Inactive DSMK-virus? P2P-Worm.Win32.Palevo.dsmk?

rogerthat69

Posts: 57   +0
Hello again Broni,

The dsmk-file came back 2 day´s later and my fan stopped working. Had it again deleted at boot by WinPatrol.

The file: C:\USERS\ÄGAREN\APPDATA\LOCAL\TEMP\4D76AAE0D9340B51E9000000.DSMK

Other problems: Continous memory-shortage with spikes when trying to do something. Mostly "internal",
not so much when surfing. At start-up after "log in" a svchost-file consumes a lot of cpu and disk-capacity for 5 minutes approx.

Other un-identified files in system32-folder:

settings.dat
 
Cont.;

Sorry, FAT-finger? No, my keyboard have some keys which responds strangely!

as told in post above;

Un-identified files in system32-folder:

setting.dat created: 2013-11-12, last used: 2013-11-12
PVSonyDLL.dll (but I think this file is not malware!)

4D76AAE0D9340B51E9000000.DSMK: Can not find anything I google except
ONE(only) file with the same filetype: P2P-Worm.Win32.Palevo.dsmk
It is a P2P Worm. But I have not ever, to my knowledge, been involved in P2P-
filesharing. I have though had some problems with my firewall(told you before)
which tried to open remote control etc. But not anymore. Also had also some strange network-connections. Network was suddenly renamed. Connections often disappears when looking at internet-icon down at the tray. Sometimes I have connection but not according to Network- Sharingcenter! (Filesharing and Network-Indentification is by the way off). Ran Malwarebytes, fast scan incl P2P but nothing found. According to F-secure this worm infects I.e System Restore. I had big problems I November(settings-dat?) and did a SR. Then You disinfected my system a few days back.

This file "setting.dat" maybe have some connections to "torrents"-software etc according some internet info! I have never downloaded anything from a Torrent-site.




 
OK, all I can do is to recheck your computer.
Keep in mind that files in temp folder can be created by zillion different programs so without any sample file (since it was deleted by WinPatrol) there is no way to tell where it came form and if it is even malicious.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Ok! Shall I upload the file for a check next time it shows up? How about "setting.dat"?

I will re-run Malware-bytes on a full scan next time this hidden temp-file shows itself.
This file was written first time(again) at 00.42 AM yesterday, just before I logged out
according to WinPatr. But detected by WinPatrol first next morning!



I.e from log: Explorer.exe is using a lot of processor-power:

StartTime 2014-02-03T17:09:20.648Z
NameLength 45
Name \Device\HarddiskVolume2\Windows\explorer.exe
FriendlyNameLength 12
FriendlyName Utforskaren
VersionLength 39
Version 6.0.6000.16386 (vista_rtm.061101-2205)
ThreadTime 514
BlockedTime 132
PercentTime 25.6636566332435
PathLength 24
Path C:\Windows\explorer.exe
ProductNameLength 37
ProductName Operativsystemet Microsoft® Windows®
CompanyNameLength 22
CompanyName Microsoft Corporation


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-02-2014
Ran by Ägaren (administrator) on ÄGAREN-DATOR on 07-02-2014 00:34:47
Running from C:\Users\Ägaren\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Swedish
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files\Secunia\PSI\SUA\68d2b284c4010857fde66c83af3c82be0e2fdd2a\JavaJRE_7u51_32-bit_PSIonlySPS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NGO Science Center "RightMark") C:\Program Files\RMClock\RMClock.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4468736 2007-05-10] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [455744 2013-12-10] (BillP Studios)
HKU\S-1-5-21-2935924495-2357685730-2340671949-1000\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2014-01-17] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 83.255.245.11 193.150.193.150

FireFox:
========
FF ProfilePath: C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 - C:\Program Files\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
FF Extension: WOT - C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-12]
FF Extension: NoScript - C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\zmugow3t.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR Extension: (Google Dokument) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
CHR Extension: (Google Drive) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (YouTube) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
CHR Extension: (Sök på Google) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
CHR Extension: (Google Wallet) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (Gmail) - C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-17] (Sandboxie Holdings, LLC)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [46592 2007-01-08] (Windows (R) Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 nhcDriverDevice; C:\Windows\system32\drivers\nhcDriver.sys [22528 2014-01-06] (pBUS-167 Software - http://www.pbus-167.com)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 RTCore32; C:\Program Files\RMClock\RTCore32.sys [4608 2005-05-25] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-17] (Sandboxie Holdings, LLC)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2009-02-05] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2009-02-05] (Silicon Image, Inc.)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-01-27] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-07 00:34 - 2014-02-07 00:35 - 00008673 _____ () C:\Users\Ägaren\Desktop\FRST.txt
2014-02-07 00:34 - 2014-02-07 00:34 - 01037530 _____ (Thisisu) C:\Users\Ägaren\Desktop\JRT.exe
2014-02-07 00:34 - 2014-02-07 00:34 - 00000000 ____D () C:\FRST
2014-02-07 00:33 - 2014-02-07 00:33 - 01166132 _____ () C:\Users\Ägaren\Desktop\AdwCleaner.exe
2014-02-07 00:33 - 2014-02-07 00:33 - 01136640 _____ (Farbar) C:\Users\Ägaren\Desktop\FRST.exe
2014-02-07 00:20 - 2014-02-07 00:20 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-07 00:12 - 2014-02-07 00:13 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 00:08 - 2014-02-07 00:08 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\Secunia PSI
2014-02-07 00:07 - 2014-02-07 00:07 - 00000000 ____D () C:\Program Files\Secunia
2014-02-06 23:53 - 2014-02-06 23:53 - 05329480 _____ (Secunia) C:\Users\Ägaren\Downloads\PSISetup.exe
2014-02-06 00:43 - 2014-02-06 00:43 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Nitro
2014-02-06 00:42 - 2014-02-06 00:42 - 00001868 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\ProgramData\Nitro
2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\Program Files\Nitro
2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-06 00:41 - 2014-02-06 00:41 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Downloaded Installations
2014-02-05 13:03 - 2014-02-05 13:03 - 342469326 _____ () C:\Users\Ägaren\Documents\Datorregister_före_borttag_yxan-bibliotek.reg
2014-02-05 12:19 - 2014-02-05 12:19 - 00014088 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP141.SYS
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\abelhadigital.com
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Program Files\HostsMan
2014-02-05 00:37 - 2014-02-05 00:37 - 00000000 ____D () C:\Users\Ägaren\Downloads\rcsetup149
2014-02-04 21:37 - 2014-02-04 21:37 - 02814070 _____ () C:\Users\Ägaren\Downloads\HostsMan_4.3.98_installer.zip
2014-01-31 04:29 - 2014-01-31 04:29 - 00012638 _____ () C:\Users\Ägaren\Desktop\runscanner2.log
2014-01-30 14:52 - 2014-02-07 00:04 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-30 14:52 - 2014-02-06 23:59 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 14:52 - 2014-02-04 10:09 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-30 14:51 - 2014-01-30 14:52 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\Google
2014-01-30 14:51 - 2014-01-30 14:52 - 00000000 ____D () C:\Program Files\Google
2014-01-30 14:50 - 2014-01-30 14:50 - 00819184 _____ (Google Inc.) C:\Users\Ägaren\Downloads\ChromeSetup.exe
2014-01-30 14:23 - 2014-01-30 14:23 - 00448512 _____ (OldTimer Tools) C:\Users\Ägaren\Desktop\TFC.exe
2014-01-30 14:06 - 2014-01-30 14:06 - 00000000 ____D () C:\Program Files\BankID
2014-01-30 13:27 - 2014-01-30 15:03 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\BankID
2014-01-30 13:25 - 2014-01-30 14:04 - 07039632 _____ () C:\Users\Ägaren\Downloads\BankID_installation_5_0_2.exe
2014-01-30 12:53 - 2014-01-31 19:04 - 00001422 _____ () C:\Windows\Sandboxie.ini
2014-01-30 12:53 - 2014-01-30 12:52 - 00000860 _____ () C:\Users\Ägaren\Desktop\Sandlådad Webbläsare.lnk
2014-01-30 12:52 - 2014-01-30 12:52 - 00000000 ____D () C:\Program Files\Sandboxie
2014-01-29 02:06 - 2014-01-29 02:06 - 00006034 _____ () C:\Users\Ägaren\Documents\cc_20140129_020615.reg
2014-01-28 23:33 - 2014-01-28 23:33 - 00000000 ____D () C:\_OTL
2014-01-28 23:29 - 2014-01-28 23:29 - 00054386 _____ () C:\Users\Ägaren\Desktop\OTL.Txt
2014-01-28 01:51 - 2014-01-28 01:51 - 00017782 _____ () C:\Users\Ägaren\Desktop\Extras.Txt
2014-01-28 01:25 - 2014-01-28 01:25 - 00001376 _____ () C:\Users\Ägaren\Desktop\JRT.txt
2014-01-28 01:01 - 2014-01-28 01:01 - 00000000 ____D () C:\Windows\ERUNT
2014-01-27 21:42 - 2014-01-30 17:57 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-01-27 20:30 - 2014-01-27 20:30 - 00118858 _____ () C:\ComboFix.txt
2014-01-27 01:59 - 2014-01-27 02:10 - 00000000 ____D () C:\Program Files\mbar
2014-01-27 00:45 - 2014-01-27 01:34 - 00026624 _____ () C:\Windows\system32\TrueSight.sys
2014-01-26 17:53 - 2014-01-26 18:00 - 00004225 _____ () C:\Users\Ägaren\Desktop\attach.txt
2014-01-26 17:53 - 2014-01-26 17:59 - 00009873 _____ () C:\Users\Ägaren\Desktop\dds.txt
2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ___HD () C:\Windows\PIF
2014-01-21 16:20 - 2014-01-21 16:20 - 00000000 ____D () C:\Windows\CheckSur
2014-01-21 16:17 - 2014-01-21 16:18 - 147445671 _____ () C:\Users\Ägaren\Downloads\Windows6.0-KB947821-v32-x86.msu
2014-01-20 00:29 - 2014-01-20 00:29 - 00013990 _____ () C:\Users\Ägaren\Desktop\runscanner.log
2014-01-19 23:15 - 2014-01-19 23:15 - 00018322 _____ () C:\Users\Ägaren\Documents\cc_20140119_231442_efterSFC_reparation.reg
2014-01-18 13:50 - 2014-01-18 13:50 - 00000000 ___RD () C:\Sandbox
2014-01-16 00:28 - 2014-01-16 00:30 - 98906072 _____ () C:\Windows\MEMORY.DMP
2014-01-10 00:30 - 2014-01-10 00:30 - 00000512 _____ () C:\Users\Ägaren\Desktop\MBR.dat
2014-01-09 23:42 - 2014-01-09 23:42 - 00000114 _____ () C:\local.conf
2014-01-09 23:03 - 2014-01-09 23:03 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.bak
2014-01-09 22:45 - 2014-01-09 23:20 - 00000000 ____D () C:\mbar
2014-01-09 21:42 - 2014-01-27 01:59 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-08 01:32 - 2014-01-30 22:26 - 00053910 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

2014-02-07 00:35 - 2014-02-07 00:34 - 00008673 _____ () C:\Users\Ägaren\Desktop\FRST.txt
2014-02-07 00:34 - 2014-02-07 00:34 - 01037530 _____ (Thisisu) C:\Users\Ägaren\Desktop\JRT.exe
2014-02-07 00:34 - 2014-02-07 00:34 - 00000000 ____D () C:\FRST
2014-02-07 00:33 - 2014-02-07 00:33 - 01166132 _____ () C:\Users\Ägaren\Desktop\AdwCleaner.exe
2014-02-07 00:33 - 2014-02-07 00:33 - 01136640 _____ (Farbar) C:\Users\Ägaren\Desktop\FRST.exe
2014-02-07 00:25 - 2008-01-21 02:35 - 01694665 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 00:20 - 2014-02-07 00:20 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-07 00:20 - 2013-12-29 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-07 00:20 - 2013-12-29 16:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-07 00:13 - 2014-02-07 00:12 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 00:13 - 2013-10-24 10:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-07 00:13 - 2013-10-24 10:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-07 00:08 - 2014-02-07 00:08 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\Secunia PSI
2014-02-07 00:07 - 2014-02-07 00:07 - 00000000 ____D () C:\Program Files\Secunia
2014-02-07 00:04 - 2014-01-30 14:52 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-06 23:59 - 2014-01-30 14:52 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 23:59 - 2013-10-21 11:58 - 00001356 _____ () C:\Users\Ägaren\AppData\Local\d3d9caps.dat
2014-02-06 23:59 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 23:59 - 2006-11-02 13:47 - 00004576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 23:59 - 2006-11-02 13:47 - 00004576 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 23:58 - 2006-11-02 14:01 - 00032522 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-06 23:53 - 2014-02-06 23:53 - 05329480 _____ (Secunia) C:\Users\Ägaren\Downloads\PSISetup.exe
2014-02-06 12:43 - 2013-11-10 06:14 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Nitro PDF
2014-02-06 00:43 - 2014-02-06 00:43 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Nitro
2014-02-06 00:42 - 2014-02-06 00:42 - 00001868 _____ () C:\Users\Public\Desktop\Nitro Reader.lnk
2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\ProgramData\Nitro
2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\Program Files\Nitro
2014-02-06 00:42 - 2014-02-06 00:42 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-06 00:41 - 2014-02-06 00:41 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Downloaded Installations
2014-02-05 13:03 - 2014-02-05 13:03 - 342469326 _____ () C:\Users\Ägaren\Documents\Datorregister_före_borttag_yxan-bibliotek.reg
2014-02-05 12:19 - 2014-02-05 12:19 - 00014088 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP141.SYS
2014-02-05 12:12 - 2013-12-28 00:28 - 00000000 ____D () C:\Program Files\SysInternals
2014-02-05 01:20 - 2006-11-02 11:23 - 00569258 _____ () C:\Windows\system32\Drivers\etc\HOSTS.bak
2014-02-05 00:58 - 2013-11-12 13:15 - 00000000 ____D () C:\Users\Ägaren\Desktop\gäster
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\abelhadigital.com
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2014-02-05 00:40 - 2014-02-05 00:40 - 00000000 ____D () C:\Program Files\HostsMan
2014-02-05 00:37 - 2014-02-05 00:37 - 00000000 ____D () C:\Users\Ägaren\Downloads\rcsetup149
2014-02-04 21:37 - 2014-02-04 21:37 - 02814070 _____ () C:\Users\Ägaren\Downloads\HostsMan_4.3.98_installer.zip
2014-02-04 19:30 - 2013-10-23 22:53 - 00000000 ____D () C:\Users\Ägaren\Documents\NSS
2014-02-04 10:09 - 2014-01-30 14:52 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 13:04 - 2008-01-21 07:21 - 01530984 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-03 13:04 - 2008-01-21 07:21 - 00631342 _____ () C:\Windows\system32\perfh01D.dat
2014-02-03 13:04 - 2008-01-21 07:21 - 00134628 _____ () C:\Windows\system32\perfc01D.dat
2014-01-31 19:04 - 2014-01-30 12:53 - 00001422 _____ () C:\Windows\Sandboxie.ini
2014-01-31 04:29 - 2014-01-31 04:29 - 00012638 _____ () C:\Users\Ägaren\Desktop\runscanner2.log
2014-01-31 02:50 - 2013-10-27 00:47 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\NVIDIA Corporation
2014-01-31 02:31 - 2013-10-22 09:10 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\Adobe
2014-01-30 22:26 - 2014-01-08 01:32 - 00053910 _____ () C:\Windows\PFRO.log
2014-01-30 17:57 - 2014-01-27 21:42 - 00000510 _____ () C:\Windows\WORDPAD.INI
2014-01-30 15:03 - 2014-01-30 13:27 - 00000000 ____D () C:\Users\Ägaren\AppData\Roaming\BankID
2014-01-30 14:52 - 2014-01-30 14:51 - 00000000 ____D () C:\Users\Ägaren\AppData\Local\Google
2014-01-30 14:52 - 2014-01-30 14:51 - 00000000 ____D () C:\Program Files\Google
2014-01-30 14:50 - 2014-01-30 14:50 - 00819184 _____ (Google Inc.) C:\Users\Ägaren\Downloads\ChromeSetup.exe
2014-01-30 14:23 - 2014-01-30 14:23 - 00448512 _____ (OldTimer Tools) C:\Users\Ägaren\Desktop\TFC.exe
2014-01-30 14:06 - 2014-01-30 14:06 - 00000000 ____D () C:\Program Files\BankID
2014-01-30 14:04 - 2014-01-30 13:25 - 07039632 _____ () C:\Users\Ägaren\Downloads\BankID_installation_5_0_2.exe
2014-01-30 12:52 - 2014-01-30 12:53 - 00000860 _____ () C:\Users\Ägaren\Desktop\Sandlådad Webbläsare.lnk
2014-01-30 12:52 - 2014-01-30 12:52 - 00000000 ____D () C:\Program Files\Sandboxie
2014-01-29 12:37 - 2013-11-10 01:19 - 00000000 ____D () C:\Users\Ägaren\Desktop\Säkerhetloggar
2014-01-29 02:06 - 2014-01-29 02:06 - 00006034 _____ () C:\Users\Ägaren\Documents\cc_20140129_020615.reg
2014-01-28 23:33 - 2014-01-28 23:33 - 00000000 ____D () C:\_OTL
2014-01-28 23:29 - 2014-01-28 23:29 - 00054386 _____ () C:\Users\Ägaren\Desktop\OTL.Txt
2014-01-28 01:51 - 2014-01-28 01:51 - 00017782 _____ () C:\Users\Ägaren\Desktop\Extras.Txt
2014-01-28 01:25 - 2014-01-28 01:25 - 00001376 _____ () C:\Users\Ägaren\Desktop\JRT.txt
2014-01-28 01:01 - 2014-01-28 01:01 - 00000000 ____D () C:\Windows\ERUNT
2014-01-27 23:53 - 2013-12-28 16:23 - 01543208 _____ (BillP Studios) C:\Users\Ägaren\Downloads\wpsetup.exe
2014-01-27 20:30 - 2014-01-27 20:30 - 00118858 _____ () C:\ComboFix.txt
2014-01-27 20:30 - 2013-11-10 00:40 - 00000000 ____D () C:\Qoobox
2014-01-27 20:26 - 2013-11-10 00:40 - 00000000 ____D () C:\Windows\erdnt
2014-01-27 20:26 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-01-27 02:10 - 2014-01-27 01:59 - 00000000 ____D () C:\Program Files\mbar
2014-01-27 02:10 - 2013-10-27 20:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-27 01:59 - 2014-01-09 21:42 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-27 01:34 - 2014-01-27 00:45 - 00026624 _____ () C:\Windows\system32\TrueSight.sys
2014-01-26 18:00 - 2014-01-26 17:53 - 00004225 _____ () C:\Users\Ägaren\Desktop\attach.txt
2014-01-26 17:59 - 2014-01-26 17:53 - 00009873 _____ () C:\Users\Ägaren\Desktop\dds.txt
2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ___HD () C:\Windows\PIF
2014-01-21 16:20 - 2014-01-21 16:20 - 00000000 ____D () C:\Windows\CheckSur
2014-01-21 16:18 - 2014-01-21 16:17 - 147445671 _____ () C:\Users\Ägaren\Downloads\Windows6.0-KB947821-v32-x86.msu
2014-01-20 00:29 - 2014-01-20 00:29 - 00013990 _____ () C:\Users\Ägaren\Desktop\runscanner.log
2014-01-20 00:05 - 2013-11-10 05:04 - 00000000 ____D () C:\Users\Ägaren\Downloads\tdsskiller
2014-01-19 23:15 - 2014-01-19 23:15 - 00018322 _____ () C:\Users\Ägaren\Documents\cc_20140119_231442_efterSFC_reparation.reg
2014-01-19 08:32 - 2013-10-21 17:01 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 13:50 - 2014-01-18 13:50 - 00000000 ___RD () C:\Sandbox
2014-01-16 00:30 - 2014-01-16 00:28 - 98906072 _____ () C:\Windows\MEMORY.DMP
2014-01-15 17:17 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-01-15 12:00 - 2013-10-21 14:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 11:57 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-10 00:30 - 2014-01-10 00:30 - 00000512 _____ () C:\Users\Ägaren\Desktop\MBR.dat
2014-01-09 23:42 - 2014-01-09 23:42 - 00000114 _____ () C:\local.conf
2014-01-09 23:20 - 2014-01-09 22:45 - 00000000 ____D () C:\mbar
2014-01-09 23:03 - 2014-01-09 23:03 - 00104664 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.bak
2014-01-09 09:05 - 2013-11-19 08:35 - 00000000 ____D () C:\d15589df13cecc159ee0
2014-01-09 00:02 - 2013-12-14 19:18 - 00000000 ____D () C:\Program Files\Lavasoft
2014-01-08 02:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-01-08 02:03 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\RootkitRevealer.exe
2014-01-08 02:03 - 2006-07-28 08:32 - 00007005 _____ () C:\Program Files\Eula.txt
2014-01-08 02:03 - 2005-12-07 14:19 - 00102160 _____ () C:\Program Files\RootkitRevealer.chm

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-07 00:05

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-02-2014
Ran by Ägaren at 2014-02-07 00:35:51
Running from C:\Users\Ägaren\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated) <==== ATTENTION
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated) <==== ATTENTION
BankID säkerhetsprogram (Version: 5.0.2.10 - Finansiell ID-Teknik BID AB) <==== ATTENTION
Belarc Advisor 8.4 (Version: 8.4.0.0 - Belarc Inc.) <==== ATTENTION
CCleaner (Version: 4.04 - Piriform) <==== ATTENTION
Exterminate It! (Version: 2.12.11.11 - CURIOLAB S.M.B.A.) <==== ATTENTION
Google Chrome (Version: 32.0.1700.107 - Google Inc.) <==== ATTENTION
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden <==== ATTENTION
HostsMan 4.3.98 (Version: 4.3.98.0 - abelhadigital.com) <==== ATTENTION
Intel(R) Matrix Storage Manager (Version: - ) <==== ATTENTION
Java 7 Update 45 (Version: 7.0.450 - Oracle) <==== ATTENTION
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden <==== ATTENTION
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) <==== ATTENTION
Microsoft .NET Framework 3.5 Language Pack SP1 - sve (Version: 3.5.30729 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) <==== ATTENTION
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft .NET Framework 4.5.1 (SVE) (Version: 4.5.50938 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft .NET Framework 4.5.1 (svenska) (Version: 4.5.50938 - Microsoft Corporation) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) <==== ATTENTION
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06 - Motorola Inc) <==== ATTENTION
Mozilla Firefox 27.0 (x86 sv-SE) (Version: 27.0 - Mozilla) <==== ATTENTION
Mozilla Maintenance Service (Version: 27.0 - Mozilla) <==== ATTENTION
NirSoft BlueScreenView (Version: - ) <==== ATTENTION
Nitro Reader 3 (Version: 3.5.2.10 - Nitro) <==== ATTENTION
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix (Version: 2.0 Pre-Release-06 Bugfix - Manfred Jaider) <==== ATTENTION
NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation) <==== ATTENTION
OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation) <==== ATTENTION
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden <==== ATTENTION
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek) <==== ATTENTION
Realtek High Definition Audio Driver (Version: 6.0.1.5413 - Realtek Semiconductor Corp.) <==== ATTENTION
Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group) <==== ATTENTION
Sandboxie 4.08 (32-bit) (Version: 4.08 - Sandboxie Holdings, LLC) <==== ATTENTION
Secunia PSI (3.0.0.9016) (Version: 3.0.0.9016 - Secunia) <==== ATTENTION
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve (Version: - Microsoft Corporation) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) <==== ATTENTION
WinPatrol (Version: 29.2.2013 - BillP Studios) <==== ATTENTION

==================== Restore Points =========================

08-01-2014 11:47:32 Windows Update
09-01-2014 07:57:39 Före körning av RoqueKiller och borttag av Recycle(19).Bin26/11
12-01-2014 16:20:08 Windows Update
12-01-2014 17:43:38 Revo Uninstaller's restore point - Prevx
15-01-2014 10:57:23 Windows Update
19-01-2014 13:48:43 Windows Update
20-01-2014 16:08:53 Windows Update
21-01-2014 13:13:33 Schemalagd kontrollpunkt
21-01-2014 14:08:27 Installationsprogram för Windows-moduler
21-01-2014 14:46:55 Före fix av Windows-funktioner
21-01-2014 15:19:47 Windows Update
24-01-2014 17:23:24 Schemalagd kontrollpunkt
24-01-2014 18:58:36 Windows Update
27-01-2014 00:54:38 Före MBAR Root-kit
27-01-2014 22:28:40 Windows Update
29-01-2014 02:54:38 Schemalagd kontrollpunkt
30-01-2014 11:26:27 Revo Uninstaller's restore point - Sandboxie 4.06 (32-bit)
30-01-2014 12:27:09 Installerad BankID säkerhetsprogram.
30-01-2014 12:57:32 Revo Uninstaller's restore point - BankID säkerhetsprogram
30-01-2014 12:57:45 Borttagen BankID säkerhetsprogram.
30-01-2014 12:59:30 Revo Uninstaller's restore point - BankID säkerhetsprogram
30-01-2014 12:59:49 Borttagen BankID säkerhetsprogram.
30-01-2014 13:05:51 Installerad BankID säkerhetsprogram.
31-01-2014 01:44:53 Borttagning av diverse Yxan filer samt Iconcache rebuild
31-01-2014 10:45:03 Windows Update
01-02-2014 13:07:12 Schemalagd kontrollpunkt
03-02-2014 16:07:14 Windows Update
04-02-2014 22:57:15 Före borttag av dir Yxan och kopiering av register
05-02-2014 23:42:05 Installed Nitro Reader 3
06-02-2014 23:11:19 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2014-02-05 10:06 - 00569258 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 cms.ad2click.nl
127.0.0.1 ad2games.com
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 banner.ad.nu
127.0.0.1 cl21.v4.adaction.se
127.0.0.1 adadvisor.net

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4224992F-B5C2-43C9-9AA7-C2A6EEB73FDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {5A67B50A-6DE3-4F7E-B6EA-96286A244AB8} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {B4EEDE00-AD51-4C9F-B202-7DA125875F30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
Task: {CC05A601-FA82-49B7-A30F-C84CEE8B10E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F9ECD9AC-D1CB-496E-9A59-593AFA1C9296} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-28 18:03 - 2013-07-15 18:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:37 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:36 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:36 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:36 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:36 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (02/06/2014 00:40:35 AM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1.
Den beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.


System errors:
=============
Error: (02/07/2014 00:01:23 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

Error: (02/07/2014 00:01:23 AM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058

Error: (02/07/2014 00:01:23 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/06/2014 11:46:06 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

Error: (02/06/2014 05:04:36 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

Error: (02/06/2014 05:04:36 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058

Error: (02/06/2014 05:04:36 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/06/2014 05:03:12 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\mobsync.exe -Embedding2{6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (02/06/2014 10:43:41 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1058

Error: (02/06/2014 10:43:41 AM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058


Microsoft Office Sessions:
=========================
Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:37 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:36 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

Error: (02/06/2014 00:40:35 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL


CodeIntegrity Errors:
===================================
Date: 2014-02-07 00:35:45.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-07 00:35:45.306
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-07 00:35:45.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-07 00:35:44.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-07 00:35:44.698
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-07 00:35:44.588
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-07 00:35:44.401
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-07 00:35:44.292
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-06 11:10:57.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-02-06 11:10:57.078
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 2045.7 MB
Available physical RAM: 1138.23 MB
Total Pagefile: 4328.41 MB
Available Pagefile: 3503.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:140.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Ny volym) (Fixed) (Total:37.57 GB) (Free:37.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: C92722F4)
Partition 1: (Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=38 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 514 MB) (Disk ID: 61F6E521)
Partition 1: (Not Active) - (Size=513 MB) - (Type=0B)

==================== End Of Log ============================


The meaning of "Attention" in log?

I disabled quite a few services; Errors on log:

1. Remote Access Connection Mgr (do not use VPN)
2. UPnP-service for the moment disabled
3. Parallel-port driver?(no idea! error at every boot)
4. Mobsync.exe file renamed (until problems solved)

5. Maybe I should re-install Malware-bytes(mbamchameleon.sys)?
(Code Integrity Error)
6. MS Office Session-problem!( have no idea)MFC80U.DLL
Strange! I don´t use MS Office. I use Open Office!
 
Shall I upload the file for a check next time it shows up?
Yes. Upload it here: https://www.virustotal.com/ for security check.

How about "setting.dat"?
There is no way we can manually check every file on your computer.
We use scanning tools for that.

The meaning of "Attention" in log?
It's a bug in FRST newest version.
I already reported it to the tool's author.

As in your other topics I don't see anything malicious.

Said that you must pursue any existing issues in Windows forum.
 
p22003888.gif
 
Back