Solved Problem with ads...?

[Solved] Problem with ads...?

Hi!
I don’t know if this a virus, malware, Firefox problem or Windows 8
So I post under Win 8 and hopefully some of You is kind enough to tell me where to post it…?

I have problem with "ads" in Fire Fox (as far as I know, because it’s the only browser I use). I have blocked Flash player, popup windows, anything I could find, actually.
It made it little better, but there is still empty squares everywhere and some darker squares popping up here and there. Some links show different ads and when clicking in to a writing box some other tab pops up… annoying as H…

I’ve installed Ad Fender and Adw Cleaner.
Ad Fender removes cookies, but they keep coming back.
These two more often than others.
lfxiq.com
visadd.com

Adw Cleaner tells me something is rewriting these registry posts.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63649;hxxps=127.0.0.1:63649
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

svchost.exe constantly opens and closes TCP/IP connection, don’t know if it’s relevant in this case… but hey, I’m not an expert
(I see this in System Explorer, a little useful program I’ve installed)

Furthermore, something interrupts the screensaver (Running text, time. nothing fancy)
Haven’t been able pinpoint it on any program… may not be relevant, but just in case.

Well this is as far as my knowledge of computers takes me….
Anybody who knows anything new for me try out ???

 

Hi

...and thanks for so quick replay.

So, it's a virus/malware problem... hmm, good to know

The logs are apearantly too long so I'll have to chop them up, hopefully I didn't miss anything.

Part1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Sven (administrator) on REBEL on 19-05-2015 22:55:34
Running from C:\Users\Sven\Downloads\2015-05-18
Loaded Profiles: Sven (Available profiles: Sven)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\ssText3d.scr
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Finansiell ID-Teknik BID AB) C:\Program Files (x86)\BankID\BankID.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391712 2015-04-20] (Mister Group)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Google Update] => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-27] (Google Inc.)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Google+ Auto Backup] => C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [217088 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-05-17]
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2015-05-12] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:63649;https=127.0.0.1:63649
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> {921A0D4E-2819-48BF-BBCC-D66854E89525} URL = https://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 213.248.100.54 213.248.83.34

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default
FF DefaultSearchEngine: Google dot com
FF Homepage: https://www.google.com/ncr
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.4.0.22 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-01-20] (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2477815455-1767793343-2609628209-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2477815455-1767793343-2609628209-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\searchplugins\google-dot-com.xml [2015-01-27]
FF Extension: Widevine Media Optimizer - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-12-24]
FF Extension: FT DeepDark - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-04-15]
FF Extension: 95322c0805ff4f3c85fd8ceb821988dd - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd} [2015-05-16]
FF Extension: Adblock Plus - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-18]

 

Hi

…and thanks for the quick replay!
So it’s a virus/malware problem U say, well I guess it’s good to know what it is

To copy in all the text from the FRST64.exe has proven to be a bit difficult and in case there is more than one replay with the same info, well, sorry about that. Did as best as I could.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Sven (administrator) on REBEL on 19-05-2015 22:55:34
Running from C:\Users\Sven\Downloads\2015-05-18
Loaded Profiles: Sven (Available profiles: Sven)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(AdFender, Inc.) C:\Program Files (x86)\AdFender\AdFender.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\ssText3d.scr
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Finansiell ID-Teknik BID AB) C:\Program Files (x86)\BankID\BankID.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391712 2015-04-20] (Mister Group)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Google Update] => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-27] (Google Inc.)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Google+ Auto Backup] => C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [217088 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-05-17]
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2015-05-12] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)

 

Part 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:63649;https=127.0.0.1:63649
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> {921A0D4E-2819-48BF-BBCC-D66854E89525} URL = https://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 213.248.100.54 213.248.83.34

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default
FF DefaultSearchEngine: Google dot com
FF Homepage: https://www.google.com/ncr
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.4.0.22 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-01-20] (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2477815455-1767793343-2609628209-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2477815455-1767793343-2609628209-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\searchplugins\google-dot-com.xml [2015-01-27]
FF Extension: Widevine Media Optimizer - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-12-24]
FF Extension: FT DeepDark - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-04-15]
FF Extension: 95322c0805ff4f3c85fd8ceb821988dd - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd} [2015-05-16]
FF Extension: Adblock Plus - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-18]

Chrome:
=======
CHR Profile: C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

Opera:
=======
OPR Extension: (bmihblnpomgpjkfddepdpdafhhepdbek) - C:\Users\Sven\AppData\Roaming\Opera Software\Opera Stable\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2015-05-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices)
S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2014-02-21] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2014-02-21] (Windows (R) Win 7 DDK provider)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2014-01-19] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 s1039bus; C:\Windows\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\system32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\system32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\system32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\system32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\system32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-05] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-05] (Synaptics Incorporated)
R3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-28] (Todos Data System AB)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 22:55 - 2015-05-19 22:55 - 00000000 ____D () C:\FRST
2015-05-19 22:48 - 2015-05-19 22:55 - 00000000 ____D () C:\Users\Sven\Downloads\2015-05-18
2015-05-18 11:47 - 2015-05-18 11:48 - 12914632 _____ () C:\Users\Sven\Downloads\bankid_installation.exe
2015-05-17 17:22 - 2015-05-19 16:39 - 00000000 ____D () C:\AdwCleaner
2015-05-17 16:55 - 2015-05-17 16:56 - 00000000 ____D () C:\Users\Sven\AppData\Local\AdFender
2015-05-17 16:55 - 2015-05-17 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
2015-05-17 16:55 - 2015-05-17 16:55 - 00000000 ____D () C:\ProgramData\AdFender
2015-05-17 16:55 - 2015-05-17 16:55 - 00000000 ____D () C:\Program Files (x86)\AdFender
2015-05-17 16:53 - 2015-05-17 17:21 - 00000000 ____D () C:\Users\Sven\Downloads\2015-05-17
2015-05-17 08:40 - 2015-05-17 08:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 02:58 - 2015-05-13 02:58 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-05-13 02:56 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:56 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:44 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 02:44 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 02:44 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 02:44 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 02:44 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 02:44 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 02:44 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 02:44 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 02:44 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 02:44 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 02:44 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 02:44 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 02:44 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 02:44 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 02:44 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 02:44 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 02:44 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 02:44 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 02:44 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 02:44 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 02:44 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 02:44 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 02:44 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 02:44 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 02:44 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 02:44 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 02:44 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 02:44 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 02:44 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 02:44 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 02:44 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 02:44 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 02:44 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 02:44 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 02:44 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 02:44 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 02:44 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 02:44 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 02:44 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 02:44 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 02:44 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 02:44 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 02:44 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 02:44 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 02:44 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 02:44 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 02:44 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 02:44 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 02:44 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 02:44 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 12:20 - 2015-05-12 12:20 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Opera Software
2015-05-12 12:20 - 2015-05-12 12:20 - 00000000 ____D () C:\Users\Sven\AppData\Local\Opera Software
2015-05-12 12:18 - 2015-05-12 12:23 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-12 12:17 - 2015-05-12 12:29 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-12 12:12 - 2015-05-12 12:12 - 00594984 _____ () C:\Users\Sven\Downloads\setup.exe
2015-05-06 20:19 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-06 09:05 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-06 09:05 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-29 21:24 - 2015-04-29 21:43 - 00000000 ____D () C:\ProgramData\SystemExplorer
2015-04-29 21:24 - 2015-04-29 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-04-29 21:24 - 2015-04-29 21:24 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2015-04-29 21:22 - 2015-04-29 21:22 - 01918240 _____ (Mister Group ) C:\Users\Sven\Downloads\SystemExplorerSetup_641.exe
2015-04-29 20:50 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-29 20:50 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-29 20:50 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-04-29 12:27 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-04-29 12:27 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-04-29 12:27 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-04-29 12:27 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-04-29 12:27 - 2015-03-13 01:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-21 19:55 - 2015-03-17 18:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-21 19:55 - 2015-03-09 03:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-04-21 19:55 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-04-21 19:55 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-21 19:55 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-21 19:54 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-04-21 19:54 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-04-21 19:54 - 2015-03-13 05:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-21 19:54 - 2015-03-13 05:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-21 19:54 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-21 19:54 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-04-21 19:54 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-04-21 19:54 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-04-21 19:54 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-04-21 19:54 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-04-21 19:54 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-04-21 19:54 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

 

Part 3

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-19 22:56 - 2014-06-27 17:26 - 00001012 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002UA.job
2015-05-19 22:45 - 2014-05-03 13:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-19 22:41 - 2014-01-18 05:41 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-19 17:56 - 2014-06-27 17:26 - 00000960 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002Core.job
2015-05-19 16:40 - 2014-01-21 02:48 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ClassicShell
2015-05-19 13:48 - 2013-08-08 18:45 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-05-19 13:48 - 2013-08-08 18:45 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-05-19 13:48 - 2013-06-07 09:40 - 00001017 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-05-19 11:08 - 2014-01-18 19:10 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for REBEL-Sven Rebel
2015-05-19 10:20 - 2014-01-18 07:53 - 01575625 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-19 10:14 - 2014-01-18 17:12 - 00000000 __RDO () C:\Users\Sven\SkyDrive
2015-05-19 10:14 - 2014-01-18 05:41 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 22:55 - 2014-05-27 14:30 - 00000274 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-05-18 06:41 - 2014-01-19 06:20 - 00003152 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForSven
2015-05-18 06:41 - 2014-01-19 06:20 - 00000340 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForSven.job
2015-05-17 17:58 - 2013-12-25 12:16 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2477815455-1767793343-2609628209-1002
2015-05-17 17:47 - 2014-09-22 05:18 - 00016137 _____ () C:\WINDOWS\setupact.log
2015-05-17 17:47 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-17 17:46 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-17 17:25 - 2014-01-09 15:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 05:13 - 2014-04-11 11:36 - 00000000 ___RD () C:\Users\Sven\Desktop\Temp
2015-05-15 18:32 - 2014-01-18 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-15 18:32 - 2014-01-18 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-05-15 17:51 - 2014-06-27 17:26 - 00003956 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002UA
2015-05-15 17:51 - 2014-06-27 17:26 - 00003576 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002Core
2015-05-15 06:36 - 2014-01-18 05:41 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 06:36 - 2014-01-18 05:41 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 04:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-13 03:02 - 2014-01-20 23:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:02 - 2013-11-14 05:34 - 00085252 _____ () C:\WINDOWS\PFRO.log
2015-05-13 03:02 - 2013-08-22 15:44 - 00591576 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 03:01 - 2014-01-20 23:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 02:58 - 2014-02-28 01:35 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 02:57 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-13 02:56 - 2014-01-17 23:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 02:51 - 2014-01-17 23:24 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 02:50 - 2014-03-15 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 02:46 - 2013-11-14 13:29 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 12:34 - 2014-02-28 01:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-09 23:47 - 2013-12-25 12:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-05 18:59 - 2014-08-14 23:04 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 18:59 - 2014-08-14 23:04 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-29 12:43 - 2014-11-16 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram
2015-04-29 12:43 - 2014-11-16 10:01 - 00000000 ____D () C:\Program Files (x86)\BankID
2015-04-29 12:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-21 20:54 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-21 19:56 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2014-04-17 14:54 - 2014-10-14 23:11 - 0009216 _____ () C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-21 13:34 - 2014-07-12 09:29 - 0007607 _____ () C:\Users\Sven\AppData\Local\Resmon.ResmonCfg
2014-12-30 18:16 - 2014-12-30 18:16 - 0000005 _____ () C:\ProgramData\RICOH Aficio SP 100 DDSTMonSet.bin
2014-12-30 18:14 - 2014-12-30 18:16 - 0000273 _____ () C:\ProgramData\RICOH Aficio SP 100 DDSTSDCREG.ini

Some content of TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\7099.exe
C:\Users\Sven\AppData\Local\Temp\7442.exe
C:\Users\Sven\AppData\Local\Temp\8229.exe
C:\Users\Sven\AppData\Local\Temp\Extract.exe
C:\Users\Sven\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\Sven\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Sven\AppData\Local\Temp\nsaA370.exe
C:\Users\Sven\AppData\Local\Temp\pcspeedup.exe
C:\Users\Sven\AppData\Local\Temp\SaveSenseUpdateVer.exe
C:\Users\Sven\AppData\Local\Temp\Setup-1-.exe
C:\Users\Sven\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\Sven\AppData\Local\Temp\supoptsetup.exe
C:\Users\Sven\AppData\Local\Temp\SymCCIS.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-17 17:58

==================== End Of Log ============================

 

part 4

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Sven at 2015-05-19 22:56:38
Running from C:\Users\Sven\Downloads\2015-05-18
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2477815455-1767793343-2609628209-500 - Administrator - Disabled)
Guest (S-1-5-21-2477815455-1767793343-2609628209-501 - Limited - Disabled)
Sven (S-1-5-21-2477815455-1767793343-2609628209-1002 - Administrator - Enabled) => C:\Users\Sven

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Free (HKLM-x32\...\ACDSee Free) (Version: 1.0.18 - ACD Systems International Inc.)
AdFender (HKLM-x32\...\AdFender) (Version: 1.83 - AdFender, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{DEC772E6-D0C7-9964-5D30-DEC57EF1B26F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.0.2.10 - Finansiell ID-Teknik BID AB)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.4.0.22 - Finansiell ID-Teknik BID AB)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Handelsbanken kortläsare (HKLM-x32\...\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}) (Version: 1.00.0000 - Todos Data System AB)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\HPConnectedMusic) (Version: 1.1 (build 87) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Media Go (HKLM-x32\...\{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}) (Version: 1.4.269 - Sony)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Svenska (HKLM-x32\...\{90150000-001F-041D-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.02.00076 - Sony Computer Entertainment Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{931210CE-36BC-BB05-9559-D2320932312E}) (Version: 11.0.738.3 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.27.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
RealWorld Cursor Editor (HKLM-x32\...\{25A344BB-378D-4E51-9A39-780755012B2D}) (Version: 13.1.0 - RealWorld Graphics)
RealWorld Paint (HKLM-x32\...\{B6694991-632B-4DA4-B636-58A862645144}) (Version: 13.1.0 - RealWorld Graphics)
RealWorld Photos (HKLM-x32\...\{3CBCB219-8137-4FA6-B13B-BA4F83F22D4E}) (Version: 13.1.0 - RealWorld Graphics)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skypeâ„¢ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Organizing Monitor (HKLM-x32\...\{E4094BC9-2554-4E57-B4A0-8584DC433895}) (Version: 1.00.0000 - RICOH)
Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
System Explorer 6.4.1 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

29-04-2015 21:31:25 Removed CCC Help Korean
06-05-2015 09:05:51 Windows Update
13-05-2015 02:45:06 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B9D29B3-5190-4F4A-86E7-F89F8FFD40DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0E0B78AF-541A-4D47-B62A-DE786E9ADB1C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {30B3FAA1-AC19-425E-B2F3-FFC862B46ED2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {348EE623-BABC-4095-B93F-BE3267C4301F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {3D3D7E08-C390-4963-9783-64CA99F502F4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {410FE59E-1BCC-40D1-9485-36D989F765CD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {50CEBFFF-6542-4971-8017-D7D9B6C814E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {5195ABF0-E5BE-4B35-9ABB-75D888B39C30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002Core => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
Task: {51EE453B-6DDA-498B-906B-7399224E6D43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {5500BF2E-D2D8-427E-835D-54A87152B038} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {5AC7C619-C01D-441F-B7CA-852D9B6C4A13} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {5BEF33F6-E7F3-4D31-B397-C098CBF154B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002UA => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
Task: {5F856AF1-93BB-49F8-9743-75F6ED02318B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for REBEL-Sven Rebel => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {60054E55-136C-430B-BCC9-B5AC48040703} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {65D031FE-7CEE-4F32-B6E8-EA9D8A148843} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {705ED3DB-A5D7-443F-AF07-70EABBE2E4EA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-19] (Synaptics Incorporated)
Task: {770F5502-009B-4DBB-A72E-39F6FCDC6958} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {91923708-150C-4DEA-9F07-F72A5AFEF726} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {A70A06B1-CA0E-4420-ADA3-AF11C34B1738} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {A978010E-BC34-4B78-BE43-B1E3A289A360} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {C2133FF0-8734-40D1-B546-A03DEF10E56C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C482F452-E73B-4601-B3E7-7C6C290B8899} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {D71172C4-C030-4EF4-B9FE-DA301636C58E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {DC672C87-E84B-4E3E-B9E2-335DA98F573D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {E1D63D44-6088-488F-ACB1-2081A0210D4C} - System32\Tasks\HPCeeScheduleForSven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E66E63C5-054A-4F13-AB3A-59C240E92592} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {ED9371EC-2BEC-4153-AA0E-A80E5924DC2E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {F08638C5-3D88-4FFF-90DE-037783D4559F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {F2635235-E272-4EE3-A286-51F6824CECF1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002Core.job => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002UA.job => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-24 15:19 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00016632 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-03-21 08:25 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00062200 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00029432 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00016632 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00062200 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-05-24 10:22 - 2013-05-24 10:22 - 00334648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 10:53 - 2011-07-05 10:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2015-02-13 12:15 - 2015-02-13 12:15 - 03219456 _____ () C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00080120 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00371448 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2014-01-19 05:09 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-04 02:31 - 2015-04-04 02:31 - 03348592 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-04-04 02:31 - 2015-04-04 02:31 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-04-04 02:31 - 2015-04-04 02:31 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-11-22 06:56 - 2014-11-22 06:56 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00029432 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2014-11-22 06:56 - 2014-11-22 06:56 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-05-24 15:15 - 2014-05-24 15:15 - 00196264 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL

 

Part 5

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Sven\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Control Panel\Desktop\\Wallpaper -> F:\00 Sven\05 Grafik\10 Bilder\00 Bakrunder\1920X1440 - 2014-11-14 - 4.bmp
DNS Servers: 192.168.0.1 - 213.248.100.54

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "XboxStat "
HKLM\...\StartupApproved\Run32: => "BingDesktop "
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk "
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\StartupApproved\Run: => "Sony Ericsson PC Suite "
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\StartupApproved\Run: => "Speech Recognition "
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\StartupApproved\Run: => "Sony PC Companion "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7317889C-49C1-4BF1-B28A-42E667D65E5A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{61BE3A45-32D4-45A7-B5B7-822C9B265A0C}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{481F5500-9A32-455B-85DD-E27E32A4E241}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{951D71A8-23D0-43CE-8407-B3B422C5E6F9}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{3B7E6CE1-221C-443E-94FF-0FDC71669CB1}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{F0F6B705-1943-49E5-959A-048DB696BC95}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{9B013FFB-1E26-4B8F-96D3-382FC40372A0}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{4BC2009B-B8F9-4358-8DC5-F773B1DBED1A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{B52D7576-CFB0-4557-B1D1-CD2E48154376}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{E9AD6538-44DD-47E5-B3E4-DA4EC33DDE25}] => (Allow) LPort=1900
FirewallRules: [{C5C2D22E-0D10-4E61-8EBD-6DE3567DAB7F}] => (Allow) LPort=2869
FirewallRules: [{5C56B4B0-F6CF-492A-940C-D05FA4BCBCA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A2CA3B69-AF1E-4CF5-983E-1698FE6F258D}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B5827514-86DB-4A65-90C2-3678FFEE44FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9D3B3A19-372C-49C2-9169-1071B6D5BB44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{B38BB92C-6AAC-4C00-AC9E-D1AD83B35F7E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{968E77B4-F42D-4BBC-8ACF-85B0690CCC85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{3026B9BF-2A52-4214-A1F9-D259EF89C50D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{6ECAE293-5214-4447-967C-A4794E3BD7FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{F5712F09-666C-4FEB-BBE9-67B71BA746A0}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{627D3BE0-C0BD-453B-9E14-E2231134FED1}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{22BF1CA6-F1A4-48EE-BA82-42C5F8C8CCD8}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{0346F610-BBC6-4BE5-A824-C494FA7AAF0C}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{D4BC6600-C996-4893-AFD8-B14F7FDE418E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{73CB3E02-9C45-4EA9-86B8-5BCE909122D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3667CA9-73E4-463D-94A5-7E0B907BC7AA}] => (Allow) C:\Users\Sven\AppData\Local\Temp\nsv885F.tmp\CnetInstaller-76037787.exe
FirewallRules: [{418A253C-28FB-4B83-B7BA-9B1C4673FD85}] => (Allow) C:\Users\Sven\AppData\Local\Temp\nsv885F.tmp\CnetInstaller-76037787.exe
FirewallRules: [{417ADF64-CE05-4B57-9F82-D8804A4FC759}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{809853E8-C53A-440E-B648-F3E534750958}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7307249D-41CA-4744-8108-80ABF3BA9828}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C9AF6267-AC0F-480D-B005-756447CC7053}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{792B5D34-2FAE-467E-948F-27EC19949A62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5DE6CCEA-79B2-4170-AEF6-78AADEC0081B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2015 10:51:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1520

Start Time: 01d0927d3ced84fc

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 30743555-fe71-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 10:36:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 960

Start Time: 01d0927b247d7f07

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 1804ef41-fe6f-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 10:19:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fa0

Start Time: 01d09278bb576cda

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: aedc28c2-fe6c-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 10:06:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 618

Start Time: 01d09276f39a3bdb

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: e722653b-fe6a-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 09:51:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 155c

Start Time: 01d09274db2a4060

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: ceb092bc-fe68-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 09:36:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1828

Start Time: 01d09272c2b80bd4

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: b640936b-fe66-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 09:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a5c

Start Time: 01d09270aa46eb5c

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 9dce2b7b-fe64-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 09:02:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 31c

Start Time: 01d0926e151f103f

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 08a9ae2b-fe62-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 08:51:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a0c

Start Time: 01d0926c79647a3e

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 6ced7891-fe60-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/19/2015 08:36:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f28

Start Time: 01d0926a60f46856

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 547a5294-fe5e-11e4-bedc-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box


System errors:
=============
Error: (05/18/2015 11:44:51 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The smart card is not responding to a reset.Handelsbanken card reader 0POWER01 00 00 00

Error: (05/18/2015 11:44:51 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The smart card is not responding to a reset.Handelsbanken card reader 0POWER01 00 00 00

Error: (05/18/2015 11:44:51 AM) (Source: SCardSvr) (EventID: 610) (User: )
Description: The smart card is not responding to a reset.Handelsbanken card reader 0POWER01 00 00 00

Error: (05/17/2015 05:47:52 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (05/17/2015 05:47:52 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (05/17/2015 05:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/17/2015 05:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/17/2015 05:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/17/2015 05:46:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Explorer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/17/2015 05:46:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (05/19/2015 10:51:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415152001d0927d3ced84fc4294967295C:\WINDOWS\system32\backgroundTaskHost.exe30743555-fe71-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 10:36:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741596001d0927b247d7f074294967295C:\WINDOWS\system32\backgroundTaskHost.exe1804ef41-fe6f-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 10:19:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415fa001d09278bb576cda4294967295C:\WINDOWS\system32\backgroundTaskHost.exeaedc28c2-fe6c-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 10:06:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741561801d09276f39a3bdb4294967295C:\WINDOWS\system32\backgroundTaskHost.exee722653b-fe6a-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 09:51:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415155c01d09274db2a40604294967295C:\WINDOWS\system32\backgroundTaskHost.execeb092bc-fe68-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 09:36:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415182801d09272c2b80bd44294967295C:\WINDOWS\system32\backgroundTaskHost.exeb640936b-fe66-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 09:21:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415a5c01d09270aa46eb5c4294967295C:\WINDOWS\system32\backgroundTaskHost.exe9dce2b7b-fe64-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 09:02:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741531c01d0926e151f103f4294967295C:\WINDOWS\system32\backgroundTaskHost.exe08a9ae2b-fe62-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 08:51:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.174151a0c01d0926c79647a3e4294967295C:\WINDOWS\system32\backgroundTaskHost.exe6ced7891-fe60-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/19/2015 08:36:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415f2801d0926a60f468564294967295C:\WINDOWS\system32\backgroundTaskHost.exe547a5294-fe5e-11e4-bedc-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox


CodeIntegrity Errors:
===================================
Date: 2015-05-17 17:47:24.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-17 17:27:17.791
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-13 03:02:35.950
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-06 09:29:52.032
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-01 22:03:47.537
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-29 20:54:45.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-29 12:45:00.057
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-29 12:31:54.654
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-21 20:55:30.576
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-14 23:58:08.758
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 7366.26 MB
Available physical RAM: 4644.43 MB
Total Pagefile: 8518.26 MB
Available Pagefile: 5567.94 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:678.08 GB) (Free:609.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.44 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (USB 32 GB) (Removable) (Total:30.22 GB) (Free:10.97 GB) FAT32
Drive g: (USB 16 GB) (Fixed) (Total:14.9 GB) (Free:8.84 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 56613821)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30.2 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=30.2 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: 0C60D611)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================

 

...and about the sys. spec.

There was an easy way to do it
A lot of info there, more than is allowed in one box, so if You want the rest of it, please let me know. I've already posted a lot of logs today....

Operating System
Windows 8.1 64-bit
CPU
AMD A4/A6/A8/A10 101 °C
Richland 32nm Technology
RAM
8,00GB Dual-Channel DDR3 @ 665MHz (9-9-10-24)
Motherboard
Hewlett-Packard 216C (Socket FT1) 52 °C
Graphics
Generic PnP Monitor (1366x768@60Hz)
SAMSUNG (1920x1080@30Hz)
768MB ATI AMD Radeon HD 8610G + 8600M Dual Graphics (HP) 45 °C
2048MB ATI AMD Radeon HD 8600M Series (HP)
CrossFire Disabled
Storage
698GB Hitachi HGST HTS541075A9E680 SATA Disk Device (SATA) 28 °C
14GB SanDisk Cruzer Blade USB Device (USB (SATA)) 28 °C
30GB JetFlash Transcend 32GB USB Device (USB)
Optical Drives
hp DVDRAM GU70N SATA CdRom Device
Audio
AMD High Definition Audio Device
Operating System
Windows 8.1 64-bit
Computer type: Notebook
Installation Date: 2014-01-18 13:45:53
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Enabled
Windows Update
AutoUpdate Not configured
Windows Defender
Windows Defender Enabled
Antivirus
Antivirus Enabled
Display Name Windows Defender
Virus Signature Database Up to date
.NET Frameworks installed
v4.5 Full
v4.5 Client
v3.5 SP1
v3.0 SP2
v2.0 SP2
Internet Explorer
Version 11.0.9600.17801
PowerShell
Version 4.0
Environment Variables
USERPROFILE C:\Users\Sven
SystemRoot C:\WINDOWS
User Variables
TEMP C:\Users\Sven\AppData\Local\Temp
TMP C:\Users\Sven\AppData\Local\Temp
Machine Variables
ComSpec C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK NO
NUMBER_OF_PROCESSORS 4
OnlineServices Online Services
OS Windows_NT
Path C:\WINDOWS\system32
C:\WINDOWS
C:\WINDOWS\System32\Wbem
C:\WINDOWS\System32\WindowsPowerShell\v1.0\
C:\Program Files (x86)\Windows Live\Shared
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
C:\Program Files (x86)\QuickTime\QTSystem\
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND Pavilion
Platform MCD
PROCESSOR_ARCHITECTURE AMD64
PROCESSOR_IDENTIFIER AMD64 Family 21 Model 19 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL 21
PROCESSOR_REVISION 1301
PSModulePath C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
TEMP C:\WINDOWS\TEMP
TMP C:\WINDOWS\TEMP
USERNAME SYSTEM
windir C:\WINDOWS
Battery
AC Line Online
Battery Charge % 100 %
Battery State High
Remaining Battery Time Unknown
Power Profile
Active power scheme HP Recommended
Hibernation Enabled
Turn Off Monitor after: (On AC Power) Never
Turn Off Monitor after: (On Battery Power) 2 min
Turn Off Hard Disk after: (On AC Power) 15 min
Turn Off Hard Disk after: (On Battery Power) 3 min
Suspend after: (On AC Power) Never
Suspend after: (On Battery Power) 5 min
Screen saver Enabled

 

RogueKiler report

RogueKiller V10.6.4.0 [May 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Sven [Administrator]
Started from : C:\Users\Sven\Desktop\RogueKiller.exe
Mode : Delete -- Date : 05/20/2015 00:19:37

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 40 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X64) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} : -> Not selected
[PUM.Orphan] (X86) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} : -> Not selected
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [7][x] -> Not selected
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [7][x] -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:63649;https=127.0.0.1:63649 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:63649;https=127.0.0.1:63649 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:63649;https=127.0.0.1:63649 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:63649;https=127.0.0.1:63649 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 213.248.100.54 213.248.83.34 [-][UNITED KINGDOM (GB)][POLAND (PL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 213.248.100.54 213.248.83.34 [-][UNITED KINGDOM (GB)][POLAND (PL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0D5A8877-EDEA-4BED-A4E9-66F5F8CB4A62} | DhcpNameServer : 30.20.1.1 30.20.1.2 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{54AEB889-6F36-40E2-80E3-6BEC7CF95080} | DhcpNameServer : 192.168.0.1 213.248.100.54 213.248.83.34 [-][UNITED KINGDOM (GB)][POLAND (PL)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0D5A8877-EDEA-4BED-A4E9-66F5F8CB4A62} | DhcpNameServer : 30.20.1.1 30.20.1.2 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{54AEB889-6F36-40E2-80E3-6BEC7CF95080} | DhcpNameServer : 192.168.0.1 213.248.100.54 213.248.83.34 [-][UNITED KINGDOM (GB)][POLAND (PL)] -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64cpu : Wow64cpu.dll -> ERROR [5]
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64win : Wow64win.dll -> ERROR [5]
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64 : Wow64.dll -> ERROR [5]
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64cpu : Wow64cpu.dll -> ERROR [5]
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64win : Wow64win.dll -> ERROR [5]
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64 : Wow64.dll -> ERROR [5]

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541075A9E680 SATA Disk Device +++++
--- User ---
[MBR] f358a1905ec13f74bf99fe9906a3ac7c
[BSP] 23c824a50c56ec1dd5270752e0ea0c0e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 694357 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1423659008 | Size: 350 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1424375808 | Size: 19908 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: JetFlash Transcend 32GB USB Device +++++
--- User ---
[MBR] 8886b66aedce20f90905c67c397946b2
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 96 | Size: 30959 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: SanDisk Cruzer Blade USB Device +++++
--- User ---
[MBR] 92b0fd77ae22a0d8c834bc871ca20711
[BSP] d9e3ebbc31cbb73fa1fac7e16e993102 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_05202015_001355.log

 

...and here are the other ones.

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 2015-05-20 00:25:06, SYSTEM, REBEL, Protection, Malware Protection, Starting,
Protection, 2015-05-20 00:25:07, SYSTEM, REBEL, Protection, Malware Protection, Started,
Protection, 2015-05-20 00:25:07, SYSTEM, REBEL, Protection, Malicious Website Protection, Starting,
Protection, 2015-05-20 00:25:07, SYSTEM, REBEL, Protection, Malicious Website Protection, Started,
Update, 2015-05-20 00:25:13, SYSTEM, REBEL, Manual, Remediation Database, 2015.3.9.1, 2015.5.13.1,
Update, 2015-05-20 00:25:13, SYSTEM, REBEL, Manual, Rootkit Database, 2015.2.25.1, 2015.5.16.1,
Update, 2015-05-20 00:25:37, SYSTEM, REBEL, Manual, Malware Database, 2015.3.9.5, 2015.5.19.6,
Protection, 2015-05-20 00:25:37, SYSTEM, REBEL, Protection, Refresh, Starting,
Protection, 2015-05-20 00:25:37, SYSTEM, REBEL, Protection, Malicious Website Protection, Stopping,
Protection, 2015-05-20 00:25:37, SYSTEM, REBEL, Protection, Malicious Website Protection, Stopped,
Protection, 2015-05-20 00:25:45, SYSTEM, REBEL, Protection, Refresh, Success,
Protection, 2015-05-20 00:25:45, SYSTEM, REBEL, Protection, Malicious Website Protection, Starting,
Protection, 2015-05-20 00:25:45, SYSTEM, REBEL, Protection, Malicious Website Protection, Started,
Scan, 2015-05-20 01:08:32, SYSTEM, REBEL, Manual, Start:2015-05-20 00:26:10, Duration:32 min 50 sec, Threat Scan, Completed, 0 Malware Detections, 35 Non-Malware Detections,
Protection, 2015-05-20 01:10:48, SYSTEM, REBEL, Protection, Malware Protection, Starting,
Protection, 2015-05-20 01:10:49, SYSTEM, REBEL, Protection, Malware Protection, Started,
Protection, 2015-05-20 01:10:49, SYSTEM, REBEL, Protection, Malicious Website Protection, Starting,
Protection, 2015-05-20 01:10:51, SYSTEM, REBEL, Protection, Malicious Website Protection, Started,

(end)

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-05-20
Scan Time: 00:26:10
Logfile: Text 2.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.19.06
Rootkit Database: v2015.05.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Sven

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362143
Time Elapsed: 32 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.Ominent.A, HKLM\SOFTWARE\CLASSES\APPID\{9A246976-806F-4B2E-B3B9-A9A58F5685AA}, Quarantined, [96eca1f4e3a774c26960c59721e2639d],
PUP.Optional.Ominent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9A246976-806F-4B2E-B3B9-A9A58F5685AA}, Quarantined, [96eca1f4e3a774c26960c59721e2639d],
PUP.Optional.Ominent.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{9A246976-806F-4B2E-B3B9-A9A58F5685AA}, Quarantined, [96eca1f4e3a774c26960c59721e2639d],
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GLOBALUPDATE.EXE, Quarantined, [9ae85d382e5c85b1469a66e3c43e8a76],
PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GLOBALUPDATE.EXE, Quarantined, [9ae85d382e5c85b1469a66e3c43e8a76],
PUP.Optional.weDownload.A, HKLM\SOFTWARE\WOW6432NODE\weDownload Ltd, Quarantined, [fe84afe6fa90ed497d2343e31be9eb15],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7a080b8aaddd092d76c61bbebc477888],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, Quarantined, [2062ff96751542f4e690e290f70ee020],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV12.05-nv, Quarantined, [384ab4e16525a294e7bc945b3dc67f81],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV12.05-nv-ie, Quarantined, [3949cfc6a8e2b482e6bd03ecdd264ab6],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [6b17d6bfaae00630419e4a245fa60ef2],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\CinemaPlus-3.2cV12.05-nv-ie, Quarantined, [bfc3078e305a50e6218234bb867d48b8],
PUP.Optional.weDownload.A, HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\weDownload Ltd, Quarantined, [b1d1ddb8bad060d6653a9e887391bd43],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{921A0D4E-2819-48BF-BBCC-D66854E89525}, Quarantined, [acd6f3a24644a3931ed9e3f78083748c],

Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{921A0D4E-2819-48BF-BBCC-D66854E89525}|URL, https://se.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=523482&p={searchTerms}, Quarantined, [acd6f3a24644a3931ed9e3f78083748c]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.GlobalUpdate.A, C:\Users\Sven\AppData\Local\Temp\comh.274273, Quarantined, [9de5eda8f298a98da6cb576304ff30d0],

Files: 19
PUP.Optional.SaveSense.A, C:\Users\Sven\AppData\Local\Temp\SaveSenseUpdateVer.exe, Quarantined, [4b37583dd5b5a88e491538fc0df3956b],
PUP.Optional.Spigot.SID, C:\Users\Sven\AppData\Local\Temp\~spC3E8.tmp, Quarantined, [e69c316423673402bc4c5e00cd39cc34],
PUP.Optional.Conduit.A, C:\Users\Sven\AppData\Local\Temp\nsaA370.exe, Quarantined, [641e5f36fb8f95a1794cf2c316ebc937],
PUP.Optional.SafeWeb.A, C:\Users\Sven\AppData\Local\Temp\Setup-1-.exe, Quarantined, [681a02938bff2016085f23435ca421df],
PUP.Optional.CrossRider.A, C:\Users\Sven\AppData\Local\Temp\7099.exe, Quarantined, [f989b8dd880272c4533f4e0780866997],
PUP.Optional.CrossRider.A, C:\Users\Sven\AppData\Local\Temp\7442.exe, Quarantined, [463c9401741654e20191ba9bbf47b050],
PUP.Optional.CrossRider.A, C:\Users\Sven\AppData\Local\Temp\8229.exe, Quarantined, [fb872a6b2c5eb185c8cac1944abc12ee],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\globalupdate.exe, Quarantined, [9ae85d382e5c85b1469a66e3c43e8a76],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\globalupdateBroker.exe, Quarantined, [f48eb7de276349edf8e8183131d1639d],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\globalupdateCrashHandler.exe, Quarantined, [fd8594018ffb61d5db05db6e0cf67987],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\globalupdateOnDemand.exe, Quarantined, [5b279cf9ccbec3734898fa4f6d952dd3],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\goopdate.dll, Quarantined, [9be7b7de6b1faf8768785beed52d1ee2],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\goopdateres_en.dll, Quarantined, [dda51a7b2c5e2f07bc24b792a26015eb],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\npglobalupdateUpdate4.dll, Quarantined, [c1c1f4a15931ba7ca13f84c50cf6e818],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\psmachine.dll, Quarantined, [1f63791c5832063019c783c65aa829d7],
PUP.Optional.ModGoog, C:\Users\Sven\AppData\Local\Temp\comh.274273\psuser.dll, Quarantined, [bdc5fd9825659b9b00e00445ae5408f8],
PUP.Optional.BundleInstaller.A, C:\Users\Sven\Downloads\setup.exe, Quarantined, [1270672eacde3df94c1d86cb7191fe02],
PUP.Optional.Softonic, C:\Users\Sven\Downloads\SoftonicDownloader_for_acdsee-free.exe, Quarantined, [a9d96a2bfc8e51e58e044814c63a7987],
PUP.Optional.GlobalUpdate.A, C:\Users\Sven\AppData\Local\Temp\comh.274273\globalupdateHelper.msi, Quarantined, [9de5eda8f298a98da6cb576304ff30d0],

Physical Sectors: 0
(No malicious items detected)


(end)

 

About Malwarebytes Anti-Malware

Didn't get the option to "apply actions "... the request of restart came directly after it was done...., but it put the suspicious items in quarantine.
Although it did not got rid of the suspicious boxes and other weird things happening in Firefox…??? But we maybe are not there jet?

 

Hi

Go on means run JRT + Adw Cleaner, I suppose.
Done that. Adw Cleaner I already had previously installed. I run both programs.

No change so far. Adw Cleaner finds the same registry posts and they keep coming back, I didn’t try that after running all the other stuff…but I guess it’s the same.
A malware protection prog. sort of disappeared, so I assume it clashes with the Malwarebytes Anti-Malware….forgot what it was, my memory is not what it should be sometimes

Same squares and tabs and new windows appear in FF. Most of "˜em disappear quickly enough, guess MAM does that… and MAM keeps flashing a warning about this site / program / junk / something zbu.makingreplied.com

…and svchost.exe does the same thing, but that may be as it should???

…sooo, whats next? "¦and I hope You won’t say - buy a new PC

 

Ps

... a new annoing thing, there is banner to right, blocking the logg out button now "@%& :-/

 

Jrt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.4 (05.19.2015:1)
OS: Windows 8.1 x64
Ran by Sven on 2015-05-20 at 10:59:07,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2450300456-2783352858-2565268672-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2477815455-1767793343-2609628209-1002
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2477815455-1767793343-2609628209-500
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3817038647-257148118-3753753416-500



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\wininit.ini



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\adfender
Successfully deleted: [Folder] C:\ProgramData\adfender
Successfully deleted: [Folder] C:\Users\Sven\appdata\local\adfender



~~~ FireFox

Emptied folder: C:\Users\Sven\AppData\Roaming\mozilla\firefox\profiles\dwtu1v6m.default\minidumps [70 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-05-20 at 11:03:12,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Adw Cleaner logg

the most resent one... as I told before this prog. I had previously and there are earlier logs....?

# AdwCleaner v4.204 - Logfile created 20/05/2015 at 12:13:55
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Sven - REBEL
# Running from : C:\Users\Sven\Downloads\2015-05-17\adwcleaner_4.204.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63649;hxxps=127.0.0.1:63649
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v42.0.2311.152


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [6631 bytes] - [17/05/2015 17:22:11]
AdwCleaner[R1].txt - [1510 bytes] - [17/05/2015 17:44:29]
AdwCleaner[R2].txt - [1628 bytes] - [17/05/2015 18:07:27]
AdwCleaner[R3].txt - [1687 bytes] - [18/05/2015 11:06:41]
AdwCleaner[R4].txt - [1745 bytes] - [19/05/2015 10:34:36]
AdwCleaner[R5].txt - [1805 bytes] - [19/05/2015 16:38:35]
AdwCleaner[R6].txt - [1864 bytes] - [20/05/2015 11:17:37]
AdwCleaner[R7].txt - [1667 bytes] - [20/05/2015 12:13:55]
AdwCleaner[S0].txt - [6121 bytes] - [17/05/2015 17:23:49]
AdwCleaner[S1].txt - [1354 bytes] - [17/05/2015 17:46:12]
AdwCleaner[S2].txt - [1708 bytes] - [20/05/2015 12:05:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1903 bytes] ##########
# AdwCleaner v4.204 - Logfile created 20/05/2015 at 12:05:41
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Sven - REBEL
# Running from : C:\Users\Sven\Downloads\2015-05-17\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63649;hxxps=127.0.0.1:63649
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Google Chrome v42.0.2311.152


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [6631 bytes] - [17/05/2015 17:22:11]
AdwCleaner[R1].txt - [1510 bytes] - [17/05/2015 17:44:29]
AdwCleaner[R2].txt - [1628 bytes] - [17/05/2015 18:07:27]
AdwCleaner[R3].txt - [1687 bytes] - [18/05/2015 11:06:41]
AdwCleaner[R4].txt - [1745 bytes] - [19/05/2015 10:34:36]
AdwCleaner[R5].txt - [1805 bytes] - [19/05/2015 16:38:35]
AdwCleaner[R6].txt - [1864 bytes] - [20/05/2015 11:17:37]
AdwCleaner[S0].txt - [6121 bytes] - [17/05/2015 17:23:49]
AdwCleaner[S1].txt - [1354 bytes] - [17/05/2015 17:46:12]
AdwCleaner[S2].txt - [1569 bytes] - [20/05/2015 12:05:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1628 bytes] ##########