Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018 Ran by jan (administrator) on JAN-DATOR (01-07-2018 11:37:05) Running from C:\Users\jan\Desktop Loaded Profiles: jan (Available Profiles: jan) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Svenska (Sverige) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Prolific Technology Inc.) C:\WINDOWS\System32\IoctlSvc.exe (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe () C:\Program Files\NETGEAR\WG111v3\WG111v3.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\WINDOWS\System32\conime.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-10] (AVAST Software) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company) HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk [2010-08-27] ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=84&bd=Presario&pf=cndt HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=84&bd=Presario&pf=cndt HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://se.altavista.com/ HKU\S-1-5-21-4037423344-1165896761-4045062565-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=84&bd=Presario&pf=cndt SearchScopes: HKLM -> {0F14F4D6-62A4-49BE-BAEB-566AB17935B6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se SearchScopes: HKLM -> {60463A28-9362-445C-BD31-DC1ED8320EF3} URL = hxxp://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934 SearchScopes: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000 -> DefaultScope {0F14F4D6-62A4-49BE-BAEB-566AB17935B6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se SearchScopes: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000 -> {0F14F4D6-62A4-49BE-BAEB-566AB17935B6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1222&query={searchTerms}&invocationType=tb50hpcndtie7-sv-se SearchScopes: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000 -> {60463A28-9362-445C-BD31-DC1ED8320EF3} URL = hxxp://se.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913934 BHO: Länkhjälp till Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-10] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-09-10] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-10] (Oracle Corporation) BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.) Toolbar: HKU\S-1-5-21-4037423344-1165896761-4045062565-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_73-windows-i586.cab DPF: {CAFEEFAC-0018-0000-0073-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_73-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_73-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-29] [Legacy] [not signed] FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-08-25] (DivX,Inc.) FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-10] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-04] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-04] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "" CHR DefaultSearchKeyword: Default -> conduit.search CHR Profile: C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default [2007-01-02] CHR Extension: (Battlefield Heroes) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-04-04] CHR Extension: (Betalning via Chrome Web Store) - C:\Users\jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-22] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-20] (Adobe Systems Incorporated) [File not signed] S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5830352 2017-09-10] (AVAST Software s.r.o.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-10] (AVAST Software) S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] S4 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-02] (Hewlett-Packard) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed] R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [267520 2017-09-10] (AVAST Software s.r.o.) R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [157416 2017-09-10] (AVAST Software s.r.o.) R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [276736 2017-09-10] (AVAST Software s.r.o.) R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [50384 2017-09-10] (AVAST Software s.r.o.) S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [42856 2017-09-10] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [39784 2017-09-10] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [124952 2017-09-10] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [70112 2017-09-10] (AVAST Software) R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [70864 2017-09-10] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [773800 2017-09-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [500136 2017-09-10] (AVAST Software) S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [202712 2017-09-10] (AVAST Software) R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [296192 2017-09-26] (AVAST Software) S3 RTL8187B; C:\Windows\System32\DRIVERS\wg111v3.sys [227328 2007-04-23] (NETGEAR Inc. ) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-01 12:05 - 2018-07-01 12:05 - 000001668 _____ C:\Users\Public\Desktop\Defraggler.lnk 2018-07-01 12:05 - 2018-07-01 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler 2018-07-01 12:04 - 2018-07-01 12:07 - 000000000 ____D C:\Program Files\Defraggler 2018-07-01 11:52 - 2018-07-01 11:44 - 006404096 _____ (Piriform Ltd) C:\Users\jan\Desktop\dfsetup222.exe 2018-07-01 11:36 - 2018-07-01 12:44 - 000013077 _____ C:\Users\jan\Desktop\FRST.txt 2018-07-01 11:15 - 2018-06-29 22:39 - 000602112 _____ (OldTimer Tools) C:\Users\jan\Desktop\OTL.exe 2018-07-01 11:15 - 2018-06-29 22:37 - 001773056 _____ (Farbar) C:\Users\jan\Desktop\FRST.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-01 11:36 - 2007-01-01 06:53 - 000000000 ____D C:\FRST 2018-07-01 10:57 - 2006-11-02 14:47 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2018-07-01 10:57 - 2006-11-02 14:47 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 ==================== Files in the root of some directories ======= 2013-07-21 09:52 - 2013-07-23 18:33 - 095023320 ____T () C:\ProgramData\4039.pad 2011-03-15 20:36 - 2011-10-16 12:41 - 000000032 _____ () C:\Program Files\plugins-04041e-1f8.dat 2011-03-10 21:38 - 2016-03-23 16:59 - 000000168 _____ () C:\Users\jan\AppData\Roaming\default.pls 2013-01-27 07:33 - 2013-01-27 07:33 - 000138056 _____ () C:\Users\jan\AppData\Roaming\PnkBstrK.sys 2012-01-30 17:58 - 2014-03-23 11:34 - 000001424 _____ () C:\Users\jan\AppData\Roaming\wklnhst.dat 2010-08-27 20:05 - 2016-03-19 11:26 - 000001356 _____ () C:\Users\jan\AppData\Local\d3d9caps.dat 2010-10-17 16:03 - 2007-01-01 22:11 - 000061952 _____ () C:\Users\jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== 2014-01-13 15:08 - 2010-10-17 14:04 - 000876824 _____ (DivX, Inc. ) C:\Users\jan\AppData\Local\Temp\DivXSetup.exe 2015-04-13 18:25 - 2015-04-13 18:25 - 000938408 _____ (Oracle Corporation) C:\Users\jan\AppData\Local\Temp\jre-7u79-windows-i586-iftw.exe 2017-09-10 16:32 - 2017-09-10 16:32 - 000740416 _____ (Oracle Corporation) C:\Users\jan\AppData\Local\Temp\jre-8u144-windows-au.exe 2016-01-30 10:10 - 2016-01-30 10:10 - 000736352 _____ (Oracle Corporation) C:\Users\jan\AppData\Local\Temp\jre-8u73-windows-au.exe 2013-09-12 11:12 - 2013-09-12 11:12 - 001130576 _____ (BitTorrent Inc.) C:\Users\jan\AppData\Local\Temp\utt2C4F.tmp.exe 2016-08-28 19:52 - 2016-08-28 19:53 - 030533688 _____ () C:\Users\jan\AppData\Local\Temp\vlc-2.2.4-win32.exe 2013-12-25 13:50 - 2013-12-25 13:51 - 000000000 _____ () C:\Users\jan\AppData\Local\Temp\{061E02C4-2B46-4B20-8E65-635B5F625BAB}-31.0.1650.63_chrome_installer.exe 2016-02-18 07:08 - 2016-02-18 07:08 - 044333984 _____ (Google Inc.) C:\Users\jan\AppData\Local\Temp\{0DEC1F2B-C9E7-41FC-A678-85AAC728970E}-48.0.2564.116_chrome_installer.exe 2013-11-17 14:38 - 2013-11-17 14:38 - 000000000 _____ () C:\Users\jan\AppData\Local\Temp\{1D90AA27-9E86-4E5F-88D2-86118533E1B4}-31.0.1650.57_chrome_installer.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2007-01-02 15:45 ==================== End of FRST.txt ============================