Setup.Server.exeC:\Users\Erik Kjell\SetupServer.exe==================== Known DLLs (Whitelisted) ================================ Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys[2012-12-12 12:11] - [2012-09-06 17:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960EC:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points  =========================Restore point made on: 2013-05-11 14:17:38==================== Memory info =========================== Percentage of memory in use: 24%Total physical RAM: 1782.43 MBAvailable physical RAM: 1346.8 MBTotal Pagefile: 1782.43 MBAvailable Pagefile: 1357.5 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1969.65 MB==================== Drives ================================Drive c: () (Fixed) (Total:280.8 GB) (Free:159.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32Drive h: () (Removable) (Total:7.48 GB) (Free:7.46 GB) FAT32Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFSDrive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B073D52D)Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)========================================================Disk: 1 (Size: 7 GB) (Disk ID: 73696D20)Partition 1: (Not Active) - (Size=-4750121984) - (Type=0A)Partition 2: (Not Active) - (Size=260 GB) - (Type=65)Partition 3: (Not Active) - (Size=0) - (Type=65)Partition 4: (Not Active) - (Size=26 MB) - (Type=00)Last Boot: 2013-05-11 12:58==================== End Of Log ============================</blockquote>

Verification

Top