Just nu i M3-nätverket
Gå till innehåll

Seg dator med en rad problem


discord

Rekommendera Poster

Min dator mår inte bra. Den är ruskigt seg, grafikdrivrutinerna återställs ofta vilket några minuter senare leder till blåskärm, ibland fungerar den bara i några timmar och sen måste den stängas av och det är säkert fler problem med den.

 

Min logg:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Dan (administrator) on DAN-HP on 22-06-2015 19:57:28
Running from C:\Users\Dan\Downloads
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
() C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Run: [Google Update**.d<*>] => "C:\Users\Dan\AppData\Local\Google\Desktop\Install\{23ee8472-650e-10a1-3c9e-2eb0863ec604}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{23ee8472-650e-10a1-3c9e-2eb0863ec604}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [225752 2014-10-02] (Client Connect LTD)
AppInit_DLLs:  C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll File not found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [183768 2014-10-02] (Client Connect LTD)
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2015-06-08]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {1C3FFA7D-F2AA-4722-9B2C-2744629D0F35} => C:\Windows\System32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {1C3FFA7D-F2AA-4722-9B2C-2744629D0F35} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2652780602-1571902860-15739709-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3325578&octid=EB_ORIGINAL_CTID&ISID=M4859A38B-9739-42F9-92BD-9C510A0A6EAE&SearchSource=55&CUI=&UM=2&UP=SP58846771-4663-456E-9EB1-69A34277F863&SSPV=
HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2652780602-1571902860-15739709-1002 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2652780602-1571902860-15739709-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-2652780602-1571902860-15739709-1002 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-14] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-14] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKU\S-1-5-21-2652780602-1571902860-15739709-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16B07F8C-ECE5-4B00-8DF8-78EC59C6FD2C}: [NameServer] 8.26.56.26,156.154.70.22

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5p7rancf.default-1406390208078
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2014-09-04] (Cuminas Corporation)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-10-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-23] (Nullsoft, Inc.)
FF Plugin-x32: @se.nexus/Personal -> C:\Program Files (x86)\Personal\bin\np_prsnl.dll [2012-01-04] (Technology Nexus AB)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml [2014-03-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml [2014-03-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml [2014-03-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml [2014-03-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml [2014-03-01]
FF Extension: Hola Better Internet - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5p7rancf.default-1406390208078\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-01-31]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-04-12] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
S4 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3015128 2014-10-02] (Client Connect LTD)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
S4 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [662104 2012-09-16] (Genie9)
S4 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [7472616 2015-01-31] (Hola Networks Ltd.)
S4 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [7472616 2015-01-31] (Hola Networks Ltd.)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
S4 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1379840 2012-10-10] () [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
S4 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider) [File not signed]
U1 StarOpen; No ImagePath
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 19:57 - 2015-06-22 20:00 - 00021766 _____ C:\Users\Dan\Downloads\FRST.txt
2015-06-22 19:55 - 2015-06-22 19:57 - 00000000 ____D C:\FRST
2015-06-22 19:44 - 2015-06-22 19:44 - 02109952 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe
2015-06-21 13:18 - 2015-06-22 13:27 - 00016765 _____ C:\Users\Dan\Desktop\dfgds1.odt
2015-06-19 13:11 - 2015-06-19 13:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC7C7DFD-E35F-4D4B-9B4A-4E26E3635659}
2015-06-16 20:10 - 2015-06-16 20:10 - 00000000 ____D C:\Users\Public\Documents\sun
2015-06-16 20:08 - 2015-06-16 20:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\LibreOffice
2015-06-15 20:55 - 2015-06-15 20:55 - 00001474 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-06-15 20:55 - 2015-06-15 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-15 20:52 - 2015-06-15 20:55 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-06-11 08:08 - 2015-06-10 18:40 - 00016340 _____ C:\Users\Dan\Documents\dfgds.docx_1_1.odt
2015-06-10 19:37 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 19:37 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 19:37 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 19:37 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 19:37 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 19:37 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 19:37 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 19:37 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 19:37 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 19:37 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 19:37 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 19:37 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 19:37 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 19:37 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 19:37 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 19:37 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 19:37 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 19:37 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 19:37 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 19:37 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 19:37 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 19:37 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 19:37 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 19:37 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 19:37 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 19:37 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 19:37 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 19:37 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 19:37 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 19:37 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 19:37 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 19:37 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 19:37 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 19:37 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 19:37 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 19:37 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 19:37 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 19:37 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 19:37 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 19:37 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 19:37 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 19:37 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 19:37 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 19:37 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 19:37 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 19:37 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 19:37 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 19:37 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 19:37 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 19:37 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 19:37 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 19:37 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 19:37 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 19:37 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 19:37 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 19:37 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 19:37 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 19:37 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 19:37 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 19:37 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 19:35 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 19:35 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 19:35 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 19:35 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 19:35 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 19:35 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 19:35 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 19:35 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 19:35 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 19:35 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 19:30 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 19:30 - 2015-05-09 04:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 19:30 - 2015-05-09 04:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 19:30 - 2015-05-09 04:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 19:30 - 2015-05-09 04:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 19:30 - 2015-05-09 04:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 19:30 - 2015-05-09 04:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 19:30 - 2015-05-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 19:30 - 2015-05-09 04:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 19:30 - 2015-05-09 04:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 19:30 - 2015-05-09 04:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 19:30 - 2015-05-09 04:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 19:30 - 2015-05-09 04:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 19:30 - 2015-05-09 04:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 03:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 19:30 - 2015-05-09 03:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 19:30 - 2015-05-09 02:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 19:30 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 19:30 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 17:20 - 2015-06-09 16:28 - 00015695 _____ C:\Users\Dan\Documents\dfgds.docx_1.odt
2015-06-09 19:25 - 2015-06-09 19:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{706E4D80-C3C8-42AD-BC61-21687F253591}
2015-06-09 12:14 - 2015-06-09 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{477A4BA8-E1CD-4F01-977E-04788CDB4B02}
2015-06-07 23:46 - 2015-06-07 23:46 - 01646208 ____N C:\Windows\Minidump\060815-21481-01.dmp
2015-06-02 21:58 - 2015-06-01 15:04 - 00009657 _____ C:\Users\Dan\Documents\nyckling.ods_1.ods
2015-06-02 21:45 - 2015-06-02 21:45 - 00000090 ____H C:\Users\Dan\Downloads\.~lock.Nomenklatur.odt#
2015-05-28 21:39 - 2015-05-28 21:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{9665E230-C4C0-4592-BDE1-1AF625291BA5}
2015-05-28 16:16 - 2015-05-28 16:37 - 00029211 _____ C:\Users\Dan\Documents\reflektion.odt
2015-05-27 08:26 - 2015-05-27 08:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{5AB1F9E9-7B85-4E54-BE60-7007F23F9C5C}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 19:08 - 2012-09-10 10:30 - 00000868 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-22 19:04 - 2011-06-24 08:16 - 02055835 _____ C:\Windows\WindowsUpdate.log
2015-06-22 17:42 - 2009-07-14 05:51 - 00301582 _____ C:\Windows\setupact.log
2015-06-22 12:54 - 2011-07-22 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\Last.fm
2015-06-22 12:52 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-22 12:52 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-22 12:48 - 2011-04-29 00:00 - 06426854 _____ C:\Windows\system32\perfh01D.dat
2015-06-22 12:48 - 2011-04-29 00:00 - 02163386 _____ C:\Windows\system32\perfc01D.dat
2015-06-22 12:48 - 2009-07-14 06:13 - 00006272 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-22 12:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-21 19:42 - 2014-10-22 14:06 - 00000000 ____D C:\Windows\rescache
2015-06-21 09:11 - 2011-07-22 19:18 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2015-06-18 13:00 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-16 18:58 - 2011-07-21 17:53 - 00073584 _____ C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 18:53 - 2009-07-14 05:45 - 00329048 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 18:52 - 2013-08-12 11:56 - 00000000 ____D C:\ProgramData\Avira
2015-06-16 18:52 - 2010-11-21 04:47 - 00563282 _____ C:\Windows\PFRO.log
2015-06-15 16:35 - 2014-11-14 20:03 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-15 16:35 - 2013-08-12 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-15 16:34 - 2013-08-12 11:56 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-12 05:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 09:18 - 2013-08-12 11:58 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 09:18 - 2013-08-12 11:58 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-08 17:29 - 2011-09-22 14:55 - 00000000 ____D C:\Windows\Minidump
2015-05-27 13:34 - 2009-07-14 06:08 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-23 14:02 - 2011-07-21 17:46 - 00000000 ____D C:\Users\Dan

==================== Files in the root of some directories =======

2014-04-18 19:51 - 2014-04-18 19:51 - 0000268 ___RH () C:\Users\Dan\AppData\Roaming\Digital Basic
2014-04-18 19:50 - 2014-04-18 19:50 - 0000268 ___RH () C:\Users\Dan\AppData\Roaming\Digital Light
2013-08-14 21:23 - 2013-08-14 21:23 - 0007605 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2011-09-21 10:45 - 2011-09-21 10:45 - 0017408 _____ () C:\Users\Dan\AppData\Local\WebpageIcons.db
2014-04-18 19:51 - 2014-04-18 19:51 - 0000268 ___RH () C:\ProgramData\Displays
2014-04-18 19:50 - 2014-04-18 19:50 - 0000268 ___RH () C:\ProgramData\Distortion
2014-04-18 19:33 - 2014-11-08 17:51 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2014-04-18 19:51 - 2014-04-18 19:51 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
ZeroAccess:
C:\Users\Dan\AppData\Local\Google\Desktop\Install

Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\avgnt.exe
C:\Users\Dan\AppData\Local\Temp\InstallFlashPlayer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-21 19:23

==================== End of log ============================

Länk till kommentar
Dela på andra webbplatser

1. Det finns reklamprogram i datorn.

Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på knappen Log file.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

 

 

2. Angående Hola: http://www.idg.se/2.1085/1.629271/hola-ar-varre-sakerhetshot-an-man-trott--kan-starta-program-pa-din-dator

Länk till kommentar
Dela på andra webbplatser

 

Jag har hört en del negativt om hola så jag förstår att jag borde ta bort det men min fråga är, finns det något liknande program som är lika simpelt och där man kan pendla mellan olika länder på ett liknande sätt? Om inte, hur farligt är det? Jag har inget viktigt i datorn, loggar inte in på banken. Det enda jag gör är att logga in på e-post(borde jag ta bort hola och byta lösenord?)

 

Här är loggen i alla fall:

# AdwCleaner v4.207 - Logfile created 23/06/2015 at 18:26:17

# Updated 21/06/2015 by Xplode

# Database : 2015-06-21.2 [server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Dan - DAN-HP

# Running from : C:\Users\Dan\Downloads\adwcleaner_4.207.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : CltMngSvc

Service Found : hola_svc

Service Found : hola_updater

 

***** [ Files / Folders ] *****

 

File Found : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb

File Found : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

Folder Found : C:\Program Files (x86)\MyPC Backup

Folder Found : C:\Program Files (x86)\SearchProtect

Folder Found : C:\Program Files\Hola

Folder Found : C:\ProgramData\Trymedia

Folder Found : C:\Users\Dan\AppData\Local\Conduit

Folder Found : C:\Users\Dan\AppData\Local\SearchProtect

Folder Found : C:\Users\Dan\Documents\Updater

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\GeekBuddyRSP

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKLM\SOFTWARE\SearchProtect

Key Found : HKLM\SOFTWARE\SPPDCOM

Key Found : HKLM\SOFTWARE\Trymedia Systems

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}

Key Found : HKU\.DEFAULT\Software\GeekBuddyRSP

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17840

 

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3325578&octid=EB_ORIGINAL_CTID&ISID=M4859A38B-9739-42F9-92BD-9C510A0A6EAE&SearchSource=55&CUI=&UM=2&UP=SP58846771-4663-456E-9EB1-69A34277F863&SSPV=

 

-\\ Mozilla Firefox v25.0 (sv-SE)

 

 

-\\ Google Chrome v

 

 

*************************

 

AdwCleaner[R0].txt - [2684 bytes] - [23/06/2015 18:26:17]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2743 bytes] ##########

 

 

 

2. Angående Hola: http://www.idg.se/2.1085/1.629271/hola-ar-varre-sakerhetshot-an-man-trott--kan-starta-program-pa-din-dator

Länk till kommentar
Dela på andra webbplatser

 

Jag har hört en del negativt om hola så jag förstår att jag borde ta bort det men min fråga är, finns det något liknande program som är lika simpelt och där man kan pendla mellan olika länder på ett liknande sätt?

 

https://zenmate.com/

Länk till kommentar
Dela på andra webbplatser

Hola stjäl inga lösenord eller annat (för närvarande) men kan hyra ut din internetanslutning till andra, t ex för kriminella aktiviteter som DDoS-attacker, vilket kan leda till att du får problem med polisen.

https://sv.wikipedia.org/wiki/Denial_of_Service

 

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt.

 

 

2. Starta FRST.

Bocka för Addition.txt.

Skanna med programmet och klistra in (eller bifoga) de två nya loggfilerna.

 

 

3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Det finns ett problem som uppkommer väldigt ofta, shockwave slutar svara väldigt ofta  och alla videofiler som är igång i firefox kraschar,

 

Här kommer fyra loggat(eset, adwcleaner, first och addition)

 

Esetlogg:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\DEL_MPCBClient.dll.vir    a variant of Win32/MyPCBackup.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\DEL_MyPC Backup.exe.vir    MSIL/MyPCBackup.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir    a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir    a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir    a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir    a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir    a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir    a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir    a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir    a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dan\AppData\Local\Conduit\spcon\1.1.0.5\embededstub.exe.vir    a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll    Win32/OpenCandy potentially unsafe application
C:\Users\Dan\AppData\Local\Temp\acro_rd_dir\B9DF.tmp    multiple threats
C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\f64a8a5-32baa9cf    multiple threats
C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4f4491e8-7bf92b49    Java/Exploit.Agent.NHU trojan
C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\43e240a9-68595f83    multiple threats
C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll    a variant of Win32/ClientConnect.A potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOCDJ4AW\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\temp\nse8D55.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsi3F54.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsm23D8.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsoE708.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsp752C.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsqA52.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nst29D9.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nstB1B.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nstD52E.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsuD4E7.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsuF71F.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nswC96D.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsy6BF6.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsyE479.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsz1DC2.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\nsz561F.exe    Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Windows\temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
F:\från den gamla hårddisken\bildr\winamp565_full_emusic-7plus_sv-se.exe    Win32/OpenCandy potentially unsafe application
F:\från den gamla hårddisken\musik från stora partitionen\blandat mappar\samlingsmapp\Blandat\avira_free_antivirus_en.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\samligsmapp\vidplaya_nsv2_setup.exe    a variant of Win32/OpenCandy.C potentially unsafe application
F:\samligsmapp\Zylom-Installer_Dynomite_SE.exe    Win32/OpenCandy potentially unsafe application
 

 

ADWcleaner:

# AdwCleaner v4.207 - Logfile created 24/06/2015 at 08:22:50
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dan - DAN-HP
# Running from : C:\Users\Dan\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : CltMngSvc
[#] Service Deleted : hola_svc
[#] Service Deleted : hola_updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files\Hola
Folder Deleted : C:\Users\Dan\AppData\Local\Conduit
Folder Deleted : C:\Users\Dan\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Dan\AppData\Local\Hola
Folder Deleted : C:\Users\Dan\Documents\Updater
File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v38.0.5 (x86 sv-SE)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2846 bytes] - [23/06/2015 18:26:17]
AdwCleaner[R1].txt - [2959 bytes] - [24/06/2015 08:19:53]
AdwCleaner[s0].txt - [2708 bytes] - [24/06/2015 08:22:50]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2767  bytes] ##########
 

 

 

 

 

 

Firstlogg:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Dan (administrator) on DAN-HP on 24-06-2015 08:32:33
Running from C:\Users\Dan\Downloads
Loaded Profiles: Dan (Available Profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Run: [Google Update**.d<*>] => "C:\Users\Dan\AppData\Local\Google\Desktop\Install\{23ee8472-650e-10a1-3c9e-2eb0863ec604}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{23ee8472-650e-10a1-3c9e-2eb0863ec604}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll File not found
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2015-06-08]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)
ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {1C3FFA7D-F2AA-4722-9B2C-2744629D0F35} => C:\Windows\System32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {1C3FFA7D-F2AA-4722-9B2C-2744629D0F35} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2652780602-1571902860-15739709-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-14] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-14] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKU\S-1-5-21-2652780602-1571902860-15739709-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{16B07F8C-ECE5-4B00-8DF8-78EC59C6FD2C}: [NameServer] 8.26.56.26,156.154.70.22

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5p7rancf.default-1406390208078
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2014-09-04] (Cuminas Corporation)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-10-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-23] (Nullsoft, Inc.)
FF Plugin-x32: @se.nexus/Personal -> C:\Program Files (x86)\Personal\bin\np_prsnl.dll [2012-01-04] (Technology Nexus AB)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2652780602-1571902860-15739709-1002: @hola.org/vlc,version=1.8.369 -> C:\Users\Dan\AppData\Local\Hola\firefox\app\vlc [2015-06-24] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2009-10-23] (Zylom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml [2015-06-23]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml [2015-06-23]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml [2015-06-23]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml [2015-06-23]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml [2015-06-23]
FF Extension: Hola Better Internet - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5p7rancf.default-1406390208078\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-05-27]
FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5p7rancf.default-1406390208078\Extensions\firefox@zenmate.com.xpi [2015-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-01-31]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-04-12] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
S4 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [662104 2012-09-16] (Genie9)
S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
S4 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1379840 2012-10-10] () [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)
S4 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-19] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider) [File not signed]
U1 StarOpen; No ImagePath
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 08:32 - 2015-06-24 08:32 - 00000000 ____D C:\Users\Dan\AppData\Local\Hola
2015-06-24 07:43 - 2015-06-24 08:17 - 387917699 _____ C:\Users\Dan\Downloads\ss-Nena_Sidney.rar
2015-06-23 19:16 - 2015-06-23 19:16 - 00000000 ____D C:\Users\Dan\Downloads\Hola
2015-06-23 18:25 - 2015-06-24 08:24 - 00000000 ____D C:\AdwCleaner
2015-06-23 08:21 - 2015-06-23 08:21 - 02244096 _____ C:\Users\Dan\Downloads\adwcleaner_4.207.exe
2015-06-23 08:20 - 2015-06-23 08:21 - 02244096 _____ C:\Users\Dan\Downloads\adwcleaner_4.207(1).exe
2015-06-22 20:20 - 2015-06-22 20:20 - 00041286 _____ C:\Users\Dan\Desktop\Addition.txt
2015-06-22 20:02 - 2015-06-22 20:06 - 00041286 _____ C:\Users\Dan\Downloads\Addition.txt
2015-06-22 19:57 - 2015-06-24 08:36 - 00019751 _____ C:\Users\Dan\Downloads\FRST.txt
2015-06-22 19:55 - 2015-06-24 08:33 - 00000000 ____D C:\FRST
2015-06-22 19:44 - 2015-06-22 19:44 - 02109952 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe
2015-06-21 13:18 - 2015-06-22 13:27 - 00016765 _____ C:\Users\Dan\Desktop\dfgds1.odt
2015-06-19 13:11 - 2015-06-19 13:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC7C7DFD-E35F-4D4B-9B4A-4E26E3635659}
2015-06-16 20:10 - 2015-06-16 20:10 - 00000000 ____D C:\Users\Public\Documents\sun
2015-06-16 20:08 - 2015-06-16 20:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\LibreOffice
2015-06-15 20:55 - 2015-06-15 20:55 - 00001474 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk
2015-06-15 20:55 - 2015-06-15 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-06-15 20:52 - 2015-06-15 20:55 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-06-11 08:08 - 2015-06-10 18:40 - 00016340 _____ C:\Users\Dan\Documents\dfgds.docx_1_1.odt
2015-06-10 19:37 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 19:37 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 19:37 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 19:37 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 19:37 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 19:37 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 19:37 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 19:37 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 19:37 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 19:37 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 19:37 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 19:37 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 19:37 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 19:37 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 19:37 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 19:37 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 19:37 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 19:37 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 19:37 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 19:37 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 19:37 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 19:37 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 19:37 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 19:37 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 19:37 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 19:37 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 19:37 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 19:37 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 19:37 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 19:37 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 19:37 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 19:37 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 19:37 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 19:37 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 19:37 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 19:37 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 19:37 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 19:37 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 19:37 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 19:37 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 19:37 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 19:37 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 19:37 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 19:37 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 19:37 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 19:37 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 19:37 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 19:37 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 19:37 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 19:37 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 19:37 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 19:37 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 19:37 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 19:37 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 19:37 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 19:37 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 19:37 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 19:37 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 19:37 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 19:37 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 19:35 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 19:35 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 19:35 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 19:35 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 19:35 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 19:35 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 19:35 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 19:35 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 19:35 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 19:35 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 19:30 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 19:30 - 2015-05-09 04:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 19:30 - 2015-05-09 04:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 19:30 - 2015-05-09 04:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 19:30 - 2015-05-09 04:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 19:30 - 2015-05-09 04:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 19:30 - 2015-05-09 04:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 19:30 - 2015-05-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 19:30 - 2015-05-09 04:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 19:30 - 2015-05-09 04:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 19:30 - 2015-05-09 04:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 19:30 - 2015-05-09 04:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 19:30 - 2015-05-09 04:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 19:30 - 2015-05-09 04:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 03:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 19:30 - 2015-05-09 03:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 19:30 - 2015-05-09 02:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 19:30 - 2015-05-09 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 19:30 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 19:30 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 17:20 - 2015-06-09 16:28 - 00015695 _____ C:\Users\Dan\Documents\dfgds.docx_1.odt
2015-06-09 19:25 - 2015-06-09 19:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{706E4D80-C3C8-42AD-BC61-21687F253591}
2015-06-09 12:14 - 2015-06-09 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{477A4BA8-E1CD-4F01-977E-04788CDB4B02}
2015-06-07 23:46 - 2015-06-07 23:46 - 01646208 ____N C:\Windows\Minidump\060815-21481-01.dmp
2015-06-02 21:58 - 2015-06-01 15:04 - 00009657 _____ C:\Users\Dan\Documents\nyckling.ods_1.ods
2015-06-02 21:45 - 2015-06-02 21:45 - 00000090 ____H C:\Users\Dan\Downloads\.~lock.Nomenklatur.odt#
2015-05-28 21:39 - 2015-05-28 21:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{9665E230-C4C0-4592-BDE1-1AF625291BA5}
2015-05-28 16:16 - 2015-05-28 16:37 - 00029211 _____ C:\Users\Dan\Documents\reflektion.odt
2015-05-27 08:26 - 2015-05-27 08:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{5AB1F9E9-7B85-4E54-BE60-7007F23F9C5C}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 08:33 - 2011-06-24 08:16 - 01057039 _____ C:\Windows\WindowsUpdate.log
2015-06-24 08:33 - 2011-04-29 00:00 - 06477518 _____ C:\Windows\system32\perfh01D.dat
2015-06-24 08:33 - 2011-04-29 00:00 - 02181082 _____ C:\Windows\system32\perfc01D.dat
2015-06-24 08:33 - 2009-07-14 06:13 - 00006272 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 08:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 08:27 - 2009-07-14 05:51 - 00301862 _____ C:\Windows\setupact.log
2015-06-24 08:08 - 2012-09-10 10:30 - 00000868 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 07:41 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 07:41 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 07:28 - 2012-07-02 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-23 19:13 - 2013-08-18 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-22 22:35 - 2014-11-21 20:04 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieBrowserModeList
2015-06-22 22:35 - 2014-04-28 19:52 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieUserList
2015-06-22 22:35 - 2014-04-28 19:52 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieSiteList
2015-06-22 12:54 - 2011-07-22 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\Last.fm
2015-06-21 19:42 - 2014-10-22 14:06 - 00000000 ____D C:\Windows\rescache
2015-06-21 09:11 - 2011-07-22 19:18 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps
2015-06-18 13:00 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-16 18:58 - 2011-07-21 17:53 - 00073584 _____ C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-16 18:53 - 2009-07-14 05:45 - 00329048 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 18:52 - 2013-08-12 11:56 - 00000000 ____D C:\ProgramData\Avira
2015-06-16 18:52 - 2010-11-21 04:47 - 00563282 _____ C:\Windows\PFRO.log
2015-06-15 16:35 - 2014-11-14 20:03 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-15 16:35 - 2013-08-12 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-15 16:34 - 2013-08-12 11:56 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-12 05:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 09:18 - 2013-08-12 11:58 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 09:18 - 2013-08-12 11:58 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-08 17:29 - 2011-09-22 14:55 - 00000000 ____D C:\Windows\Minidump
2015-05-27 13:34 - 2009-07-14 06:08 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-04-18 19:51 - 2014-04-18 19:51 - 0000268 ___RH () C:\Users\Dan\AppData\Roaming\Digital Basic
2014-04-18 19:50 - 2014-04-18 19:50 - 0000268 ___RH () C:\Users\Dan\AppData\Roaming\Digital Light
2013-08-14 21:23 - 2013-08-14 21:23 - 0007605 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
2011-09-21 10:45 - 2011-09-21 10:45 - 0017408 _____ () C:\Users\Dan\AppData\Local\WebpageIcons.db
2014-04-18 19:51 - 2014-04-18 19:51 - 0000268 ___RH () C:\ProgramData\Displays
2014-04-18 19:50 - 2014-04-18 19:50 - 0000268 ___RH () C:\ProgramData\Distortion
2014-04-18 19:33 - 2014-11-08 17:51 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2014-04-18 19:51 - 2014-04-18 19:51 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
ZeroAccess:
C:\Users\Dan\AppData\Local\Google\Desktop\Install

Some files in TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\avgnt.exe
C:\Users\Dan\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.369.exe
C:\Users\Dan\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Dan\AppData\Local\Temp\Quarantine.exe
C:\Users\Dan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-21 19:23

==================== End of log ============================

 

 

 

 

Additionlogg:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Dan at 2015-06-24 08:39:36
Running from C:\Users\Dan\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-2652780602-1571902860-15739709-500 - Administrator - Disabled)
Dan (S-1-5-21-2652780602-1571902860-15739709-1002 - Administrator - Enabled) => C:\Users\Dan
Gäst (S-1-5-21-2652780602-1571902860-15739709-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2652780602-1571902860-15739709-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.03) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{E04A3037-2F82-C518-D6CA-A63497D3872F}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)
BankID säkerhetsprogram 4.18.3 (HKLM-x32\...\Personal) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Beneath a Steel Sky (HKLM-x32\...\Beneath a Steel Sky_is1) (Version:  - GOG.com)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version:  - Blurb, Inc)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.4.7 - NIKON CORPORATION)
ccc-core-static (x32 Version: 2011.0304.1135.20703 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Contenta CR2 Converter (HKLM-x32\...\ContentaCR2Converter) (Version:  - Contenta Software)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepBurner Pro v1.9.0.228 (HKLM-x32\...\{1AD22277-7A1E-71EC-B27D-EB7A22BED143}) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Document Express DjVu Plug-in (HKLM-x32\...\{F2ED93C5-5F97-49D3-873A-81088D25F7BA}) (Version: 6.1.34387 - Cuminas Corporation)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragonsphere (HKLM-x32\...\Dragonsphere_is1) (Version:  - GOG.com)
Dynomite (HKLM-x32\...\0e06a639dd5fa24449cc919aa633bfe0) (Version:  - )
Dynomite Deluxe (HKLM-x32\...\a3bc6ee10dba91efca2bbc75931a4c96) (Version:  - Zylom)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 5.02 - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Fallout (HKLM-x32\...\Fallout_is1) (Version:  - GOG.com)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
GeekBuddy (HKLM-x32\...\{C5DF93B9-89DF-40AF-BD79-B172B27AC977}) (Version: 4.8.66 - Comodo Security Solutions Inc)
Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 3.0 - Genie9)
Google Translator (HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Google Translator) (Version:  - Opera widgets)
Guitar Pro (HKLM-x32\...\Guitar Pro6.0.1.7840) (Version: 6.0.1.7840 - MKN)
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hola™ 1.6.485 - Better Internet (HKLM\...\Hola) (Version: 1.6.485 - Hola Networks Ltd.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{B97E3520-C726-475E-BC0C-7561952633AB}) (Version: 1.2.1 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6280EB8F-CAA5-40B9-B253-0B96CAFD011D}) (Version: 4.1.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LaCie Desktop Manager 1.5.5 (HKLM\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 1.5.5 - LaCie)
Last.fm Scrobbler 2.1.30 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Lure of the Temptress (HKLM-x32\...\Lure of the Temptress_is1) (Version:  - GOG.com)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.61.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile Language Pack - SVE (HKLM\...\Microsoft .NET Framework 4 Client Profile SVE Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended Language Pack - SVE (HKLM\...\Microsoft .NET Framework 4 Extended SVE Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 sv-SE)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice.org 3.3 (HKLM-x32\...\{5F51441D-48C6-4308-9824-5D34211BB715}) (Version: 3.3.9567 - OpenOffice.org)
Opera 11.50 (HKLM-x32\...\Opera 11.50.1074) (Version: 11.50.1074 - Opera Software ASA)
Paradise Pet Salon (HKLM-x32\...\BFG-Paradise Pet Salon) (Version:  - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
PSD Viewer (HKLM-x32\...\{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1) (Version:  - IdeaMK)
RawShooter essentials 2005 (HKLM-x32\...\RawShooter essentials 2005) (Version: 1.1.2 - Pixmantec)
RawShooter essentials 2006 (HKLM-x32\...\RawShooter essentials 2006) (Version: 1.5.0 - Pixmantec)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.3 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.21 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wuala (HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Wuala) (Version: 1.0.391.0 - LaCie)
Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.102.0 - LaCie)
Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.1 - LaCie)
Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2652780602-1571902860-15739709-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2652780602-1571902860-15739709-1002_Classes\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}\InprocServer32 -> C:\ProgramData\Windows\msseedir.dll No File

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2012-06-28 13:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C584660-6510-431E-8826-DE25B5272A47} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {1E6F2B12-1FD0-4713-BFAC-7D816AAA3D30} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {2F49839F-CFD1-480E-A1C4-1C028298917F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-10] (CyberLink)
Task: {4909298F-E8E0-453A-A396-FC955F3F945C} - System32\Tasks\{E581CCE8-0B1B-4D16-A8A6-6B416D67972C} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {6E9D99F6-46C0-4271-B95B-8B9C0A87B520} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {CD51D3F1-2D0D-489A-8351-D8CBF5C5350A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {D8B04AB3-1BD4-4347-9B0C-AC8C162646DB} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {F6332D16-2E44-4C51-A56F-C11A6F40EA29} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-22] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-04 20:43 - 2011-03-04 20:43 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2011-03-04 20:44 - 2011-03-04 20:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-01-17 15:19 - 2011-07-21 21:40 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\hola.org -> hxxp://hola.org


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.26.56.26 - 156.154.70.22

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: GenieTimelineService => 2
MSCONFIG\Services: hola_svc => 2
MSCONFIG\Services: hola_updater => 2
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: LaCieDesktopManagerService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ogmservice => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: XobniService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk => C:\Windows\pss\BankID säkerhetsprogram.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: gbrspcontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: hola => C:\Program Files\Hola\app\hola.exe --silent
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: LaCie Desktop Manager Launcher => "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"
MSCONFIG\startupreg: LaCie Desktop Manager Startup => "C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{410EF226-436C-43C3-9548-F23324446E0E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B349E567-7D67-4AF5-8B15-77A309F25605}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FDCA7994-F7DC-4D8C-AE67-362C854C1E5B}] => (Allow) LPort=2869
FirewallRules: [{B4117C62-BC65-4D0D-8B5B-A562263848E7}] => (Allow) LPort=1900
FirewallRules: [{34616BDD-178F-4909-9FE9-CC776396CCFC}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{8EBEA271-3747-40EA-A13E-F4C6F02023EB}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{764BBFA7-E659-4CCA-9370-55F6C74A4CAC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{98D4DA32-A7BF-49E5-9E91-7F0739381D13}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{ADCE8483-97E2-4671-8796-11A72712CBFA}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
FirewallRules: [{470883FC-F594-4D1D-B6D4-171654FEE37B}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
FirewallRules: [{EDA854DF-C4E2-45E0-BFB5-CA37D1452AF0}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{8E0B0A36-2517-4F5F-B1FA-CB97404934A5}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
FirewallRules: [{ABF7FC34-8A05-4C6A-9629-2D2BC2C0E652}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{9FA53E93-5275-4DB8-9256-2ECC51A41DA6}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{684E568D-82CA-4938-BF19-9F710C079E50}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [uDP Query User{0BFCC4F3-318D-4F18-B38F-F4AECC7146CB}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [TCP Query User{B1410B4B-A427-4E9B-A9E5-89907D125A90}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [uDP Query User{3AD8FC20-5855-445D-AF51-F9511CB4A29F}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{CE1A81E4-E2EF-4982-A54A-672AF4D81458}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [uDP Query User{5902D0FD-6280-4653-8040-3F1FE7B8EB86}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{565286B8-F5B0-4587-96DC-4EEFCF43A121}C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{B76A7729-6CAD-4F62-9F45-7C63AF424503}C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{CE9DF86D-A3BA-4B95-8FC7-0C07C9FD84F9}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{C10C1B48-9876-47A8-B15C-1163C87A3ED4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{A9F8EF43-E35D-443A-B151-3C0E97D92F24}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{60C5ED8C-A744-4736-BDC3-3D6FD9A9B3A1}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{97FB5B4E-5EC4-4565-AF62-4B78D2E59615}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48F38768-4D0B-41BE-BA84-352AC7B1F8EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E30AD5DB-670B-4F81-9B80-FE3F959C0B25}C:\users\dan\appdata\local\hola\firefox\app\hola_plugin.exe] => (Block) C:\users\dan\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [uDP Query User{C84D5A22-5B85-4757-A5A6-F61F75C643CB}C:\users\dan\appdata\local\hola\firefox\app\hola_plugin.exe] => (Block) C:\users\dan\appdata\local\hola\firefox\app\hola_plugin.exe

==================== Faulty Device Manager Devices =============

Name: BlueStacks Hypervisor
Description: BlueStacks Hypervisor
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BstHdDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)
Description: Det gick inte att avinstallera prestandaräknarsträngarna för tjänsten WmiApRpl (WmiApRpl). Felkoden finns i datasektionens första DWORD.

Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

Error: (06/24/2015 08:28:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2015 07:35:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)
Description: Det gick inte att avinstallera prestandaräknarsträngarna för tjänsten WmiApRpl (WmiApRpl). Felkoden finns i datasektionens första DWORD.

Error: (06/24/2015 07:35:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

Error: (06/24/2015 07:35:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

Error: (06/24/2015 07:29:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 06:10:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)
Description: Det gick inte att avinstallera prestandaräknarsträngarna för tjänsten WmiApRpl (WmiApRpl). Felkoden finns i datasektionens första DWORD.

Error: (06/23/2015 06:10:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.


System errors:
=============
Error: (06/24/2015 08:30:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten HP Wireless Assistant Service kunde inte startas på grund av följande fel:
%%1053

Error: (06/24/2015 08:30:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten HP Wireless Assistant Service skulle ansluta.

Error: (06/24/2015 08:27:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:
CFRMD

Error: (06/24/2015 08:27:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten BlueStacks Hypervisor kunde inte startas på grund av följande fel:
%%2

Error: (06/24/2015 08:25:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\Windows\system32\athihvs.dll

Error: (06/24/2015 08:25:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\Windows\system32\athihvs.dll

Error: (06/24/2015 08:25:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Print Spooler kunde inte startas på grund av följande fel:
%%1069

Error: (06/24/2015 08:25:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Tjänsten Spooler kunde inte logga in som NT AUTHORITY\SYSTEM med det för närvarande konfigurerade lösenordet på grund av följande fel:
%%50

Kontrollera att tjänsten är korrekt konfigurerad med hjälp av snapin-modulen Tjänster i MMC (Microsoft Management Console).

Error: (06/24/2015 08:25:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)
Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

Modulsökväg: C:\Windows\system32\athihvs.dll

Error: (06/24/2015 08:24:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Print Spooler avslutades oväntat. Den har gjort detta 2 gång(er). Följande åtgärd kommer att utföras om 60000 millisekunder: Starta om tjänsten.


Microsoft Office:
=========================
Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Performance1637070000000000000000000009030000

Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Performance1637070000000000000000000009030000

Error: (06/24/2015 08:28:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2015 07:35:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (06/24/2015 07:35:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Performance1637070000000000000000000009030000

Error: (06/24/2015 07:35:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Performance1637070000000000000000000009030000

Error: (06/24/2015 07:29:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2015 06:10:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (06/23/2015 06:10:34 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2013-01-03 09:28:10.597
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-03 09:28:10.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-28 13:45:35.107
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-28 13:45:35.060
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 80%
Total physical RAM: 1642.9 MB
Available physical RAM: 323.56 MB
Total Pagefile: 3285.8 MB
Available Pagefile: 1660.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.34 GB) (Free:172.19 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.45 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:431.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 223EB1DC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A01E24C5)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Länk till kommentar
Dela på andra webbplatser

1. Adobe Flash Player 16
Uppdatera Flash Player eftersom du har en gammal version med många kända säkerhetshål som kan utnyttjas av en webbsida för att infektera datorn. Det är alltså olämpligt att inaktivera dess automatiska uppdatering.

2. Java 7 Update 7
Avinstallera eller uppdatera Java eftersom du har en gammal version med många kända säkerhetshål som kan utnyttjas av en webbsida för att infektera datorn. De flesta behöver inte ha Java alls men om du måste är det viktigt att alltid ha senaste versionen. Det är alltså olämpligt att inaktivera dess automatiska uppdatering.

3.

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
Har du något program från Comodo installerat eller är det bara rester efter avinstallationer?

4.

Tcpip\..\Interfaces\{16B07F8C-ECE5-4B00-8DF8-78EC59C6FD2C}: [NameServer] 8.26.56.26,156.154.70.22
Det är Comodos DNS-servrar. Vill du använda dem fast du inte har något Comodo-program?
 

 

5. Starta programmet Anteckningar.
Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Run: [Google Update**.d<*>] => "C:\Users\Dan\AppData\Local\Google\Desktop\Install\{23ee8472-650e-10a1-3c9e-2eb0863ec604}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{23ee8472-650e-10a1-3c9e-2eb0863ec604}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll File not found
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKU\S-1-5-21-2652780602-1571902860-15739709-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
U1 StarOpen; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-2652780602-1571902860-15739709-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2652780602-1571902860-15739709-1002_Classes\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}\InprocServer32 -> C:\ProgramData\Windows\msseedir.dll No File
Task: {4909298F-E8E0-453A-A396-FC955F3F945C} - System32\Tasks\{E581CCE8-0B1B-4D16-A8A6-6B416D67972C} => pcalua.exe -a E:\SETUP.EXE -d E:\
EmptyTemp:

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Om datorn inte startas om automatiskt så gör det själv.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.


6. Spara RougueKiller på Skrivbordet: http://www.adlice.com/softwares/roguekiller/
För 32-bitars Windows: Klicka på en av de tre första knapparna som det står "Portable 32 bits" på.
För 64-bitars Windows: Klicka på en av de tre första knapparna som det står "Portable 64 bits" på.
Stäng av alla program.
Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

Vänta tills "Prescan" har avslutats.
Klicka på "Scan"-knappen uppe till höger.
Vänta tills skanningen är klar.
Klicka på "Report"-knappen.
En rapport skapas. Klistra in innehållet i den i ditt svar.

Länk till kommentar
Dela på andra webbplatser

1. Adobe Flash Player 16

Uppdatera Flash Player eftersom du har en gammal version med många kända säkerhetshål som kan utnyttjas av en webbsida för att infektera datorn. Det är alltså olämpligt att inaktivera dess automatiska uppdatering.

 

2. Java 7 Update 7

Avinstallera eller uppdatera Java eftersom du har en gammal version med många kända säkerhetshål som kan utnyttjas av en webbsida för att infektera datorn. De flesta behöver inte ha Java alls men om du måste är det viktigt att alltid ha senaste versionen. Det är alltså olämpligt att inaktivera dess automatiska uppdatering.

 

3.

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)

S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)

Har du något program från Comodo installerat eller är det bara rester efter avinstallationer?

 

4.

Tcpip\..\Interfaces\{16B07F8C-ECE5-4B00-8DF8-78EC59C6FD2C}: [NameServer] 8.26.56.26,156.154.70.22

Det är Comodos DNS-servrar. Vill du använda dem fast du inte har något Comodo-program?

 

5

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

 

Flash och java är fixat. Det enda jag kan hitta som har med comodo att göra är geekbuddy i program och funktioner men det är inget jag använder så det är nog bra att få bort det du nämner i punkt 3 och 4.

 

Punkten efter txt skall också vara med när jag sparar fixlist?

 

När jag försöker spara fixlistgrejen så får jag upp att den filen innehåller unicodetecken och att sådana tecken kommer gå förlorade om jag sparar i ansi, skall jag spara i ansi ändå eller ta unicode och i sådana fall vilken unicode(jag har unicode, unicode big endian samt utf-8). Filen kommer också få namnet fixlist.txt..txt  - är det korrekt namn på den. Det sista är givetvis filändelsen så mycket förstår jag men jag vill fråga för säkerhetsskull

Länk till kommentar
Dela på andra webbplatser

Spara i Ansi ändå.

 

Det färdiga filnamnet ska vara fixlist.txt utan extra punkt och dubbla filändelser.

Länk till kommentar
Dela på andra webbplatser

Spara i Ansi ändå.

 

Det färdiga filnamnet ska vara fixlist.txt utan extra punkt och dubbla filändelser.

Här kommer loggarna.

 

Hur ska jag göra med punkt 3 och 4? Jag har ingen användning av comodos DNS-servar och använder inga comodo program

 

Fixlogg:

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Dan at 2015-06-25 09:36:31 Run:1

Running from C:\Users\Dan\Desktop

Loaded Profiles: Dan (Available Profiles: Dan)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Run: [Google Update**.d<*>] => "C:\Users\Dan\AppData\Local\Google\Desktop\Install\{23ee8472-650e-10a1-3c9e-2eb0863ec604}\???\???\???\{23ee8472-650e-10a1-3c9e-2eb0863ec604}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)

AppInit_DLLs: C:\Windows\System32\guard64.dll => C:\Windows\System32\guard64.dll File not found

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File

Toolbar: HKU\S-1-5-21-2652780602-1571902860-15739709-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

U1 StarOpen; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

CustomCLSID: HKU\S-1-5-21-2652780602-1571902860-15739709-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

CustomCLSID: HKU\S-1-5-21-2652780602-1571902860-15739709-1002_Classes\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}\InprocServer32 -> C:\ProgramData\Windows\msseedir.dll No File

Task: {4909298F-E8E0-453A-A396-FC955F3F945C} - System32\Tasks\{E581CCE8-0B1B-4D16-A8A6-6B416D67972C} => pcalua.exe -a E:\SETUP.EXE -d E:\

EmptyTemp:

*****************

 

Restore point was successfully created.

Processes closed successfully.

C:\Users\Dan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 => moved successfully.

HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update**.d<*> => value removed successfully

"C:\Windows\System32\guard64.dll" => value data not found.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully

"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully

"HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully

HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully

HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

StarOpen => Service removed successfully

catchme => Service removed successfully

"HKU\S-1-5-21-2652780602-1571902860-15739709-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully

"HKU\S-1-5-21-2652780602-1571902860-15739709-1002_Classes\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4909298F-E8E0-453A-A396-FC955F3F945C}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4909298F-E8E0-453A-A396-FC955F3F945C}" => key removed successfully

C:\Windows\System32\Tasks\{E581CCE8-0B1B-4D16-A8A6-6B416D67972C} => moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E581CCE8-0B1B-4D16-A8A6-6B416D67972C}" => key removed successfully

EmptyTemp: => 6.1 GB temporary data Removed.

 

 

The system needed a reboot..

 

==== End of Fixlog 09:48:11 ====

 

 

 

 

 

 

 

 

 

 

Rkreport:

RogueKiller V10.8.6.0 (x64) [Jun 22 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Dan [Administrator]

Started from : C:\Users\Dan\Desktop\RogueKillerX64.exe

Mode : Scan -- Date : 06/25/2015  10:30:17

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 0 ¤¤¤

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 1 ¤¤¤

[ZeroAccess][Folder] Install -- C:\Users\Dan\AppData\Local\Google\Desktop\Install -> Found

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++

--- User ---

[MBR] 3154fdecaf55419056df3df0a6d8a8c3

[bSP] c0e782db198d2579dad0ea7a8cbbe29c : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 287069 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 588326912 | Size: 17872 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB

User = LL1 ... OK

User = LL2 ... OK

 

Länk till kommentar
Dela på andra webbplatser

Återkommer om det som har med Comodo att göra för först får du se till att få bort allt som har med ZeroAccess att göra.

 

1. Stäng av alla program inklusive antivirusprogram och liknande.
Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör).
Vänta tills "Prescan" har avslutats.

Välj fliken Filer och se till att följande är valt men inget annat:

[ZeroAccess][Folder] Install -- C:\Users\Dan\AppData\Local\Google\Desktop\Install -> Found

 

Gå igenom övriga flikar och se till att inget är valt.

Klicka på "Delete"-knappen.

Starta om datorn.
En till "RKreport.txt" ska då ha skapats på Skrivbordet.
Klistra in dess innehåll i ditt svar.
 

 

2. Skanna med FRST och klistra in eller bifoga de två nya loggarna så får vi se vad mer som ska bort, inkl. Comodo-grejerna.

Länk till kommentar
Dela på andra webbplatser

 

En till "RKreport.txt" ska då ha skapats på Skrivbordet.

Klistra in dess innehåll i ditt svar.

 

.

 

2. Skanna med FRST och klistra in eller bifoga de två nya loggarna så får vi se vad mer som ska bort, inkl. Comodo-grejerna.

 

Jag fick ingen rapport efter jag startade om datorn så jag körde Rk igen och tar från den rapporten istället och hoppas det fungerar

 

RogueKiller V10.8.6.0 (x64) [Jun 22 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Dan [Administrator]

Started from : C:\Users\Dan\Desktop\RogueKillerX64.exe

Mode : Scan -- Date : 06/25/2015  12:08:14

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 0 ¤¤¤

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++

--- User ---

[MBR] 3154fdecaf55419056df3df0a6d8a8c3

[bSP] c0e782db198d2579dad0ea7a8cbbe29c : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 287069 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 588326912 | Size: 17872 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 624928768 | Size: 103 MB

User = LL1 ... OK

User = LL2 ... OK

 

 

============================================

RKreport_SCN_06252015_103017.log - RKreport_SCN_06252015_113724.log - RKreport_DEL_06252015_113800.log

 

 

 

Firstlogg:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015

Ran by Dan (administrator) on DAN-HP on 25-06-2015 12:12:47

Running from C:\Users\Dan\Desktop

Loaded Profiles: Dan (Available Profiles: Dan)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)

Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Opera\Opera.exe" "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Comodo Security Solutions Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)

Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2015-06-08]

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [0WualaOverlayIcon1] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)

ShellIconOverlayIdentifiers: [0WualaOverlayIcon2] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)

ShellIconOverlayIdentifiers: [0WualaOverlayIcon3] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)

ShellIconOverlayIdentifiers: [0WualaOverlayIcon4] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Wuala OverlayIcons\OverlayIcon.dll [2011-05-26] (LaCie AG)

ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {1C3FFA7D-F2AA-4722-9B2C-2744629D0F35} => C:\Windows\System32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {1C3FFA7D-F2AA-4722-9B2C-2744629D0F35} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2652780602-1571902860-15739709-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://se.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF

SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)

BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)

BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2011-12-02] (EldoS Corporation)

BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-07] (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{16B07F8C-ECE5-4B00-8DF8-78EC59C6FD2C}: [NameServer] 8.26.56.26,156.154.70.22

 

FireFox:

========

FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5p7rancf.default-1406390208078

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2014-09-04] (Cuminas Corporation)

FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-14] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-07-23] (Nullsoft, Inc.)

FF Plugin-x32: @se.nexus/Personal -> C:\Program Files (x86)\Personal\bin\np_prsnl.dll [2012-01-04] (Technology Nexus AB)

FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2010-12-08] ()

FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-10-23] (Zylom)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2652780602-1571902860-15739709-1002: @hola.org/vlc,version=1.8.369 -> C:\Users\Dan\AppData\Local\Hola\firefox\app\vlc [2015-06-24] ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2009-10-23] (Zylom)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml [2015-06-23]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml [2015-06-23]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml [2015-06-23]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml [2015-06-23]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml [2015-06-23]

FF Extension: Hola Better Internet - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5p7rancf.default-1406390208078\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-05-27]

FF Extension: ZenMate Security, Privacy & Unblock VPN - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\5p7rancf.default-1406390208078\Extensions\firefox@zenmate.com.xpi [2015-06-23]

FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-01-31]

FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

 

Chrome:

=======

CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-04-12] (Adobe Systems) [File not signed]

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-03-04] (Advanced Micro Devices, Inc.) [File not signed]

R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-09] (Avira Operations GmbH & Co. KG)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)

S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)

S4 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [662104 2012-09-16] (Genie9)

S4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]

S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]

S4 LaCieDesktopManagerService; C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe [1379840 2012-10-10] () [File not signed]

S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

S4 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)

S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]

S4 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-02-25] (Xobni Corporation)

S4 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]

S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-19] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [348560 2011-12-02] (EldoS Corporation)

S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows ® Win 7 DDK provider) [File not signed]

S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-25 10:14 - 2015-06-25 11:56 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys

2015-06-25 10:14 - 2015-06-25 11:19 - 00000000 ____D C:\ProgramData\RogueKiller

2015-06-25 10:01 - 2015-06-25 10:03 - 21471480 _____ C:\Users\Dan\Desktop\RogueKillerX64.exe

2015-06-25 09:35 - 2015-06-25 09:35 - 02112512 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe

2015-06-25 09:03 - 2015-06-25 09:03 - 00000000 ____D C:\ProgramData\Sun

2015-06-24 10:01 - 2015-06-24 12:47 - 00003531 _____ C:\Users\Dan\Desktop\länkar som ska läsas.txt

2015-06-24 08:58 - 2015-06-25 12:13 - 00017406 _____ C:\Users\Dan\Desktop\FRST.txt

2015-06-24 08:58 - 2015-06-24 08:58 - 00002867 _____ C:\Users\Dan\Desktop\AdwCleaner[s0].txt

2015-06-24 08:40 - 2008-07-16 01:46 - 388259764 _____ C:\Users\Dan\Desktop\Nena_Sidney.wmv

2015-06-24 08:37 - 2015-06-24 08:37 - 00000000 ____D C:\Program Files (x86)\ESET

2015-06-24 08:32 - 2015-06-24 08:32 - 00000000 ____D C:\Users\Dan\AppData\Local\Hola

2015-06-24 07:43 - 2015-06-24 08:17 - 387917699 _____ C:\Users\Dan\Downloads\ss-Nena_Sidney.rar

2015-06-23 19:16 - 2015-06-23 19:16 - 00000000 ____D C:\Users\Dan\Downloads\Hola

2015-06-23 18:25 - 2015-06-24 08:24 - 00000000 ____D C:\AdwCleaner

2015-06-23 08:21 - 2015-06-23 08:21 - 02244096 _____ C:\Users\Dan\Downloads\adwcleaner_4.207.exe

2015-06-23 08:20 - 2015-06-23 08:21 - 02244096 _____ C:\Users\Dan\Downloads\adwcleaner_4.207(1).exe

2015-06-22 20:20 - 2015-06-24 08:58 - 00039641 _____ C:\Users\Dan\Desktop\Addition.txt

2015-06-22 20:02 - 2015-06-24 08:43 - 00039641 _____ C:\Users\Dan\Downloads\Addition.txt

2015-06-22 19:57 - 2015-06-24 08:43 - 00045141 _____ C:\Users\Dan\Downloads\FRST.txt

2015-06-22 19:55 - 2015-06-25 12:12 - 00000000 ____D C:\FRST

2015-06-22 19:44 - 2015-06-22 19:44 - 02109952 _____ (Farbar) C:\Users\Dan\Downloads\FRST64.exe

2015-06-21 13:18 - 2015-06-22 13:27 - 00016765 _____ C:\Users\Dan\Desktop\dfgds1.odt

2015-06-19 13:11 - 2015-06-19 13:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC7C7DFD-E35F-4D4B-9B4A-4E26E3635659}

2015-06-16 20:10 - 2015-06-16 20:10 - 00000000 ____D C:\Users\Public\Documents\sun

2015-06-16 20:08 - 2015-06-16 20:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\LibreOffice

2015-06-15 20:55 - 2015-06-15 20:55 - 00001474 _____ C:\Users\Public\Desktop\LibreOffice 4.4.lnk

2015-06-15 20:55 - 2015-06-15 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4

2015-06-15 20:52 - 2015-06-15 20:55 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4

2015-06-11 08:08 - 2015-06-10 18:40 - 00016340 _____ C:\Users\Dan\Documents\dfgds.docx_1_1.odt

2015-06-10 19:37 - 2015-06-01 20:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-06-10 19:37 - 2015-06-01 19:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-06-10 19:37 - 2015-05-27 15:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-06-10 19:37 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-06-10 19:37 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-06-10 19:37 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-06-10 19:37 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-06-10 19:37 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-06-10 19:37 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-06-10 19:37 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-06-10 19:37 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-06-10 19:37 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-06-10 19:37 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-06-10 19:37 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-06-10 19:37 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-06-10 19:37 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-06-10 19:37 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-06-10 19:37 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-06-10 19:37 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-06-10 19:37 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-06-10 19:37 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-06-10 19:37 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-06-10 19:37 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-06-10 19:37 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-06-10 19:37 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-06-10 19:37 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-06-10 19:37 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-06-10 19:37 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-06-10 19:37 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-06-10 19:37 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-06-10 19:37 - 2015-05-22 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-06-10 19:37 - 2015-05-22 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-06-10 19:37 - 2015-05-22 20:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-06-10 19:37 - 2015-05-22 20:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-06-10 19:37 - 2015-05-22 20:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-06-10 19:37 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-06-10 19:37 - 2015-05-22 20:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-06-10 19:37 - 2015-05-22 19:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-06-10 19:37 - 2015-05-22 19:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-06-10 19:37 - 2015-05-22 19:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-06-10 19:37 - 2015-05-22 19:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-06-10 19:37 - 2015-05-22 19:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-06-10 19:37 - 2015-05-22 19:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-06-10 19:37 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-06-10 19:37 - 2015-05-22 19:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-06-10 19:37 - 2015-05-22 19:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-06-10 19:37 - 2015-05-22 19:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-06-10 19:37 - 2015-05-22 19:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-06-10 19:37 - 2015-05-22 19:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-06-10 19:37 - 2015-05-22 19:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-06-10 19:37 - 2015-05-22 19:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-06-10 19:37 - 2015-05-22 19:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-06-10 19:37 - 2015-05-22 19:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-06-10 19:37 - 2015-05-22 19:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-06-10 19:37 - 2015-05-22 19:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-06-10 19:37 - 2015-05-22 19:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-06-10 19:37 - 2015-05-22 18:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-06-10 19:37 - 2015-05-22 18:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-06-10 19:37 - 2015-05-22 18:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-06-10 19:37 - 2015-05-22 18:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-06-10 19:35 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-06-10 19:35 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-06-10 19:35 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-06-10 19:35 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-06-10 19:35 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-06-10 19:35 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-06-10 19:35 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-06-10 19:35 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-06-10 19:35 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-06-10 19:35 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-06-10 19:30 - 2015-05-25 18:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-06-10 19:30 - 2015-05-09 04:27 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-06-10 19:30 - 2015-05-09 04:27 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-06-10 19:30 - 2015-05-09 04:27 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-06-10 19:30 - 2015-05-09 04:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-06-10 19:30 - 2015-05-09 04:26 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-06-10 19:30 - 2015-05-09 04:26 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-06-10 19:30 - 2015-05-09 04:26 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-06-10 19:30 - 2015-05-09 04:25 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-06-10 19:30 - 2015-05-09 04:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-06-10 19:30 - 2015-05-09 04:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-06-10 19:30 - 2015-05-09 04:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-06-10 19:30 - 2015-05-09 04:12 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-06-10 19:30 - 2015-05-09 04:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 03:01 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-06-10 19:30 - 2015-05-09 03:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-06-10 19:30 - 2015-05-09 02:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-06-10 19:30 - 2015-05-09 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-06-10 19:30 - 2015-04-24 19:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-06-10 19:30 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2015-06-10 17:20 - 2015-06-09 16:28 - 00015695 _____ C:\Users\Dan\Documents\dfgds.docx_1.odt

2015-06-09 19:25 - 2015-06-09 19:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{706E4D80-C3C8-42AD-BC61-21687F253591}

2015-06-09 12:14 - 2015-06-09 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{477A4BA8-E1CD-4F01-977E-04788CDB4B02}

2015-06-07 23:46 - 2015-06-07 23:46 - 01646208 ____N C:\Windows\Minidump\060815-21481-01.dmp

2015-06-02 21:58 - 2015-06-01 15:04 - 00009657 _____ C:\Users\Dan\Documents\nyckling.ods_1.ods

2015-06-02 21:45 - 2015-06-02 21:45 - 00000090 ____H C:\Users\Dan\Downloads\.~lock.Nomenklatur.odt#

2015-05-28 21:39 - 2015-05-28 21:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{9665E230-C4C0-4592-BDE1-1AF625291BA5}

2015-05-28 16:16 - 2015-05-28 16:37 - 00029211 _____ C:\Users\Dan\Documents\reflektion.odt

2015-05-27 08:26 - 2015-05-27 08:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{5AB1F9E9-7B85-4E54-BE60-7007F23F9C5C}

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-25 12:08 - 2012-09-10 10:30 - 00000868 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-06-25 11:54 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-25 11:54 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-25 11:50 - 2011-06-24 08:16 - 01102378 _____ C:\Windows\WindowsUpdate.log

2015-06-25 11:49 - 2011-04-29 00:00 - 06502850 _____ C:\Windows\system32\perfh01D.dat

2015-06-25 11:49 - 2011-04-29 00:00 - 02189930 _____ C:\Windows\system32\perfc01D.dat

2015-06-25 11:49 - 2009-07-14 06:13 - 00006272 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-25 11:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-25 11:42 - 2009-07-14 05:51 - 00302086 _____ C:\Windows\setupact.log

2015-06-24 22:02 - 2011-07-22 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\Last.fm

2015-06-24 07:28 - 2012-07-02 14:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2015-06-23 19:13 - 2013-08-18 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2015-06-22 22:35 - 2014-11-21 20:04 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieBrowserModeList

2015-06-22 22:35 - 2014-04-28 19:52 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieUserList

2015-06-22 22:35 - 2014-04-28 19:52 - 00000000 __SHD C:\Users\Dan\AppData\Local\EmieSiteList

2015-06-21 19:42 - 2014-10-22 14:06 - 00000000 ____D C:\Windows\rescache

2015-06-21 09:11 - 2011-07-22 19:18 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps

2015-06-18 13:00 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2015-06-16 18:58 - 2011-07-21 17:53 - 00073584 _____ C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT

2015-06-16 18:53 - 2009-07-14 05:45 - 00329048 _____ C:\Windows\system32\FNTCACHE.DAT

2015-06-16 18:52 - 2013-08-12 11:56 - 00000000 ____D C:\ProgramData\Avira

2015-06-16 18:52 - 2010-11-21 04:47 - 00563282 _____ C:\Windows\PFRO.log

2015-06-15 16:35 - 2014-11-14 20:03 - 00000000 ____D C:\ProgramData\Package Cache

2015-06-15 16:35 - 2013-08-12 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-06-15 16:34 - 2013-08-12 11:56 - 00000000 ____D C:\Program Files (x86)\Avira

2015-06-12 05:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-06-09 09:18 - 2013-08-12 11:58 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-06-09 09:18 - 2013-08-12 11:58 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-06-08 17:29 - 2011-09-22 14:55 - 00000000 ____D C:\Windows\Minidump

2015-05-27 13:34 - 2009-07-14 06:08 - 00032514 _____ C:\Windows\Tasks\SCHEDLGU.TXT

 

==================== Files in the root of some directories =======

 

2014-04-18 19:51 - 2014-04-18 19:51 - 0000268 ___RH () C:\Users\Dan\AppData\Roaming\Digital Basic

2014-04-18 19:50 - 2014-04-18 19:50 - 0000268 ___RH () C:\Users\Dan\AppData\Roaming\Digital Light

2013-08-14 21:23 - 2013-08-14 21:23 - 0007605 _____ () C:\Users\Dan\AppData\Local\Resmon.ResmonCfg

2011-09-21 10:45 - 2011-09-21 10:45 - 0017408 _____ () C:\Users\Dan\AppData\Local\WebpageIcons.db

2014-04-18 19:51 - 2014-04-18 19:51 - 0000268 ___RH () C:\ProgramData\Displays

2014-04-18 19:50 - 2014-04-18 19:50 - 0000268 ___RH () C:\ProgramData\Distortion

2014-04-18 19:33 - 2014-11-08 17:51 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT

2014-04-18 19:51 - 2014-04-18 19:51 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT

 

Some files in TEMP:

====================

C:\Users\Dan\AppData\Local\Temp\avgnt.exe

C:\Users\Dan\AppData\Local\Temp\dllnt_dump.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-06-21 19:23

 

==================== End of log ============================

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Dan at 2015-06-25 12:14:20

Running from C:\Users\Dan\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administratör (S-1-5-21-2652780602-1571902860-15739709-500 - Administrator - Disabled)

Dan (S-1-5-21-2652780602-1571902860-15739709-1002 - Administrator - Enabled) => C:\Users\Dan

Gäst (S-1-5-21-2652780602-1571902860-15739709-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2652780602-1571902860-15739709-1003 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)

Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)

Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)

Adobe Reader XI (11.0.03) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)

ATI Catalyst Install Manager (HKLM\...\{E04A3037-2F82-C518-D6CA-A63497D3872F}) (Version: 3.0.808.0 - ATI Technologies, Inc.)

Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.574 - Avira Operations GmbH & Co. KG)

BankID säkerhetsprogram 4.18.3 (HKLM-x32\...\Personal) (Version:  - )

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Beneath a Steel Sky (HKLM-x32\...\Beneath a Steel Sky_is1) (Version:  - GOG.com)

Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.12.896 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{A7FC82AC-986D-48D5-8AAE-A75C1D829E0A}) (Version: 0.7.12.896 - BlueStack Systems, Inc.)

Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)

BookSmart® 3.4.4 3.4.4 (HKLM-x32\...\BookSmart® 3.4.4 3.4.4) (Version:  - Blurb, Inc)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.4.7 - NIKON CORPORATION)

ccc-core-static (x32 Version: 2011.0304.1135.20703 - ATI) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Contenta CR2 Converter (HKLM-x32\...\ContentaCR2Converter) (Version:  - Contenta Software)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3726 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DeepBurner Pro v1.9.0.228 (HKLM-x32\...\{1AD22277-7A1E-71EC-B27D-EB7A22BED143}) (Version:  - )

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)

Document Express DjVu Plug-in (HKLM-x32\...\{F2ED93C5-5F97-49D3-873A-81088D25F7BA}) (Version: 6.1.34387 - Cuminas Corporation)

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dragonsphere (HKLM-x32\...\Dragonsphere_is1) (Version:  - GOG.com)

Dynomite (HKLM-x32\...\0e06a639dd5fa24449cc919aa633bfe0) (Version:  - )

Dynomite Deluxe (HKLM-x32\...\a3bc6ee10dba91efca2bbc75931a4c96) (Version:  - Zylom)

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 5.02 - )

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)

Fallout (HKLM-x32\...\Fallout_is1) (Version:  - GOG.com)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

GeekBuddy (HKLM-x32\...\{C5DF93B9-89DF-40AF-BD79-B172B27AC977}) (Version: 4.8.66 - Comodo Security Solutions Inc)

Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 3.0 - Genie9)

Google Translator (HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Google Translator) (Version:  - Opera widgets)

Guitar Pro (HKLM-x32\...\Guitar Pro6.0.1.7840) (Version: 6.0.1.7840 - MKN)

Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)

HP On Screen Display (HKLM-x32\...\{124DB96E-CBF5-44FB-AB59-7D2444DEC777}) (Version: 1.0.7 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{B97E3520-C726-475E-BC0C-7561952633AB}) (Version: 1.2.1 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{6280EB8F-CAA5-40B9-B253-0B96CAFD011D}) (Version: 4.1.8.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)

HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LaCie Desktop Manager 1.5.5 (HKLM\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 1.5.5 - LaCie)

Last.fm Scrobbler 2.1.30 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)

LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)

Lure of the Temptress (HKLM-x32\...\Lure of the Temptress_is1) (Version:  - GOG.com)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 1.61.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile Language Pack - SVE (HKLM\...\Microsoft .NET Framework 4 Client Profile SVE Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended Language Pack - SVE (HKLM\...\Microsoft .NET Framework 4 Extended SVE Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)

Mozilla Firefox 38.0.5 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 sv-SE)) (Version: 38.0.5 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)

Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)

Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)

OpenOffice.org 3.3 (HKLM-x32\...\{5F51441D-48C6-4308-9824-5D34211BB715}) (Version: 3.3.9567 - OpenOffice.org)

Opera 11.50 (HKLM-x32\...\Opera 11.50.1074) (Version: 11.50.1074 - Opera Software ASA)

Paradise Pet Salon (HKLM-x32\...\BFG-Paradise Pet Salon) (Version:  - )

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.34 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

PSD Viewer (HKLM-x32\...\{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1) (Version:  - IdeaMK)

RawShooter essentials 2005 (HKLM-x32\...\RawShooter essentials 2005) (Version: 1.1.2 - Pixmantec)

RawShooter essentials 2006 (HKLM-x32\...\RawShooter essentials 2006) (Version: 1.5.0 - Pixmantec)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden

Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)

Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden

SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)

SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.3 - Synaptics Incorporated)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.21 - WildTangent) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)

Winamp Detector Plug-in (HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)

WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

Wuala (HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\Wuala) (Version: 1.0.391.0 - LaCie)

Wuala CBFS (HKLM-x32\...\Wuala CBFS) (Version: 3.2.102.0 - LaCie)

Wuala OverlayIcons (HKLM-x32\...\Wuala OverlayIcons) (Version: 1.0.0.1 - LaCie)

Xobni (HKLM-x32\...\XobniMain) (Version: 1.9.5.13209 - Xobni Corp.)

Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

25-06-2015 08:59:51 Removed Java 7 Update 7

25-06-2015 09:02:05 Removed Java 7 Update 7

25-06-2015 09:36:37 Restore Point Created by FRST

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2012-06-28 13:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0C584660-6510-431E-8826-DE25B5272A47} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)

Task: {1E6F2B12-1FD0-4713-BFAC-7D816AAA3D30} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)

Task: {2F49839F-CFD1-480E-A1C4-1C028298917F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-10] (CyberLink)

Task: {6E9D99F6-46C0-4271-B95B-8B9C0A87B520} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {CD51D3F1-2D0D-489A-8351-D8CBF5C5350A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {D8B04AB3-1BD4-4347-9B0C-AC8C162646DB} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe

Task: {F6332D16-2E44-4C51-A56F-C11A6F40EA29} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-22] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2011-07-21 18:30 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll

2011-03-04 20:43 - 2011-03-04 20:43 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll

2011-03-04 20:44 - 2011-03-04 20:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2011-01-17 15:19 - 2011-07-21 21:40 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\hola.org -> hxxp://hola.org

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.26.56.26 - 156.154.70.22

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: Adobe LM Service => 3

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AERTFilters => 2

MSCONFIG\Services: BstHdAndroidSvc => 2

MSCONFIG\Services: BstHdLogRotatorSvc => 2

MSCONFIG\Services: CltMngSvc => 2

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: GeekBuddyRSP => 2

MSCONFIG\Services: GenieTimelineService => 2

MSCONFIG\Services: hola_svc => 2

MSCONFIG\Services: hola_updater => 2

MSCONFIG\Services: HP Support Assistant Service => 2

MSCONFIG\Services: IconMan_R => 2

MSCONFIG\Services: LaCieDesktopManagerService => 2

MSCONFIG\Services: McComponentHostService => 3

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: ogmservice => 2

MSCONFIG\Services: pdfcDispatcher => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: XobniService => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BankID säkerhetsprogram.lnk => C:\Windows\pss\BankID säkerhetsprogram.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk => C:\Windows\pss\ERUNT AutoBackup.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe

MSCONFIG\startupreg: COMODO Internet Security => "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: gbrspcontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave

MSCONFIG\startupreg: hola => C:\Program Files\Hola\app\hola.exe --silent

MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

MSCONFIG\startupreg: LaCie Desktop Manager Launcher => "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe"

MSCONFIG\startupreg: LaCie Desktop Manager Startup => "C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s

MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{410EF226-436C-43C3-9548-F23324446E0E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{B349E567-7D67-4AF5-8B15-77A309F25605}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{FDCA7994-F7DC-4D8C-AE67-362C854C1E5B}] => (Allow) LPort=2869

FirewallRules: [{B4117C62-BC65-4D0D-8B5B-A562263848E7}] => (Allow) LPort=1900

FirewallRules: [{34616BDD-178F-4909-9FE9-CC776396CCFC}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{8EBEA271-3747-40EA-A13E-F4C6F02023EB}] => (Allow) C:\Program Files (x86)\Opera\opera.exe

FirewallRules: [{764BBFA7-E659-4CCA-9370-55F6C74A4CAC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{98D4DA32-A7BF-49E5-9E91-7F0739381D13}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{ADCE8483-97E2-4671-8796-11A72712CBFA}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe

FirewallRules: [{470883FC-F594-4D1D-B6D4-171654FEE37B}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe

FirewallRules: [{EDA854DF-C4E2-45E0-BFB5-CA37D1452AF0}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{8E0B0A36-2517-4F5F-B1FA-CB97404934A5}] => (Allow) C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

FirewallRules: [{ABF7FC34-8A05-4C6A-9629-2D2BC2C0E652}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{9FA53E93-5275-4DB8-9256-2ECC51A41DA6}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [TCP Query User{684E568D-82CA-4938-BF19-9F710C079E50}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe

FirewallRules: [uDP Query User{0BFCC4F3-318D-4F18-B38F-F4AECC7146CB}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe

FirewallRules: [TCP Query User{B1410B4B-A427-4E9B-A9E5-89907D125A90}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe

FirewallRules: [uDP Query User{3AD8FC20-5855-445D-AF51-F9511CB4A29F}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe

FirewallRules: [TCP Query User{CE1A81E4-E2EF-4982-A54A-672AF4D81458}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe

FirewallRules: [uDP Query User{5902D0FD-6280-4653-8040-3F1FE7B8EB86}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe

FirewallRules: [TCP Query User{565286B8-F5B0-4587-96DC-4EEFCF43A121}C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [uDP Query User{B76A7729-6CAD-4F62-9F45-7C63AF424503}C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dan\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{CE9DF86D-A3BA-4B95-8FC7-0C07C9FD84F9}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe

FirewallRules: [{C10C1B48-9876-47A8-B15C-1163C87A3ED4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe

FirewallRules: [{A9F8EF43-E35D-443A-B151-3C0E97D92F24}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe

FirewallRules: [{60C5ED8C-A744-4736-BDC3-3D6FD9A9B3A1}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe

FirewallRules: [{97FB5B4E-5EC4-4565-AF62-4B78D2E59615}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{48F38768-4D0B-41BE-BA84-352AC7B1F8EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{E30AD5DB-670B-4F81-9B80-FE3F959C0B25}C:\users\dan\appdata\local\hola\firefox\app\hola_plugin.exe] => (Block) C:\users\dan\appdata\local\hola\firefox\app\hola_plugin.exe

FirewallRules: [uDP Query User{C84D5A22-5B85-4757-A5A6-F61F75C643CB}C:\users\dan\appdata\local\hola\firefox\app\hola_plugin.exe] => (Block) C:\users\dan\appdata\local\hola\firefox\app\hola_plugin.exe

 

==================== Faulty Device Manager Devices =============

 

Name: BlueStacks Hypervisor

Description: BlueStacks Hypervisor

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: BstHdDrv

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/25/2015 11:49:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)

Description: Det gick inte att avinstallera prestandaräknarsträngarna för tjänsten WmiApRpl (WmiApRpl). Felkoden finns i datasektionens första DWORD.

 

Error: (06/25/2015 11:49:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

 

Error: (06/25/2015 11:49:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

 

Error: (06/25/2015 11:44:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/25/2015 09:59:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)

Description: Det gick inte att avinstallera prestandaräknarsträngarna för tjänsten WmiApRpl (WmiApRpl). Felkoden finns i datasektionens första DWORD.

 

Error: (06/25/2015 09:59:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

 

Error: (06/25/2015 09:59:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

 

Error: (06/25/2015 09:54:05 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)

Description: Det gick inte att avinstallera prestandaräknarsträngarna för tjänsten WmiApRpl (WmiApRpl). Felkoden finns i datasektionens första DWORD.

 

Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Prestandasträngarna i registervärdet för prestanda är skadade. Detta upptäcktes när tilläggsräknarprovidern Performance behandlades. Värdet för BaseIndex i registret för prestanda anges som första DWORD i datasektionen och värdet för LastHelp anges som tredje DWORD i datasektionen.

 

 

System errors:

=============

Error: (06/25/2015 11:45:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjänsten HP Wireless Assistant Service kunde inte startas på grund av följande fel:

%%1053

 

Error: (06/25/2015 11:45:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten HP Wireless Assistant Service skulle ansluta.

 

Error: (06/25/2015 11:43:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:

CFRMD

 

Error: (06/25/2015 11:42:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjänsten BlueStacks Hypervisor kunde inte startas på grund av följande fel:

%%2

 

Error: (06/25/2015 09:55:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjänsten HP Wireless Assistant Service kunde inte startas på grund av följande fel:

%%1053

 

Error: (06/25/2015 09:55:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten HP Wireless Assistant Service skulle ansluta.

 

Error: (06/25/2015 09:53:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:

CFRMD

 

Error: (06/25/2015 09:52:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Tjänsten BlueStacks Hypervisor kunde inte startas på grund av följande fel:

%%2

 

Error: (06/25/2015 09:51:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)

Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

 

Modulsökväg: C:\Windows\system32\athihvs.dll

 

Error: (06/25/2015 09:51:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT instans)

Description: Modulen för WLAN-utökningsmöjligheter stoppades oväntat.

 

Modulsökväg: C:\Windows\system32\athihvs.dll

 

 

Microsoft Office:

=========================

Error: (06/25/2015 11:49:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)

Description: WmiApRplWmiApRpl8F20300004D070000

 

Error: (06/25/2015 11:49:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Performance1637070000000000000000000009030000

 

Error: (06/25/2015 11:49:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Performance1637070000000000000000000009030000

 

Error: (06/25/2015 11:44:06 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/25/2015 09:59:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)

Description: WmiApRplWmiApRpl8F20300004D070000

 

Error: (06/25/2015 09:59:06 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Performance1637070000000000000000000009030000

 

Error: (06/25/2015 09:59:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Performance1637070000000000000000000009030000

 

Error: (06/25/2015 09:54:05 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT instans)

Description: WmiApRplWmiApRpl8F20300004D070000

 

Error: (06/24/2015 08:33:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT instans)

Description: Performance1637070000000000000000000009030000

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-01-03 09:28:10.597

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-03 09:28:10.519

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-06-28 13:45:35.107

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-06-28 13:45:35.060

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info ===========================

 

Processor: AMD E-350 Processor

Percentage of memory in use: 76%

Total physical RAM: 1642.9 MB

Available physical RAM: 391.38 MB

Total Pagefile: 3285.8 MB

Available Pagefile: 2165.21 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:280.34 GB) (Free:176.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:17.45 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 223EB1DC)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=280.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=17.5 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End of log ============================

Länk till kommentar
Dela på andra webbplatser

Jag har inte glömt bort dig men haft väldigt ont om tid. Jag återkommer så snart jag hinner.

Länk till kommentar
Dela på andra webbplatser

Avinstallera GeekBuddy.

 

Starta programmet Anteckningar.
Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-14] (Oracle Corporation)
IE trusted site: HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\hola.org -> hxxp://hola.org
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
C:\Program Files (x86)\Common Files\COMODO
Tcpip\..\Interfaces\{16B07F8C-ECE5-4B00-8DF8-78EC59C6FD2C}: [NameServer] 8.26.56.26,156.154.70.22
Reboot:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Om datorn inte startas om automatiskt så gör det själv.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.
Länk till kommentar
Dela på andra webbplatser

 

Avinstallera GeekBuddy.

 

Här kommer loggen

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015

Ran by Dan at 2015-06-27 13:41:44 Run:2

Running from C:\Users\Dan\Desktop

Loaded Profiles: Dan (Available Profiles: Dan)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-14] (Oracle Corporation)

IE trusted site: HKU\S-1-5-21-2652780602-1571902860-15739709-1002\...\hola.org -> hxxp://hola.org

R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)

S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)

C:\Program Files (x86)\Common Files\COMODO

Tcpip\..\Interfaces\{16B07F8C-ECE5-4B00-8DF8-78EC59C6FD2C}: [NameServer] 8.26.56.26,156.154.70.22

Reboot:

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2" => key removed successfully

C:\Windows\SysWOW64\npDeployJava1.dll => moved successfully.

"HKU\S-1-5-21-2652780602-1571902860-15739709-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org" => key removed successfully

CLPSLauncher => Service removed successfully

GeekBuddyRSP => Service removed successfully

C:\Program Files (x86)\Common Files\COMODO => moved successfully.

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16B07F8C-ECE5-4B00-8DF8-78EC59C6FD2C}\\NameServer => value removed successfully

 

 

The system needed a reboot..

 

==== End of Fixlog 13:43:32 ====

Länk till kommentar
Dela på andra webbplatser

Verkar allt bra med datorn nu?

Har du fler frågor innan jag skriver hur FRST och AdwCleaner ska avinstalleras?

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...