Solved Problem with ads...?

broni · 2015/05/21

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

skn · 2015/05/21

Hi

Followed Your steps as precisely as I understood them.
ComboFix didn’t want to run on my sys. Win 8.1, as far I could understand it the
“limit” was Win8…
However, I did dele it, downloaded it anew and renamed it (before saving it).
Then downloaded rkill run it and made a new try… nope, same
dialogue box, it stops at Win 8…
By the way there was a significant pause where rkill seemed to be inactive “Performing miscellaneous checks” ….it was maybe supposed to do that???

Do You need the rkill log? It’s awfully lot of text again, that’s why I ask before coping it in here. most of it looks like this C:\WINDOWS\Temp\21969e7f-89ff-428c-9adc-34a82e8a3457\Windows\System32……and here there are a lot of different files.

Let me know how to proceed please.

broni · 2015/05/21

I apologize. My fault. Combofix won't run on Windows 8.1.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

skn · 2015/05/22

Addition.txt part 1

No need to apologize, "erare humanum estâ€¦etc.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Sven at 2015-05-22 10:21:23
Running from C:\Users\Sven\Downloads\2015-05-18
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2477815455-1767793343-2609628209-500 - Administrator - Disabled)
Guest (S-1-5-21-2477815455-1767793343-2609628209-501 - Limited - Disabled)
Sven (S-1-5-21-2477815455-1767793343-2609628209-1002 - Administrator - Enabled) => C:\Users\Sven

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Free (HKLM-x32\...\ACDSee Free) (Version: 1.0.18 - ACD Systems International Inc.)
AdFender (HKLM-x32\...\AdFender) (Version: 1.83 - AdFender, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{DEC772E6-D0C7-9964-5D30-DEC57EF1B26F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software)
BankID sÃ¤kerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.0.2.10 - Finansiell ID-Teknik BID AB)
BankID sÃ¤kerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.4.0.22 - Finansiell ID-Teknik BID AB)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Handelsbanken kortlÃ¤sare (HKLM-x32\...\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}) (Version: 1.00.0000 - Todos Data System AB)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\HPConnectedMusic) (Version: 1.1 (build 87) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}) (Version: 1.4.269 - Sony)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Svenska (HKLM-x32\...\{90150000-001F-041D-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.02.00076 - Sony Computer Entertainment Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{931210CE-36BC-BB05-9559-D2320932312E}) (Version: 11.0.738.3 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.27.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
RealWorld Cursor Editor (HKLM-x32\...\{25A344BB-378D-4E51-9A39-780755012B2D}) (Version: 13.1.0 - RealWorld Graphics)
RealWorld Paint (HKLM-x32\...\{B6694991-632B-4DA4-B636-58A862645144}) (Version: 13.1.0 - RealWorld Graphics)
RealWorld Photos (HKLM-x32\...\{3CBCB219-8137-4FA6-B13B-BA4F83F22D4E}) (Version: 13.1.0 - RealWorld Graphics)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skypeâ„¢ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Organizing Monitor (HKLM-x32\...\{E4094BC9-2554-4E57-B4A0-8584DC433895}) (Version: 1.00.0000 - RICOH)
Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
System Explorer 6.4.1 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version: - Mister Group)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Sven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Sven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Sven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Sven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

06-05-2015 09:05:51 Windows Update
13-05-2015 02:45:06 Windows Update
20-05-2015 10:19:40 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B9D29B3-5190-4F4A-86E7-F89F8FFD40DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0E0B78AF-541A-4D47-B62A-DE786E9ADB1C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {30B3FAA1-AC19-425E-B2F3-FFC862B46ED2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {348EE623-BABC-4095-B93F-BE3267C4301F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {410FE59E-1BCC-40D1-9485-36D989F765CD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {5195ABF0-E5BE-4B35-9ABB-75D888B39C30} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002Core => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
Task: {51EE453B-6DDA-498B-906B-7399224E6D43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {5491A663-ED1B-4E23-8413-0058093C068E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {5AC7C619-C01D-441F-B7CA-852D9B6C4A13} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {5BEF33F6-E7F3-4D31-B397-C098CBF154B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002UA => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-27] (Google Inc.)
Task: {5E740BB8-54BF-4ABD-BEA2-2645BE0E157B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {5F856AF1-93BB-49F8-9743-75F6ED02318B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for REBEL-Sven Rebel => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {60054E55-136C-430B-BCC9-B5AC48040703} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {65D031FE-7CEE-4F32-B6E8-EA9D8A148843} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {6E6C6578-773A-4E67-BF5C-BD6500B7A387} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {705ED3DB-A5D7-443F-AF07-70EABBE2E4EA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-19] (Synaptics Incorporated)
Task: {770F5502-009B-4DBB-A72E-39F6FCDC6958} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {91923708-150C-4DEA-9F07-F72A5AFEF726} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {A70A06B1-CA0E-4420-ADA3-AF11C34B1738} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {A978010E-BC34-4B78-BE43-B1E3A289A360} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-18] (Google Inc.)
Task: {C2133FF0-8734-40D1-B546-A03DEF10E56C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C482F452-E73B-4601-B3E7-7C6C290B8899} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {DC672C87-E84B-4E3E-B9E2-335DA98F573D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {DC8ABC43-51AA-48AE-9901-91B95B57B5DA} - \Optimize Start Menu Cache Files-S-1-5-21-2477815455-1767793343-2609628209-500 No Task File <==== ATTENTION
Task: {E1D63D44-6088-488F-ACB1-2081A0210D4C} - System32\Tasks\HPCeeScheduleForSven => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E66E63C5-054A-4F13-AB3A-59C240E92592} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {ED9371EC-2BEC-4153-AA0E-A80E5924DC2E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {F08638C5-3D88-4FFF-90DE-037783D4559F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002Core.job => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002UA.job => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSven.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-24 15:19 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00016632 _____ () C:\Windows\system32\BsHelpCSps.dll
2015-03-21 08:25 - 2015-01-27 16:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00029432 _____ () C:\WINDOWS\system32\BsTrace.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00371448 _____ () C:\Windows\system32\BsExtendFunc.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00062200 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00029432 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00016632 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00062200 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-05-24 10:22 - 2013-05-24 10:22 - 00334648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 10:53 - 2011-07-05 10:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2015-02-13 12:15 - 2015-02-13 12:15 - 03219456 _____ () C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00080120 _____ () C:\WINDOWS\SYSTEM32\BsProfilefunc.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00371448 _____ () C:\WINDOWS\SYSTEM32\BsExtendFunc.dll
2014-01-19 05:09 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Sven\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Control Panel\Desktop\\Wallpaper -> F:\00 Sven\05 Grafik\10 Bilder\00 Bakrunder\1920X1440 - 2014-11-14 - 4.bmp
DNS Servers: 192.168.0.1 - 213.248.100.54

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "XboxStat "
HKLM\...\StartupApproved\Run32: => "BingDesktop "
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk "
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\StartupApproved\Run: => "Sony Ericsson PC Suite "
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\StartupApproved\Run: => "Speech Recognition "
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\StartupApproved\Run: => "Sony PC Companion "

==================== FirewallRules (Whitelisted) ===============

skn · 2015/05/22

Addition.txt Part 2

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7317889C-49C1-4BF1-B28A-42E667D65E5A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{61BE3A45-32D4-45A7-B5B7-822C9B265A0C}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{481F5500-9A32-455B-85DD-E27E32A4E241}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{951D71A8-23D0-43CE-8407-B3B422C5E6F9}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{3B7E6CE1-221C-443E-94FF-0FDC71669CB1}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{F0F6B705-1943-49E5-959A-048DB696BC95}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{9B013FFB-1E26-4B8F-96D3-382FC40372A0}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{4BC2009B-B8F9-4358-8DC5-F773B1DBED1A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{B52D7576-CFB0-4557-B1D1-CD2E48154376}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{E9AD6538-44DD-47E5-B3E4-DA4EC33DDE25}] => (Allow) LPort=1900
FirewallRules: [{C5C2D22E-0D10-4E61-8EBD-6DE3567DAB7F}] => (Allow) LPort=2869
FirewallRules: [{5C56B4B0-F6CF-492A-940C-D05FA4BCBCA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A2CA3B69-AF1E-4CF5-983E-1698FE6F258D}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B5827514-86DB-4A65-90C2-3678FFEE44FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9D3B3A19-372C-49C2-9169-1071B6D5BB44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{B38BB92C-6AAC-4C00-AC9E-D1AD83B35F7E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{968E77B4-F42D-4BBC-8ACF-85B0690CCC85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{3026B9BF-2A52-4214-A1F9-D259EF89C50D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{6ECAE293-5214-4447-967C-A4794E3BD7FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [TCP Query User{F5712F09-666C-4FEB-BBE9-67B71BA746A0}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{627D3BE0-C0BD-453B-9E14-E2231134FED1}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{22BF1CA6-F1A4-48EE-BA82-42C5F8C8CCD8}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{0346F610-BBC6-4BE5-A824-C494FA7AAF0C}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{D4BC6600-C996-4893-AFD8-B14F7FDE418E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{73CB3E02-9C45-4EA9-86B8-5BCE909122D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3667CA9-73E4-463D-94A5-7E0B907BC7AA}] => (Allow) C:\Users\Sven\AppData\Local\Temp\nsv885F.tmp\CnetInstaller-76037787.exe
FirewallRules: [{418A253C-28FB-4B83-B7BA-9B1C4673FD85}] => (Allow) C:\Users\Sven\AppData\Local\Temp\nsv885F.tmp\CnetInstaller-76037787.exe
FirewallRules: [{417ADF64-CE05-4B57-9F82-D8804A4FC759}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{809853E8-C53A-440E-B648-F3E534750958}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7307249D-41CA-4744-8108-80ABF3BA9828}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C9AF6267-AC0F-480D-B005-756447CC7053}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{792B5D34-2FAE-467E-948F-27EC19949A62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5DE6CCEA-79B2-4170-AEF6-78AADEC0081B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 10:20:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17e0

Start Time: 01d0946fc6b24eeb

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: ba40f944-0063-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/22/2015 00:46:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19d4

Start Time: 01d0941fa46e6b65

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 97ff0f81-0013-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/22/2015 00:36:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1874

Start Time: 01d0941e43bb8c37

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 374fb218-0012-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/22/2015 00:21:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fb4

Start Time: 01d0941c2b48f573

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 1edbd251-0010-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/22/2015 00:02:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1734

Start Time: 01d09419790472df

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 6c981c85-000d-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/21/2015 11:46:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12ec

Start Time: 01d09417526ef27d

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 46001640-000b-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/21/2015 11:36:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e3c

Start Time: 01d09415e1f69ab0

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: d5823c4c-0009-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/21/2015 11:21:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ba4

Start Time: 01d09413c9978925

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: bd352ce7-0007-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/21/2015 11:06:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b68

Start Time: 01d09411b11464ac

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: a49b0668-0005-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

Error: (05/21/2015 10:51:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1120

Start Time: 01d0940f98a2958e

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 8c2d139b-0003-11e5-bedf-3423872e00fc

Faulting package full name: 134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmee

Faulting package-relative application ID: Box

System errors:
=============
Error: (05/20/2015 00:07:29 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (05/20/2015 00:07:29 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (05/20/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (05/20/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (05/20/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/20/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The System Explorer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/20/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/20/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/20/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BsHelpCS service terminated unexpectedly. It has done this 1 time(s).

Error: (05/20/2015 00:06:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office:
=========================
Error: (05/22/2015 10:20:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741517e001d0946fc6b24eeb4294967295C:\WINDOWS\system32\backgroundTaskHost.exeba40f944-0063-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/22/2015 00:46:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741519d401d0941fa46e6b654294967295C:\WINDOWS\system32\backgroundTaskHost.exe97ff0f81-0013-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/22/2015 00:36:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415187401d0941e43bb8c374294967295C:\WINDOWS\system32\backgroundTaskHost.exe374fb218-0012-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/22/2015 00:21:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415fb401d0941c2b48f5734294967295C:\WINDOWS\system32\backgroundTaskHost.exe1edbd251-0010-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/22/2015 00:02:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415173401d09419790472df4294967295C:\WINDOWS\system32\backgroundTaskHost.exe6c981c85-000d-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/21/2015 11:46:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741512ec01d09417526ef27d4294967295C:\WINDOWS\system32\backgroundTaskHost.exe46001640-000b-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/21/2015 11:36:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415e3c01d09415e1f69ab04294967295C:\WINDOWS\system32\backgroundTaskHost.exed5823c4c-0009-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/21/2015 11:21:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415ba401d09413c99789254294967295C:\WINDOWS\system32\backgroundTaskHost.exebd352ce7-0007-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/21/2015 11:06:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415b6801d09411b11464ac4294967295C:\WINDOWS\system32\backgroundTaskHost.exea49b0668-0005-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

Error: (05/21/2015 10:51:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.17415112001d0940f98a2958e4294967295C:\WINDOWS\system32\backgroundTaskHost.exe8c2d139b-0003-11e5-bedf-3423872e00fc134D4F5B.Box_1.6.0.1910_neutral__2qk4zy5s3qmeeBox

CodeIntegrity Errors:
===================================
Date: 2015-05-20 12:07:04.304
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-20 11:09:29.903
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-20 01:10:15.746
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-17 17:47:24.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-17 17:27:17.791
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-13 03:02:35.950
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-06 09:29:52.032
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-01 22:03:47.537
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-29 20:54:45.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-29 12:45:00.057
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 7366.26 MB
Available physical RAM: 5376.38 MB
Total Pagefile: 8518.26 MB
Available Pagefile: 6093.86 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:678.08 GB) (Free:609.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:19.44 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (USB 32 GB) (Removable) (Total:30.22 GB) (Free:10.91 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 56613821)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30.2 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=30.2 GB) - (Type=0C)

==================== End of log ============================

skn · 2015/05/22

FRST.txt Part 1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Sven (administrator) on REBEL on 22-05-2015 10:20:01
Running from C:\Users\Sven\Downloads\2015-05-18
Loaded Profiles: Sven (Available profiles: Sven)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3391712 2015-04-20] (Mister Group)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Google Update] => C:\Users\Sven\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-27] (Google Inc.)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [Google+ Auto Backup] => C:\Users\Sven\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoWinkeys] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [217088 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2015-05-17]
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (No File)
Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SystemExplorerDisabled [2015-05-12] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:63649;https=127.0.0.1:63649
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> {2D3752F1-AE1A-469E-BE06-D99A8148FF31} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (IvoSoft)
Toolbar: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 213.248.100.54 213.248.83.34

FireFox:
========
FF ProfilePath: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default
FF DefaultSearchEngine: Google dot com
FF Homepage: https://www.google.com/ncr
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @bankid.com/BankID sÃ¤kerhetsprogram,version=5.0.2.10 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID sÃ¤kerhetsprogram,version=6.1.0.18 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID sÃ¤kerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @bankid.com/BankID sÃ¤kerhetsprogram,version=6.4.0.22 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2015-03-17] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-01-20] (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2477815455-1767793343-2609628209-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2477815455-1767793343-2609628209-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF SearchPlugin: C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\searchplugins\google-dot-com.xml [2015-01-27]
FF Extension: Widevine Media Optimizer - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2014-12-24]
FF Extension: FT DeepDark - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-04-15]
FF Extension: 95322c0805ff4f3c85fd8ceb821988dd - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{95322c08-05ff-4f3c-85fd-8ceb821988dd} [2015-05-16]
FF Extension: Adblock Plus - C:\Users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\dwtu1v6m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-18]

Chrome:
=======
CHR Profile: C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\Sven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

Opera:
=======
OPR Extension: (bmihblnpomgpjkfddepdpdafhhepdbek) - C:\Users\Sven\AppData\Roaming\Opera Software\Opera Stable\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2015-05-16]

skn · 2015/05/22

FRST.txt Part 2

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices)
S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2014-02-21] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2014-02-21] (Windows (R) Win 7 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2014-01-19] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 s1039bus; C:\Windows\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\system32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
S3 s1039mdm; C:\Windows\system32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\system32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039nd5; C:\Windows\system32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\system32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-05] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-05] (Synaptics Incorporated)
R3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-28] (Todos Data System AB)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-20] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-21 22:42 - 2015-05-21 22:55 - 05275468 _____ () C:\Users\Sven\Desktop\Rkill.txt
2015-05-21 22:42 - 2015-05-21 22:42 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Sven\Desktop\rkill64.exe
2015-05-21 22:41 - 2015-05-21 22:41 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Sven\Desktop\rkill.exe
2015-05-21 22:40 - 2015-05-21 22:40 - 05627500 _____ (Swearware) C:\Users\Sven\Desktop\New try.exe
2015-05-21 17:26 - 2015-05-21 17:57 - 00000000 ____D () C:\WINDOWS\SysWOW64\ivtMobCache
2015-05-21 11:19 - 2015-05-21 11:25 - 00002785 _____ () C:\WINDOWS\SysWOW64\SHORTCUT.INI
2015-05-20 23:26 - 2015-05-22 10:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2477815455-1767793343-2609628209-1002
2015-05-20 11:04 - 2015-05-22 10:14 - 00000000 ___RD () C:\Users\Sven\Desktop\Bug Hunt
2015-05-20 10:59 - 2015-05-20 10:59 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-REBEL-Windows-8.1-(64-bit).dat
2015-05-20 10:59 - 2015-05-20 10:59 - 00000000 ____D () C:\RegBackup
2015-05-20 10:50 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-05-20 10:50 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-05-20 10:50 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-05-20 10:50 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-05-20 10:50 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-05-20 10:50 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-05-20 10:50 - 2015-04-08 23:07 - 00410336 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-20 10:50 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-20 10:50 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-05-20 10:50 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-05-20 10:50 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-05-20 10:50 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-05-20 10:50 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-20 10:50 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-05-20 10:50 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-05-20 10:49 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-05-20 10:49 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-05-20 10:49 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-05-20 10:49 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-05-20 10:49 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-05-20 10:49 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-05-20 10:49 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-05-20 10:49 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-05-20 10:49 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-05-20 10:49 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-05-20 10:49 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-05-20 10:49 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-05-20 10:49 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-05-20 10:43 - 2015-05-20 10:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-05-20 00:25 - 2015-05-22 10:07 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 00:24 - 2015-05-20 00:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 00:24 - 2015-05-20 00:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-20 00:24 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-20 00:24 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-20 00:24 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-20 00:09 - 2015-05-20 00:09 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-20 00:08 - 2015-05-20 00:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-20 00:00 - 2015-05-20 00:01 - 16980568 _____ () C:\Users\Sven\Desktop\RogueKiller.exe
2015-05-19 23:02 - 2015-05-19 23:02 - 00000775 _____ () C:\Users\Public\Desktop\Speccy.lnk
2015-05-19 23:02 - 2015-05-19 23:02 - 00000000 ____D () C:\Program Files\Speccy
2015-05-19 22:55 - 2015-05-22 10:20 - 00000000 ____D () C:\FRST
2015-05-19 22:48 - 2015-05-22 10:20 - 00000000 ____D () C:\Users\Sven\Downloads\2015-05-18
2015-05-18 11:47 - 2015-05-18 11:48 - 12914632 _____ () C:\Users\Sven\Downloads\bankid_installation.exe
2015-05-17 17:22 - 2015-05-20 12:14 - 00000000 ____D () C:\AdwCleaner
2015-05-17 16:55 - 2015-05-20 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
2015-05-17 16:53 - 2015-05-17 17:21 - 00000000 ____D () C:\Users\Sven\Downloads\2015-05-17
2015-05-17 08:40 - 2015-05-17 08:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-13 02:58 - 2015-05-13 02:58 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-05-13 02:56 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:56 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:44 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 02:44 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 02:44 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 02:44 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 02:44 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 02:44 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 02:44 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 02:44 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 02:44 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 02:44 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 02:44 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 02:44 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 02:44 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 02:44 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 02:44 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 02:44 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 02:44 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 02:44 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 02:44 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 02:44 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 02:44 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 02:44 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 02:44 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 02:44 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 02:44 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 02:44 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 02:44 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 02:44 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 02:44 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 02:44 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 02:44 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 02:44 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 02:44 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 02:44 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 02:44 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 02:44 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 02:44 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 02:44 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 02:44 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 02:44 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 02:44 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 02:44 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 02:44 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 02:44 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 02:44 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 02:44 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 02:44 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 02:44 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 02:44 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 02:44 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 12:20 - 2015-05-12 12:20 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\Opera Software
2015-05-12 12:20 - 2015-05-12 12:20 - 00000000 ____D () C:\Users\Sven\AppData\Local\Opera Software
2015-05-12 12:18 - 2015-05-12 12:23 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-12 12:17 - 2015-05-12 12:29 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-06 20:19 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-06 09:05 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-06 09:05 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-29 21:24 - 2015-04-29 21:43 - 00000000 ____D () C:\ProgramData\SystemExplorer
2015-04-29 21:24 - 2015-04-29 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2015-04-29 21:24 - 2015-04-29 21:24 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2015-04-29 21:22 - 2015-04-29 21:22 - 01918240 _____ (Mister Group ) C:\Users\Sven\Downloads\SystemExplorerSetup_641.exe
2015-04-29 20:50 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-29 20:50 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-29 20:50 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-04-29 12:27 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-04-29 12:27 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-04-29 12:27 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-04-29 12:27 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 10:20 - 2014-01-18 19:10 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for REBEL-Sven Rebel
2015-05-22 10:18 - 2014-01-18 07:53 - 01194015 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 10:08 - 2014-01-18 17:12 - 00000000 __RDO () C:\Users\Sven\SkyDrive
2015-05-22 10:08 - 2014-01-18 05:41 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 10:08 - 2013-08-08 18:45 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-05-22 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-22 10:02 - 2013-08-08 18:45 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-05-22 10:02 - 2013-06-07 09:40 - 00001017 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-05-22 01:03 - 2014-05-27 14:30 - 00000418 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-05-22 01:02 - 2014-01-21 02:48 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\ClassicShell
2015-05-22 00:56 - 2014-06-27 17:26 - 00001012 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002UA.job
2015-05-22 00:45 - 2014-05-03 13:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-22 00:41 - 2014-01-18 05:41 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 17:57 - 2014-01-14 11:40 - 00000000 ____D () C:\Users\Sven\AppData\Local\CrashDumps
2015-05-21 17:56 - 2014-06-27 17:26 - 00000960 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002Core.job
2015-05-21 17:45 - 2014-09-22 05:18 - 00023228 _____ () C:\WINDOWS\setupact.log
2015-05-20 12:07 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-20 12:06 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-20 11:08 - 2014-01-09 15:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-20 11:08 - 2013-11-14 05:34 - 00090910 _____ () C:\WINDOWS\PFRO.log
2015-05-20 11:08 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-20 10:52 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-20 10:51 - 2015-03-27 19:53 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-20 10:51 - 2015-03-27 19:53 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-18 06:41 - 2014-01-19 06:20 - 00003152 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForSven
2015-05-18 06:41 - 2014-01-19 06:20 - 00000340 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForSven.job
2015-05-16 05:13 - 2014-04-11 11:36 - 00000000 ___RD () C:\Users\Sven\Desktop\Temp
2015-05-15 18:32 - 2014-01-18 19:14 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-15 18:32 - 2014-01-18 19:14 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-05-15 17:51 - 2014-06-27 17:26 - 00003956 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002UA
2015-05-15 17:51 - 2014-06-27 17:26 - 00003576 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2477815455-1767793343-2609628209-1002Core
2015-05-15 06:36 - 2014-01-18 05:41 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 06:36 - 2014-01-18 05:41 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 04:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-13 03:02 - 2014-01-20 23:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 03:02 - 2013-08-22 15:44 - 00591576 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 03:01 - 2014-01-20 23:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 02:58 - 2014-02-28 01:35 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-13 02:56 - 2014-01-17 23:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 02:51 - 2014-01-17 23:24 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 02:50 - 2014-03-15 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 02:46 - 2013-11-14 13:29 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-12 12:34 - 2014-02-28 01:34 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-09 23:47 - 2013-12-25 12:39 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-05 18:59 - 2014-08-14 23:04 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 18:59 - 2014-08-14 23:04 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-29 12:43 - 2014-11-16 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID sÃ¤kerhetsprogram
2015-04-29 12:43 - 2014-11-16 10:01 - 00000000 ____D () C:\Program Files (x86)\BankID
2015-04-29 12:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2014-04-17 14:54 - 2014-10-14 23:11 - 0009216 _____ () C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-21 13:34 - 2014-07-12 09:29 - 0007607 _____ () C:\Users\Sven\AppData\Local\Resmon.ResmonCfg
2014-12-30 18:16 - 2014-12-30 18:16 - 0000005 _____ () C:\ProgramData\RICOH Aficio SP 100 DDSTMonSet.bin
2014-12-30 18:14 - 2014-12-30 18:16 - 0000273 _____ () C:\ProgramData\RICOH Aficio SP 100 DDSTSDCREG.ini

Some files in TEMP:
====================
C:\Users\Sven\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Sven\AppData\Local\Temp\Extract.exe
C:\Users\Sven\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\Sven\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Sven\AppData\Local\Temp\pcspeedup.exe
C:\Users\Sven\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\Sven\AppData\Local\Temp\supoptsetup.exe
C:\Users\Sven\AppData\Local\Temp\SymCCIS.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-20 12:18

==================== End of log ============================

broni · 2015/05/22

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

skn · 2015/05/23

Hi

Here comes the log fileâ€¦
Should there have been some changes after running FRST.exeâ€¦.or should I have rebooted after that?

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Sven at 2015-05-23 07:46:33 Run:1
Running from C:\Users\Sven\Downloads\2015-05-18
Loaded Profiles: Sven & (Available profiles: Sven)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sven\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Task: {DC8ABC43-51AA-48AE-9901-91B95B57B5DA} - \Optimize Start Menu Cache Files-S-1-5-21-2477815455-1767793343-2609628209-500 No Task File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Sven\SkyDrive:ms-properties
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (No File)
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:63649;https=127.0.0.1:63649
RemoveProxy:
Toolbar: HKU\S-1-5-21-2477815455-1767793343-2609628209-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
2014-04-17 14:54 - 2014-10-14 23:11 - 0009216 _____ () C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-21 13:34 - 2014-07-12 09:29 - 0007607 _____ () C:\Users\Sven\AppData\Local\Resmon.ResmonCfg
2014-12-30 18:16 - 2014-12-30 18:16 - 0000005 _____ () C:\ProgramData\RICOH Aficio SP 100 DDSTMonSet.bin
2014-12-30 18:14 - 2014-12-30 18:16 - 0000273 _____ () C:\ProgramData\RICOH Aficio SP 100 DDSTSDCREG.ini
C:\Users\Sven\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Sven\AppData\Local\Temp\Extract.exe
C:\Users\Sven\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe
C:\Users\Sven\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Sven\AppData\Local\Temp\pcspeedup.exe
C:\Users\Sven\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\Sven\AppData\Local\Temp\supoptsetup.exe
C:\Users\Sven\AppData\Local\Temp\SymCCIS.dll
*****************

"HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key Deleted successfully.
"HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key Deleted successfully.
"HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => Key Deleted successfully.
"HKU\S-1-5-21-2477815455-1767793343-2609628209-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC8ABC43-51AA-48AE-9901-91B95B57B5DA}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC8ABC43-51AA-48AE-9901-91B95B57B5DA}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2477815455-1767793343-2609628209-500" => Key Deleted successfully.
C:\WINDOWS\SysWOW64\zlib.dll => ":DocumentSummaryInformation" ADS removed successfully.
C:\WINDOWS\SysWOW64\zlib.dll => ":SummaryInformation" ADS removed successfully.
C:\WINDOWS\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Sven\SkyDrive" => ":ms-properties" ADS not found.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key Deleted successfully.
C:\Program Files (x86)\AdFender\AdFender.exe not found.
"HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Deleted successfully.

========= RemoveProxy: =========

"HKU\S-1-5-21-2477815455-1767793343-2609628209-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key Deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Deleted successfully.
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Deleted successfully.
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Deleted successfully.
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Deleted successfully.
HKU\S-1-5-21-2477815455-1767793343-2609628209-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Deleted successfully.

========= End of RemoveProxy: =========

HKU\S-1-5-21-2477815455-1767793343-2609628209-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value Deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
BthHFEnum => Service Deleted successfully.
bthhfhid => Service Deleted successfully.
BthHFSrv => Service Deleted successfully.
C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Sven\AppData\Local\Resmon.ResmonCfg => Moved successfully.
C:\ProgramData\RICOH Aficio SP 100 DDSTMonSet.bin => Moved successfully.
C:\ProgramData\RICOH Aficio SP 100 DDSTSDCREG.ini => Moved successfully.
C:\Users\Sven\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Sven\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Sven\AppData\Local\Temp\HPConnectedMusicInstaller_100100128.exe => Moved successfully.
C:\Users\Sven\AppData\Local\Temp\LMkRstPt.exe => Moved successfully.
C:\Users\Sven\AppData\Local\Temp\pcspeedup.exe => Moved successfully.
C:\Users\Sven\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe => Moved successfully.
C:\Users\Sven\AppData\Local\Temp\supoptsetup.exe => Moved successfully.
C:\Users\Sven\AppData\Local\Temp\SymCCIS.dll => Moved successfully.

==== End of Fixlog 07:46:38 ====

broni · 2015/05/23

Please reboot.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

skn · 2015/05/24

Hi

SecurityCheck.exe log. (Your instructions are excellentâ€¦., but You left out how to figure out when it’s done. I hope I didn’t close it prematurely.)

Results of screen317's Security Check version 1.002
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (38.0.1)
Mozilla Thunderbird (31.7.0)
Google Chrome (42.0.2311.152)
Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

..and here is the other one

Farbar Service Scanner Version: 17-01-2015
Ran by Sven (administrator) on 24-05-2015 at 00:20:12
Running from "C:\Users\Sven\Desktop "
Microsoft Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll ".

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

skn · 2015/05/24

Ps

I do have lot of questionsâ€¦. but now I really got one I can’t let be.
Sophos Virus Removal Tool says my Pc is clean, but everything in Firefox still behaves the same weird way as before????
Except maybe, that the banner from the right side of the screen is gone and Malwarebytes Anti-Malware is blocking a site qoh.seeminvasions.com instead of the previous oneâ€¦.?
Am I too impatient here?

broni · 2015/05/24

Reset Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

If the above didn't help...

Uninstall Firefox completely using this manual: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer
NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
Install fresh copy.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

skn · 2015/05/24

Hi

Thank You for all the help! I really appreciate it!
Yes, refreshing Firefox did get rid of all the c.., or as far I can see anyway.
Can I do it again if things start to get weird again??
Did I have a virus? Because it was the c.. in Firefox that made me to wonderâ€¦I didn’t notice anything else weird on my pc. Well except maybe the fact that something kept interrupting the screensaver (something still does), but beyond that, "¦ I guess one could say I was clueless
Do You have the time to tell me what was wrong and what I should watch out for in the future? And if possible, I would very much like to know where I might have picked that sh.. up?
I really hope You can take the time to explain these things to meâ€¦ Iâ€™m trying to learn something about how and why, maybe then I don’t need to bother You so often in the futureâ€¦

broni · 2015/05/24

There was some adware and fake proxy set.
Nothing very serious.

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now ")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

skn · 2015/05/25

Hi

As far as I can tell, everything looks fine. So once more thank You very much for the help, could not have done it without Your excellent help.

PS. I recall something about closing the thread, but have no clue how to do thatâ€¦. If I remember it correctly You or somebody else did that last timeâ€¦. so even if I got it explained to me then, it was 4-5 years ago after all and my memory still isn’t what it should be

broni · 2015/05/25

Yes, I'll mark it as solved.

Good luck and stay safe

Log in or Sign up

Solved Problem with ads...?

broni Moderator Malware Analyst

skn Inactive Thread Starter

broni Moderator Malware Analyst

skn Inactive Thread Starter

skn Inactive Thread Starter

skn Inactive Thread Starter

skn Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

skn Inactive Thread Starter

broni Moderator Malware Analyst

skn Inactive Thread Starter

skn Inactive Thread Starter

broni Moderator Malware Analyst

skn Inactive Thread Starter

broni Moderator Malware Analyst

skn Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Problem with ads...?

broni Moderator Malware Analyst

skn Inactive Thread Starter

broni Moderator Malware Analyst

skn Inactive Thread Starter

skn Inactive Thread Starter

skn Inactive Thread Starter

skn Inactive Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

skn Inactive Thread Starter

broni Moderator Malware Analyst

skn Inactive Thread Starter

skn Inactive Thread Starter

broni Moderator Malware Analyst

skn Inactive Thread Starter

broni Moderator Malware Analyst

skn Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches