TechSpot

DSMK-virus? P2P-Worm.Win32.Palevo.dsmk?

By rogerthat69
Feb 6, 2014
  1. Hello again Broni,

    The dsmk-file came back 2 day´s later and my fan stopped working. Had it again deleted at boot by WinPatrol.

    The file: C:\USERS\ÄGAREN\APPDATA\LOCAL\TEMP\4D76AAE0D9340B51E9000000.DSMK

    Other problems: Continous memory-shortage with spikes when trying to do something. Mostly "internal",
    not so much when surfing. At start-up after "log in" a svchost-file consumes a lot of cpu and disk-capacity for 5 minutes approx.

    Other un-identified files in system32-folder:

    settings.dat
     
  2. rogerthat69

    rogerthat69 TS Enthusiast Topic Starter Posts: 57

    Cont.;

    Sorry, FAT-finger? No, my keyboard have some keys which responds strangely!

    as told in post above;

    Un-identified files in system32-folder:

    setting.dat created: 2013-11-12, last used: 2013-11-12
    PVSonyDLL.dll (but I think this file is not malware!)

    4D76AAE0D9340B51E9000000.DSMK: Can not find anything I google except
    ONE(only) file with the same filetype: P2P-Worm.Win32.Palevo.dsmk
    It is a P2P Worm. But I have not ever, to my knowledge, been involved in P2P-
    filesharing. I have though had some problems with my firewall(told you before)
    which tried to open remote control etc. But not anymore. Also had also some strange network-connections. Network was suddenly renamed. Connections often disappears when looking at internet-icon down at the tray. Sometimes I have connection but not according to Network- Sharingcenter! (Filesharing and Network-Indentification is by the way off). Ran Malwarebytes, fast scan incl P2P but nothing found. According to F-secure this worm infects I.e System Restore. I had big problems I November(settings-dat?) and did a SR. Then You disinfected my system a few days back.


    This file "setting.dat" maybe have some connections to "torrents"-software etc according some internet info! I have never downloaded anything from a Torrent-site.




     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OK, all I can do is to recheck your computer.
    Keep in mind that files in temp folder can be created by zillion different programs so without any sample file (since it was deleted by WinPatrol) there is no way to tell where it came form and if it is even malicious.

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  4. rogerthat69

    rogerthat69 TS Enthusiast Topic Starter Posts: 57

    Ok! Shall I upload the file for a check next time it shows up? How about "setting.dat"?

    I will re-run Malware-bytes on a full scan next time this hidden temp-file shows itself.
    This file was written first time(again) at 00.42 AM yesterday, just before I logged out
    according to WinPatr. But detected by WinPatrol first next morning!



    I.e from log: Explorer.exe is using a lot of processor-power:

    StartTime 2014-02-03T17:09:20.648Z
    NameLength 45
    Name \Device\HarddiskVolume2\Windows\explorer.exe
    FriendlyNameLength 12
    FriendlyName Utforskaren
    VersionLength 39
    Version 6.0.6000.16386 (vista_rtm.061101-2205)
    ThreadTime 514
    BlockedTime 132
    PercentTime 25.6636566332435
    PathLength 24
    Path C:\Windows\explorer.exe
    ProductNameLength 37
    ProductName Operativsystemet Microsoft® Windows®
    CompanyNameLength 22
    CompanyName Microsoft Corporation


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2014
    Ran by Ägaren (administrator) on ÄGAREN-DATOR on 07-02-2014 00:34:47
    Running from C:\Users\Ägaren\Desktop
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Swedish
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) ===================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (Microsoft Corporation) C:\Windows\System32\conime.exe
    (Secunia) C:\Program Files\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    () C:\Program Files\Secunia\PSI\SUA\68d2b284c4010857fde66c83af3c82be0e2fdd2a\JavaJRE_7u51_32-bit_PSIonlySPS.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (NGO Science Center "RightMark") C:\Program Files\RMClock\RMClock.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
    HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
    HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
    HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [455744 2013-12-10] (BillP Studios)
    HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2014-01-17] (Sandboxie Holdings, LLC)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM - DefaultScope value is missing.
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 83.255.245.11 193.150.193.150

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF Plugin: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 - C:\Program Files\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
    FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
    FF Extension: WOT - C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-12]
    FF Extension: NoScript - C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-08]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

    Chrome:
    =======
    CHR Extension: (Google Dokument) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
    CHR Extension: (Google Drive) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
    CHR Extension: (YouTube) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
    CHR Extension: (Sök på Google) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
    CHR Extension: (Google Wallet) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
    CHR Extension: (Gmail) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]

    ========================== Services (Whitelisted) =================

    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
    R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-17] (Sandboxie Holdings, LLC)
    S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
    R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

    ==================== Drivers (Whitelisted) ====================

    R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-01-08] (Windows (R) Codename Longhorn DDK provider)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
    S3 nhcDriverDevice; C:\Windows\system32\drivers\nhcDriver.sys [22528 2014-01-06] (pBUS-167 Software - http://www.pbus-167.com)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
    R3 RTCore32; C:\Program Files\RMClock\RTCore32.sys [4608 2005-05-25] ()
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-17] (Sandboxie Holdings, LLC)
    R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc)
    R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2009-02-05] (Silicon Image, Inc.)
    R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2009-02-05] (Silicon Image, Inc.)
    U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-01-27] ()
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-02-07 00:34 - 2014-02-07 00:35 - 00008673 _____ () C:\Users\Ägaren\Desktop\FRST.txt
    2014-02-07 00:34 - 2014-02-07 00:34 - 01037530 _____ (Thisisu) C:\Users\Ägaren\Desktop\JRT.exe
    2014-02-07 00:34 - 2014-02-07 00:34 - 00000000 ____D () C:\FRST
    2014-02-07 00:33 - 2014-02-07 00:33 - 01166132 _____ () C:\Users\Ägaren\Desktop\AdwCleaner.exe
    2014-02-07 00:33 - 2014-02-07 00:33 - 01136640 _____ (Farbar) C:\Users\Ägaren\Desktop\FRST.exe
    2014-02-07 00:20 - 2014-02-07 00:20 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-02-07 00:12 - 2014-02-07 00:13 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-02-07 00:08 - 2014-02-07 00:08 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\Secunia PSI
    2014-02-07 00:07 - 2014-02-07 00:07 - 00000000 ____D () C:\Program Files\Secunia
    2014-02-06 23:53 - 2014-02-06 23:53 - 05329480 _____ (Secunia) C:\Users\Ägaren\Downloads\PSISetup.exe
    2014-02-06 00:43 - 2014-02-06 00:43 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Nitro
    2014-02-06 00:42 - 2014-02-06 00:42 - 00001868 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
    2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\ProgramData\Nitro
    2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\Program Files\Nitro
    2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\Program Files\Common Files\Nitro
    2014-02-06 00:41 - 2014-02-06 00:41 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Downloaded Installations
    2014-02-05 13:03 - 2014-02-05 13:03 - 342469326 _____ () C:\Users\Ägaren\Documents\Datorregister_före_borttag_yxan-bibliotek.reg
    2014-02-05 12:19 - 2014-02-05 12:19 - 00014088 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP141.SYS
    2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\abelhadigital.com
    2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
    2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\ProgramData\abelhadigital.com
    2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Program Files\HostsMan
    2014-02-05 00:37 - 2014-02-05 00:37 - 00000000 ____D () C:\Users\Ägaren\Downloads\rcsetup149
    2014-02-04 21:37 - 2014-02-04 21:37 - 02814070 _____ () C:\Users\Ägaren\Downloads\HostsMan_4.3.98_installer.zip
    2014-01-31 04:29 - 2014-01-31 04:29 - 00012638 _____ () C:\Users\Ägaren\Desktop\runscanner2.log
    2014-01-30 14:52 - 2014-02-07 00:04 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-30 14:52 - 2014-02-06 23:59 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-30 14:52 - 2014-02-04 10:09 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-01-30 14:51 - 2014-01-30 14:52 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\Google
    2014-01-30 14:51 - 2014-01-30 14:52 - 00000000 ____D () C:\Program Files\Google
    2014-01-30 14:50 - 2014-01-30 14:50 - 00819184 _____ (Google Inc.) C:\Users\Ägaren\Downloads\ChromeSetup.exe
    2014-01-30 14:23 - 2014-01-30 14:23 - 00448512 _____ (OldTimer Tools) C:\Users\Ägaren\Desktop\TFC.exe
    2014-01-30 14:06 - 2014-01-30 14:06 - 00000000 ____D () C:\Program Files\BankID
    2014-01-30 13:27 - 2014-01-30 15:03 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\BankID
    2014-01-30 13:25 - 2014-01-30 14:04 - 07039632 _____ () C:\Users\Ägaren\Downloads\BankID_installation_5_0_2.exe
    2014-01-30 12:53 - 2014-01-31 19:04 - 00001422 _____ () C:\Windows\Sandboxie.ini
    2014-01-30 12:53 - 2014-01-30 12:52 - 00000860 _____ () C:\Users\Ägaren\Desktop\Sandlådad Webbläsare.lnk
    2014-01-30 12:52 - 2014-01-30 12:52 - 00000000 ____D () C:\Program Files\Sandboxie
    2014-01-29 02:06 - 2014-01-29 02:06 - 00006034 _____ () C:\Users\Ägaren\Documents\cc_20140129_020615.reg
    2014-01-28 23:33 - 2014-01-28 23:33 - 00000000 ____D () C:\_OTL
    2014-01-28 23:29 - 2014-01-28 23:29 - 00054386 _____ () C:\Users\Ägaren\Desktop\OTL.Txt
    2014-01-28 01:51 - 2014-01-28 01:51 - 00017782 _____ () C:\Users\Ägaren\Desktop\Extras.Txt
    2014-01-28 01:25 - 2014-01-28 01:25 - 00001376 _____ () C:\Users\Ägaren\Desktop\JRT.txt
    2014-01-28 01:01 - 2014-01-28 01:01 - 00000000 ____D () C:\Windows\ERUNT
    2014-01-27 21:42 - 2014-01-30 17:57 - 00000510 _____ () C:\Windows\WORDPAD.INI
    2014-01-27 20:30 - 2014-01-27 20:30 - 00118858 _____ () C:\ComboFix.txt
    2014-01-27 01:59 - 2014-01-27 02:10 - 00000000 ____D () C:\Program Files\mbar
    2014-01-27 00:45 - 2014-01-27 01:34 - 00026624 _____ () C:\Windows\system32\TrueSight.sys
    2014-01-26 17:53 - 2014-01-26 18:00 - 00004225 _____ () C:\Users\Ägaren\Desktop\attach.txt
    2014-01-26 17:53 - 2014-01-26 17:59 - 00009873 _____ () C:\Users\Ägaren\Desktop\dds.txt
    2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ___HD () C:\Windows\PIF
    2014-01-21 16:20 - 2014-01-21 16:20 - 00000000 ____D () C:\Windows\CheckSur
    2014-01-21 16:17 - 2014-01-21 16:18 - 147445671 _____ () C:\Users\Ägaren\Downloads\Windows6.0-KB947821-v32-x86.msu
    2014-01-20 00:29 - 2014-01-20 00:29 - 00013990 _____ () C:\Users\Ägaren\Desktop\runscanner.log
    2014-01-19 23:15 - 2014-01-19 23:15 - 00018322 _____ () C:\Users\Ägaren\Documents\cc_20140119_231442_efterSFC_reparation.reg
    2014-01-18 13:50 - 2014-01-18 13:50 - 00000000 ___RD () C:\Sandbox
    2014-01-16 00:28 - 2014-01-16 00:30 - 98906072 _____ () C:\Windows\MEMORY.DMP
    2014-01-10 00:30 - 2014-01-10 00:30 - 00000512 _____ () C:\Users\Ägaren\Desktop\MBR.dat
    2014-01-09 23:42 - 2014-01-09 23:42 - 00000114 _____ () C:\local.conf
    2014-01-09 23:03 - 2014-01-09 23:03 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.bak
    2014-01-09 22:45 - 2014-01-09 23:20 - 00000000 ____D () C:\mbar
    2014-01-09 21:42 - 2014-01-27 01:59 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-01-08 01:32 - 2014-01-30 22:26 - 00053910 _____ () C:\Windows\PFRO.log

    ==================== One Month Modified Files and Folders =======

    2014-02-07 00:35 - 2014-02-07 00:34 - 00008673 _____ () C:\Users\Ägaren\Desktop\FRST.txt
    2014-02-07 00:34 - 2014-02-07 00:34 - 01037530 _____ (Thisisu) C:\Users\Ägaren\Desktop\JRT.exe
    2014-02-07 00:34 - 2014-02-07 00:34 - 00000000 ____D () C:\FRST
    2014-02-07 00:33 - 2014-02-07 00:33 - 01166132 _____ () C:\Users\Ägaren\Desktop\AdwCleaner.exe
    2014-02-07 00:33 - 2014-02-07 00:33 - 01136640 _____ (Farbar) C:\Users\Ägaren\Desktop\FRST.exe
    2014-02-07 00:25 - 2008-01-21 02:35 - 01694665 _____ () C:\Windows\WindowsUpdate.log
    2014-02-07 00:20 - 2014-02-07 00:20 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-02-07 00:20 - 2013-12-29 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-02-07 00:20 - 2013-12-29 16:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-02-07 00:13 - 2014-02-07 00:12 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-02-07 00:13 - 2013-10-24 10:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-02-07 00:13 - 2013-10-24 10:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-02-07 00:08 - 2014-02-07 00:08 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\Secunia PSI
    2014-02-07 00:07 - 2014-02-07 00:07 - 00000000 ____D () C:\Program Files\Secunia
    2014-02-07 00:04 - 2014-01-30 14:52 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-02-06 23:59 - 2014-01-30 14:52 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-02-06 23:59 - 2013-10-21 11:58 - 00001356 _____ () C:\Users\Ägaren\AppData\Local\d3d9caps.dat
    2014-02-06 23:59 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-02-06 23:59 - 2006-11-02 13:47 - 00004576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-02-06 23:59 - 2006-11-02 13:47 - 00004576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-02-06 23:58 - 2006-11-02 14:01 - 00032522 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-02-06 23:53 - 2014-02-06 23:53 - 05329480 _____ (Secunia) C:\Users\Ägaren\Downloads\PSISetup.exe
    2014-02-06 12:43 - 2013-11-10 06:14 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Nitro PDF
    2014-02-06 00:43 - 2014-02-06 00:43 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Nitro
    2014-02-06 00:42 - 2014-02-06 00:42 - 00001868 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
    2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\ProgramData\Nitro
    2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\Program Files\Nitro
    2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\Program Files\Common Files\Nitro
    2014-02-06 00:41 - 2014-02-06 00:41 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Downloaded Installations
    2014-02-05 13:03 - 2014-02-05 13:03 - 342469326 _____ () C:\Users\Ägaren\Documents\Datorregister_före_borttag_yxan-bibliotek.reg
    2014-02-05 12:19 - 2014-02-05 12:19 - 00014088 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP141.SYS
    2014-02-05 12:12 - 2013-12-28 00:28 - 00000000 ____D () C:\Program Files\SysInternals
    2014-02-05 01:20 - 2006-11-02 11:23 - 00569258 _____ () C:\Windows\system32\Drivers\etc\HOSTS.bak
    2014-02-05 00:58 - 2013-11-12 13:15 - 00000000 ____D () C:\Users\Ägaren\Desktop\gäster
    2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\abelhadigital.com
    2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
    2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\ProgramData\abelhadigital.com
    2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Program Files\HostsMan
    2014-02-05 00:37 - 2014-02-05 00:37 - 00000000 ____D () C:\Users\Ägaren\Downloads\rcsetup149
    2014-02-04 21:37 - 2014-02-04 21:37 - 02814070 _____ () C:\Users\Ägaren\Downloads\HostsMan_4.3.98_installer.zip
    2014-02-04 19:30 - 2013-10-23 22:53 - 00000000 ____D () C:\Users\Ägaren\Documents\NSS
    2014-02-04 10:09 - 2014-01-30 14:52 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-02-03 13:04 - 2008-01-21 07:21 - 01530984 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-02-03 13:04 - 2008-01-21 07:21 - 00631342 _____ () C:\Windows\system32\perfh01D.dat
    2014-02-03 13:04 - 2008-01-21 07:21 - 00134628 _____ () C:\Windows\system32\perfc01D.dat
    2014-01-31 19:04 - 2014-01-30 12:53 - 00001422 _____ () C:\Windows\Sandboxie.ini
    2014-01-31 04:29 - 2014-01-31 04:29 - 00012638 _____ () C:\Users\Ägaren\Desktop\runscanner2.log
    2014-01-31 02:50 - 2013-10-27 00:47 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\NVIDIA Corporation
    2014-01-31 02:31 - 2013-10-22 09:10 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Adobe
    2014-01-30 22:26 - 2014-01-08 01:32 - 00053910 _____ () C:\Windows\PFRO.log
    2014-01-30 17:57 - 2014-01-27 21:42 - 00000510 _____ () C:\Windows\WORDPAD.INI
    2014-01-30 15:03 - 2014-01-30 13:27 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\BankID
    2014-01-30 14:52 - 2014-01-30 14:51 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\Google
    2014-01-30 14:52 - 2014-01-30 14:51 - 00000000 ____D () C:\Program Files\Google
    2014-01-30 14:50 - 2014-01-30 14:50 - 00819184 _____ (Google Inc.) C:\Users\Ägaren\Downloads\ChromeSetup.exe
    2014-01-30 14:23 - 2014-01-30 14:23 - 00448512 _____ (OldTimer Tools) C:\Users\Ägaren\Desktop\TFC.exe
    2014-01-30 14:06 - 2014-01-30 14:06 - 00000000 ____D () C:\Program Files\BankID
    2014-01-30 14:04 - 2014-01-30 13:25 - 07039632 _____ () C:\Users\Ägaren\Downloads\BankID_installation_5_0_2.exe
    2014-01-30 12:52 - 2014-01-30 12:53 - 00000860 _____ () C:\Users\Ägaren\Desktop\Sandlådad Webbläsare.lnk
    2014-01-30 12:52 - 2014-01-30 12:52 - 00000000 ____D () C:\Program Files\Sandboxie
    2014-01-29 12:37 - 2013-11-10 01:19 - 00000000 ____D () C:\Users\Ägaren\Desktop\Säkerhetloggar
    2014-01-29 02:06 - 2014-01-29 02:06 - 00006034 _____ () C:\Users\Ägaren\Documents\cc_20140129_020615.reg
    2014-01-28 23:33 - 2014-01-28 23:33 - 00000000 ____D () C:\_OTL
    2014-01-28 23:29 - 2014-01-28 23:29 - 00054386 _____ () C:\Users\Ägaren\Desktop\OTL.Txt
    2014-01-28 01:51 - 2014-01-28 01:51 - 00017782 _____ () C:\Users\Ägaren\Desktop\Extras.Txt
    2014-01-28 01:25 - 2014-01-28 01:25 - 00001376 _____ () C:\Users\Ägaren\Desktop\JRT.txt
    2014-01-28 01:01 - 2014-01-28 01:01 - 00000000 ____D () C:\Windows\ERUNT
    2014-01-27 23:53 - 2013-12-28 16:23 - 01543208 _____ (BillP Studios) C:\Users\Ägaren\Downloads\wpsetup.exe
    2014-01-27 20:30 - 2014-01-27 20:30 - 00118858 _____ () C:\ComboFix.txt
    2014-01-27 20:30 - 2013-11-10 00:40 - 00000000 ____D () C:\Qoobox
    2014-01-27 20:26 - 2013-11-10 00:40 - 00000000 ____D () C:\Windows\erdnt
    2014-01-27 20:26 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
    2014-01-27 02:10 - 2014-01-27 01:59 - 00000000 ____D () C:\Program Files\mbar
    2014-01-27 02:10 - 2013-10-27 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-01-27 01:59 - 2014-01-09 21:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-01-27 01:34 - 2014-01-27 00:45 - 00026624 _____ () C:\Windows\system32\TrueSight.sys
    2014-01-26 18:00 - 2014-01-26 17:53 - 00004225 _____ () C:\Users\Ägaren\Desktop\attach.txt
    2014-01-26 17:59 - 2014-01-26 17:53 - 00009873 _____ () C:\Users\Ägaren\Desktop\dds.txt
    2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ___HD () C:\Windows\PIF
    2014-01-21 16:20 - 2014-01-21 16:20 - 00000000 ____D () C:\Windows\CheckSur
    2014-01-21 16:18 - 2014-01-21 16:17 - 147445671 _____ () C:\Users\Ägaren\Downloads\Windows6.0-KB947821-v32-x86.msu
    2014-01-20 00:29 - 2014-01-20 00:29 - 00013990 _____ () C:\Users\Ägaren\Desktop\runscanner.log
    2014-01-20 00:05 - 2013-11-10 05:04 - 00000000 ____D () C:\Users\Ägaren\Downloads\tdsskiller
    2014-01-19 23:15 - 2014-01-19 23:15 - 00018322 _____ () C:\Users\Ägaren\Documents\cc_20140119_231442_efterSFC_reparation.reg
    2014-01-19 08:32 - 2013-10-21 17:01 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-01-18 13:50 - 2014-01-18 13:50 - 00000000 ___RD () C:\Sandbox
    2014-01-16 00:30 - 2014-01-16 00:28 - 98906072 _____ () C:\Windows\MEMORY.DMP
    2014-01-15 17:17 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-01-15 12:00 - 2013-10-21 14:02 - 00000000 ____D () C:\Windows\system32\MRT
    2014-01-15 11:57 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-01-10 00:30 - 2014-01-10 00:30 - 00000512 _____ () C:\Users\Ägaren\Desktop\MBR.dat
    2014-01-09 23:42 - 2014-01-09 23:42 - 00000114 _____ () C:\local.conf
    2014-01-09 23:20 - 2014-01-09 22:45 - 00000000 ____D () C:\mbar
    2014-01-09 23:03 - 2014-01-09 23:03 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.bak
    2014-01-09 09:05 - 2013-11-19 08:35 - 00000000 ____D () C:\d15589df13cecc159ee0
    2014-01-09 00:02 - 2013-12-14 19:18 - 00000000 ____D () C:\Program Files\Lavasoft
    2014-01-08 02:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-01-08 02:03 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\RootkitRevealer.exe
    2014-01-08 02:03 - 2006-07-28 08:32 - 00007005 _____ () C:\Program Files\Eula.txt
    2014-01-08 02:03 - 2005-12-07 14:19 - 00102160 _____ () C:\Program Files\RootkitRevealer.chm

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\services.exe => MD5 is legit
    C:\Windows\system32\User32.dll => MD5 is legit
    C:\Windows\system32\userinit.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-02-07 00:05

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-02-2014
    Ran by Ägaren at 2014-02-07 00:35:51
    Running from C:\Users\Ägaren\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated) <==== ATTENTION
    Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated) <==== ATTENTION
    BankID säkerhetsprogram (Version: 5.0.2.10 - Finansiell ID-Teknik BID AB) <==== ATTENTION
    Belarc Advisor 8.4 (Version: 8.4.0.0 - Belarc Inc.) <==== ATTENTION
    CCleaner (Version: 4.04 - Piriform) <==== ATTENTION
    Exterminate It! (Version: 2.12.11.11 - CURIOLAB S.M.B.A.) <==== ATTENTION
    Google Chrome (Version: 32.0.1700.107 - Google Inc.) <==== ATTENTION
    Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden <==== ATTENTION
    HostsMan 4.3.98 (Version: 4.3.98.0 - abelhadigital.com) <==== ATTENTION
    Intel(R) Matrix Storage Manager (Version: - ) <==== ATTENTION
    Java 7 Update 45 (Version: 7.0.450 - Oracle) <==== ATTENTION
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden <==== ATTENTION
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) <==== ATTENTION
    Microsoft .NET Framework 3.5 Language Pack SP1 - sve (Version: 3.5.30729 - Microsoft Corporation) Hidden <==== ATTENTION
    Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) <==== ATTENTION
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden <==== ATTENTION
    Microsoft .NET Framework 4.5.1 (SVE) (Version: 4.5.50938 - Microsoft Corporation) Hidden <==== ATTENTION
    Microsoft .NET Framework 4.5.1 (svenska) (Version: 4.5.50938 - Microsoft Corporation) <==== ATTENTION
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden <==== ATTENTION
    Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden <==== ATTENTION
    Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation) <==== ATTENTION
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) <==== ATTENTION
    Motorola SM56 Speakerphone Modem (Version: 6.12.25.06 - Motorola Inc) <==== ATTENTION
    Mozilla Firefox 27.0 (x86 sv-SE) (Version: 27.0 - Mozilla) <==== ATTENTION
    Mozilla Maintenance Service (Version: 27.0 - Mozilla) <==== ATTENTION
    NirSoft BlueScreenView (Version: - ) <==== ATTENTION
    Nitro Reader 3 (Version: 3.5.2.10 - Nitro) <==== ATTENTION
    Notebook Hardware Control 2.0 Pre-Release-06 Bugfix (Version: 2.0 Pre-Release-06 Bugfix - Manfred Jaider) <==== ATTENTION
    NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation) <==== ATTENTION
    OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation) <==== ATTENTION
    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden <==== ATTENTION
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek) <==== ATTENTION
    Realtek High Definition Audio Driver (Version: 6.0.1.5413 - Realtek Semiconductor Corp.) <==== ATTENTION
    Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group) <==== ATTENTION
    Sandboxie 4.08 (32-bit) (Version: 4.08 - Sandboxie Holdings, LLC) <==== ATTENTION
    Secunia PSI (3.0.0.9016) (Version: 3.0.0.9016 - Secunia) <==== ATTENTION
    Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve (Version: - Microsoft Corporation) <==== ATTENTION
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) <==== ATTENTION
    WinPatrol (Version: 29.2.2013 - BillP Studios) <==== ATTENTION

    ==================== Restore Points =========================

    08-01-2014 11:47:32 Windows Update
    09-01-2014 07:57:39 Före körning av RoqueKiller och borttag av Recycle(19).Bin26/11
    12-01-2014 16:20:08 Windows Update
    12-01-2014 17:43:38 Revo Uninstaller's restore point - Prevx
    15-01-2014 10:57:23 Windows Update
    19-01-2014 13:48:43 Windows Update
    20-01-2014 16:08:53 Windows Update
    21-01-2014 13:13:33 Schemalagd kontrollpunkt
    21-01-2014 14:08:27 Installationsprogram för Windows-moduler
    21-01-2014 14:46:55 Före fix av Windows-funktioner
    21-01-2014 15:19:47 Windows Update
    24-01-2014 17:23:24 Schemalagd kontrollpunkt
    24-01-2014 18:58:36 Windows Update
    27-01-2014 00:54:38 Före MBAR Root-kit
    27-01-2014 22:28:40 Windows Update
    29-01-2014 02:54:38 Schemalagd kontrollpunkt
    30-01-2014 11:26:27 Revo Uninstaller's restore point - Sandboxie 4.06 (32-bit)
    30-01-2014 12:27:09 Installerad BankID säkerhetsprogram.
    30-01-2014 12:57:32 Revo Uninstaller's restore point - BankID säkerhetsprogram
    30-01-2014 12:57:45 Borttagen BankID säkerhetsprogram.
    30-01-2014 12:59:30 Revo Uninstaller's restore point - BankID säkerhetsprogram
    30-01-2014 12:59:49 Borttagen BankID säkerhetsprogram.
    30-01-2014 13:05:51 Installerad BankID säkerhetsprogram.
    31-01-2014 01:44:53 Borttagning av diverse Yxan filer samt Iconcache rebuild
    31-01-2014 10:45:03 Windows Update
    01-02-2014 13:07:12 Schemalagd kontrollpunkt
    03-02-2014 16:07:14 Windows Update
    04-02-2014 22:57:15 Före borttag av dir Yxan och kopiering av register
    05-02-2014 23:42:05 Installed Nitro Reader 3
    06-02-2014 23:11:19 Windows Update

    ==================== Hosts content: ==========================

    2006-11-02 11:23 - 2014-02-05 10:06 - 00569258 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    127.0.0.1 fr.a2dfp.net
    127.0.0.1 m.fr.a2dfp.net
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 abcstats.com
    127.0.0.1 a.abv.bg
    127.0.0.1 adserver.abv.bg
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 ca.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 track.acclaimnetwork.com
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 achmedia.com
    127.0.0.1 csh.actiondesk.com
    127.0.0.1 www.activemeter.com #[Tracking.Cookie]
    127.0.0.1 ads.activepower.net
    127.0.0.1 app.activetrail.com
    127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
    127.0.0.1 cms.ad2click.nl
    127.0.0.1 ad2games.com
    127.0.0.1 ads.ad2games.com
    127.0.0.1 content.ad20.net
    127.0.0.1 core.ad20.net
    127.0.0.1 banner.ad.nu
    127.0.0.1 cl21.v4.adaction.se
    127.0.0.1 adadvisor.net

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {4224992F-B5C2-43C9-9AA7-C2A6EEB73FDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
    Task: {5A67B50A-6DE3-4F7E-B6EA-96286A244AB8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {B4EEDE00-AD51-4C9F-B202-7DA125875F30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
    Task: {CC05A601-FA82-49B7-A30F-C84CEE8B10E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07] (Adobe Systems Incorporated)
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
    Task: {F9ECD9AC-D1CB-496E-9A59-593AFA1C9296} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-12-28 18:03 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:36 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:36 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:36 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:36 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error: (02/06/2014 00:40:35 AM) (Source: SideBySide) (User: )
    Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
    Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
    Använd sxstrace.exe om du vill diagnostisera ytterligare.


    System errors:
    =============
    Error: (02/07/2014 00:01:23 AM) (Source: Service Control Manager) (User: )
    Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

    Error: (02/07/2014 00:01:23 AM) (Source: Service Control Manager) (User: )
    Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058

    Error: (02/07/2014 00:01:23 AM) (Source: Service Control Manager) (User: )
    Description: Parallel port driver%%1058

    Error: (02/06/2014 11:46:06 PM) (Source: Service Control Manager) (User: )
    Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

    Error: (02/06/2014 05:04:36 PM) (Source: Service Control Manager) (User: )
    Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

    Error: (02/06/2014 05:04:36 PM) (Source: Service Control Manager) (User: )
    Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058

    Error: (02/06/2014 05:04:36 PM) (Source: Service Control Manager) (User: )
    Description: Parallel port driver%%1058

    Error: (02/06/2014 05:03:12 PM) (Source: DCOM) (User: )
    Description: C:\Windows\System32\mobsync.exe -Embedding2{6295DF2D-35EE-11D1-8707-00C04FD93327}

    Error: (02/06/2014 10:43:41 AM) (Source: Service Control Manager) (User: )
    Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

    Error: (02/06/2014 10:43:41 AM) (Source: Service Control Manager) (User: )
    Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058


    Microsoft Office Sessions:
    =========================
    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:36 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:36 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:36 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:36 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

    Error: (02/06/2014 00:40:35 AM) (Source: SideBySide)(User: )
    Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL


    CodeIntegrity Errors:
    ===================================
    Date: 2014-02-07 00:35:45.431
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-07 00:35:45.306
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-07 00:35:45.181
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-07 00:35:44.916
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-07 00:35:44.698
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-07 00:35:44.588
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-07 00:35:44.401
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-07 00:35:44.292
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-06 11:10:57.188
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-02-06 11:10:57.078
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 44%
    Total physical RAM: 2045.7 MB
    Available physical RAM: 1138.23 MB
    Total Pagefile: 4328.41 MB
    Available Pagefile: 3503.8 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1895.29 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:195.31 GB) (Free:140.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive e: (Ny volym) (Fixed) (Total:37.57 GB) (Free:37.48 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: C92722F4)
    Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=38 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 514 MB) (Disk ID: 61F6E521)
    Partition 1: (Not Active) - (Size=513 MB) - (Type=0B)

    ==================== End Of Log ============================


    The meaning of "Attention" in log?

    I disabled quite a few services; Errors on log:

    1. Remote Access Connection Mgr (do not use VPN)
    2. UPnP-service for the moment disabled
    3. Parallel-port driver?(no idea! error at every boot)
    4. Mobsync.exe file renamed (until problems solved)

    5. Maybe I should re-install Malware-bytes(mbamchameleon.sys)?
    (Code Integrity Error)
    6. MS Office Session-problem!( have no idea)MFC80U.DLL
    Strange! I don´t use MS Office. I use Open Office!
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yes. Upload it here: https://www.virustotal.com/ for security check.

    There is no way we can manually check every file on your computer.
    We use scanning tools for that.

    It's a bug in FRST newest version.
    I already reported it to the tool's author.

    As in your other topics I don't see anything malicious.

    Said that you must pursue any existing issues in Windows forum.
     
  6. rogerthat69

    rogerthat69 TS Enthusiast Topic Starter Posts: 57

    I will Broni, thanks again! (y)
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...