Just nu i M3-nätverket
Gå till innehåll

Virus igen


vimma

Rekommendera Poster

  • Svars 74
  • Skapad
  • Senaste svar

RogueKiller V10.10.4.0 [sep  4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Micke [Administrator]
Started from : C:\Users\Micke\Desktop\RogueKiller.exe
Mode : Delete -- Date : 09/06/2015 01:45:37

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{033F4DAA-4461-435E-92E4-ABA38DDB944D} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{033F4DAA-4461-435E-92E4-ABA38DDB944D} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{033F4DAA-4461-435E-92E4-ABA38DDB944D} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1    mssplus.mcafee.com

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9320320AS ATA Device +++++
--- User ---
[MBR] a142dc25c21ed30c022c0aecfddff8bf
[bSP] c83f6d3cdea8c218388548da794008b8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 12001 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24579450 | Size: 152617 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 337140090 | Size: 140623 MB
User = LL1 ... OK
User = LL2 ... OK
 

Länk till kommentar
Dela på andra webbplatser

Förlåt, gör det en gång till men se till att allt på fliken Registry är valt, men inget på de andra flikarna.

Länk till kommentar
Dela på andra webbplatser

OK, jag körde eset online under natten och den hittade detta

 

C:\Windows.old\Documents and Settings\bjulasen\Local Settings\Temp\n2641\wajam_2207-6c14163c.exe    Win32/Wajam.B potentially unwanted application    
C:\Windows.old\Documents and Settings\bjulasen\Local Settings\Temp\n7445\FLVMPlayerSetup-c45490cb.exe    a variant of MSIL/Solimba.AC potentially unwanted application    
C:\Windows.old\Users\bjulasen\AppData\Local\Temp\n2641\wajam_2207-6c14163c.exe    Win32/Wajam.B potentially unwanted application    
C:\Windows.old\Users\bjulasen\AppData\Local\Temp\n7445\FLVMPlayerSetup-c45490cb.exe    a variant of MSIL/Solimba.AC potentially unwanted application    
C:\Windows.old\Users\bjulasen\Downloads\WindowsLiveMail.exe    a variant of Win32/InstallCore.PZ potentially unwanted application    
C:\Windows.old\Users\bjulasen\Local Settings\Temp\n2641\wajam_2207-6c14163c.exe    Win32/Wajam.B potentially unwanted application    
C:\Windows.old\Users\bjulasen\Local Settings\Temp\n7445\FLVMPlayerSetup-c45490cb.exe    a variant of MSIL/Solimba.AC potentially unwanted application    
C:\AdwCleaner\Quarantine\C\Program Files\DNS Unlocker\ConsoleApplication1.dll.vir    a variant of Win32/Adware.CloudGuard.B application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\DNS Unlocker\dnshugo.exe.vir    a variant of MSIL/Adware.CloudGuard.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptimizerPro.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptProGuard.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AD application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptProHelper.dll.vir    a variant of Win32/OptimizerPro.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptProLauncher.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AC application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptProReminder.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AE application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptProSchedule.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptProSmartScan.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptProStart.exe.vir    Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\OptProUninstaller.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Optimizer Pro 3.99\SafeCheckout.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AR application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\QuickCheckout.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AR application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SuperOptimizer.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SupOptGuard.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AD application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SupOptHelper.dll.vir    a variant of Win32/OptimizerPro.B potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SupOptLauncher.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AC application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SupOptReminder.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AE application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SupOptSchedule.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AL application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SupOptSmartScan.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SupOptStart.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AG application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Super Optimizer\SupOptUninstaller.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AQ application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\PC-Mechanic\pc-mechanic.exe.vir    Win32/UniBlue.C potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Uniblue\PC-Mechanic\thirdpartyinstaller.exe.vir    Win32/UniBlue.C potentially unwanted application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{0885183f-e52a-819e-0885-5183fe5260ff}\hqghumeaylnlf.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AP application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{983ea52e-b27a-2097-983e-ea52eb2794ba}\hqghumeaylnlf.exe.vir    a variant of Win32/Adware.SpeedingUpMyPC.AP application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Micke\AppData\Roaming\IHlpr\223E9B81BBAA4B3FA9EB8F35CC4958B7\pcmechanicpmSCAN_p1v1.exe.vir    a variant of Win32/UniBlue.F potentially unwanted application    deleted - quarantined
C:\Program Files\ProcessInit\ProcessInit.dll    a variant of Win32/Adware.MultiPlug.NV.gen application    cleaned by deleting - quarantined
C:\Program Files\RelayLevel\RelayLevel.dll    a variant of Win32/Adware.MultiPlug.NV.gen application    cleaned by deleting - quarantined
C:\Users\Micke\AppData\Local\Temp\01c86faf\63233.ftf    multiple threats    cleaned by deleting - quarantined
C:\Users\Micke\AppData\Local\Temp\2c16f31f\53590.ftf    multiple threats    cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\bjulasen\AppData\Local\Temp\n2641\wajam_2207-6c14163c.exe    Win32/Wajam.B potentially unwanted application    deleted - quarantined
C:\Windows.old\Documents and Settings\bjulasen\AppData\Local\Temp\n7445\FLVMPlayerSetup-c45490cb.exe    a variant of MSIL/Solimba.AC potentially unwanted application    deleted - quarantined
C:\Windows.old\Documents and Settings\bjulasen\Downloads\WindowsLiveMail.exe    a variant of Win32/InstallCore.PZ potentially unwanted application    cleaned by deleting - quarantined
C:\Windows.old\Program Files\FLVM Player\FLVPlayerUninstaller.exe    a variant of MSIL/Solimba.AC potentially unwanted application    deleted - quarantined
C:\Windows.old\Program Files\Wajam\uninstall.exe    Win32/Wajam.K potentially unwanted application    deleted - quarantined
C:\Windows.old\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe    a variant of MSIL/Wajam.B potentially unwanted application    cleaned by deleting - quarantined
C:\Windows.old\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe    a variant of Win32/Wajam.K potentially unwanted application    cleaned by deleting - quarantined
 

Länk till kommentar
Dela på andra webbplatser

Vet inte om jag är trög men tycker att denna ser ut likadan som förra scanningen

 

 

RogueKiller V10.10.4.0 [sep  4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Micke [Administrator]
Started from : C:\Users\Micke\Desktop\RogueKiller.exe
Mode : Scan -- Date : 09/06/2015 10:24:38

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{033F4DAA-4461-435E-92E4-ABA38DDB944D} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{033F4DAA-4461-435E-92E4-ABA38DDB944D} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{033F4DAA-4461-435E-92E4-ABA38DDB944D} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018} | DhcpNameServer : 46.17.101.204 192.168.1.1 ([X][-])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1    mssplus.mcafee.com

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9320320AS ATA Device +++++
--- User ---
[MBR] a142dc25c21ed30c022c0aecfddff8bf
[bSP] c83f6d3cdea8c218388548da794008b8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 12001 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24579450 | Size: 152617 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 337140090 | Size: 140623 MB
User = LL1 ... OK
User = LL2 ... OK
 

Länk till kommentar
Dela på andra webbplatser

Det där är en logg från när RogueKiller har skannat, låt den ta bort allt den har listat på Registry-fliken.

Länk till kommentar
Dela på andra webbplatser

Verkade det gå bra när du klickade på Delete-knappen i RogueKiller?

 

Kör FRST igen och bifoga de två loggfilerna får vi se om det finns något kvar i dem.

Länk till kommentar
Dela på andra webbplatser

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Micke (administrator) on MICKE-DATOR (06-09-2015 13:33:18)
Running from C:\Users\Micke\Desktop
Loaded Profiles: Micke (Available Profiles: Micke)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Spotify Ltd) C:\Users\Micke\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\Micke\AppData\Roaming\uTorrent\uTorrent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(Dropbox, Inc.) C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-15] (Avast Software s.r.o.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Run: [spotify Web Helper] => C:\Users\Micke\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Run: [uTorrent] => C:\Users\Micke\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-28] (BitTorrent Inc.)
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Run: [spotify] => C:\Users\Micke\AppData\Roaming\Spotify\Spotify.exe [7535672 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Run: [Dropbox Update] => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-15] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-07-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-08-28]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Micke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-07] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\4vlvrbc8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-16] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-19] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-20]

Chrome:
=======
CHR Profile: C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation) [File not signed]
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [176128 2009-08-18] (AMD) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473600 2014-07-07] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473600 2014-07-07] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-15] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-15] (Avast Software)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation) [File not signed]
R3 BITS; C:\Windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) [File not signed]
R3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1874104 2015-07-14] (Microsoft Corporation)
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [140288 2013-07-09] (Microsoft Corporation) [File not signed]
R2 CscService; C:\Windows\System32\cscsvc.dll [546304 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [906240 2014-08-22] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [108032 2014-08-18] (Microsoft Corporation) [File not signed]
S3 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [235696 2015-06-26] (McAfee, Inc.)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation) [File not signed]
R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [157184 2014-07-07] (Microsoft Corporation) [File not signed]
S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [164352 2012-05-01] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [378416 2013-02-05] (Samsung Electronics Co., Ltd.)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]
S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2012-02-11] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation) [File not signed]
R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [521216 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\Windows\System32\umrdp.dll [171008 2010-11-20] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-28] (Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [55296 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-15] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-15] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-15] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-15] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-15] ()
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [1096704 2009-07-14] (Atheros Communications, Inc.) [File not signed]
R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4994560 2009-08-18] (ATI Technologies Inc.) [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-14] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-14] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [5248 2009-07-14] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] (Brother Industries Ltd.) [File not signed]
R3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [34816 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation) [File not signed]
R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [393728 2012-07-06] (Microsoft Corporation) [File not signed]
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [60416 2011-04-28] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation) [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [62464 2010-11-20] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation) [File not signed]
S3 eapihdrv; C:\Users\Micke\AppData\Local\Temp\ehdrv.sys [135760 2015-09-06] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-14] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation) [File not signed]
R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [91136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2009-07-14] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation) [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [15872 2010-11-20] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2012-04-28] (Microsoft Corporation) [File not signed]
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-14] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-20] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SiSGbeLH; C:\Windows\System32\DRIVERS\SiSGB6.sys [48128 2009-07-14] (Silicon Integrated Systems Corp.) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] (Microsoft Corporation) [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] (Microsoft Corporation) [File not signed]
S3 terminpt; C:\Windows\system32\drivers\terminpt.sys [25600 2010-11-20] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2013-06-15] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation) [File not signed]
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [36352 2013-07-03] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-15] (Avast Software)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]
S3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) [File not signed]
S3 cpuz134; \??\C:\Users\Micke\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 02:04 - 2015-09-06 02:04 - 00000000 ____D C:\Program Files\ESET
2015-09-05 18:08 - 2015-09-06 11:58 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-05 18:08 - 2015-09-05 21:57 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-05 18:05 - 2015-09-05 18:05 - 18779208 _____ C:\Users\Micke\Desktop\RogueKiller.exe
2015-09-05 10:18 - 2015-09-05 10:20 - 00033467 _____ C:\Users\Micke\Desktop\Addition.txt
2015-09-05 10:13 - 2015-09-06 13:33 - 00045212 _____ C:\Users\Micke\Desktop\FRST.txt
2015-09-04 20:41 - 2015-09-03 21:13 - 01690624 _____ (Farbar) C:\Users\Micke\Desktop\FRST.exe
2015-09-04 09:50 - 2015-09-04 10:03 - 00002664 _____ C:\Windows\IE11_main.log
2015-09-04 09:50 - 2015-09-04 09:50 - 02077392 _____ (Microsoft Corporation) C:\Users\Micke\Downloads\IE11-Windows6.1.exe
2015-09-04 09:17 - 2015-09-06 02:04 - 00000000 ____D C:\Users\Micke\Desktop\Virus(3)
2015-09-04 00:17 - 2015-09-04 09:03 - 00000000 ____D C:\AdwCleaner
2015-09-04 00:14 - 2015-09-04 00:14 - 01654272 _____ C:\Users\Micke\Desktop\adwcleaner_5.005.exe
2015-09-03 21:14 - 2015-09-06 13:33 - 00000000 ____D C:\FRST
2015-09-03 19:41 - 2015-09-03 19:41 - 00000000 ____D C:\Users\Micke\Desktop\Ny mapp (2)
2015-09-03 14:56 - 2015-09-06 11:33 - 00000336 _____ C:\Windows\setupact.log
2015-09-03 14:56 - 2015-09-03 14:56 - 00000000 _____ C:\Windows\setuperr.log
2015-09-03 14:54 - 2015-09-04 19:58 - 00005700 _____ C:\Windows\PFRO.log
2015-09-01 22:05 - 2015-09-01 22:05 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-01 06:10 - 2015-09-01 06:10 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Optimizer Pro
2015-08-27 14:26 - 2015-09-06 05:12 - 00000000 ____D C:\Program Files\RelayLevel
2015-08-27 14:26 - 2015-09-06 05:12 - 00000000 ____D C:\Program Files\ProcessInit
2015-08-26 05:26 - 2015-08-26 19:20 - 00000000 ____D C:\Windows\Minidump
2015-08-25 14:33 - 2015-08-25 14:34 - 00106132 _____ C:\Users\Micke\Desktop\cc_20150825_143319.reg
2015-08-25 11:40 - 2015-06-15 06:26 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-08-23 20:51 - 2015-08-23 20:51 - 00000000 ____D C:\Users\Micke\Documents\Scan
2015-08-19 09:38 - 2015-08-19 09:38 - 00053973 _____ C:\Users\Micke\Desktop\ACFrOgA40i1ByRHs2fXMUZEgkjmDIpfTRJoov4G7JFK2EFrZ-vrQw5V9mZykcV_jUT3KMNWNs1qgFRfugGg0jugG1rpPRZjLFs-GiKMG1bgvamkytb798REZL06gnqs=
2015-08-19 09:36 - 2015-08-19 09:36 - 00013996 _____ C:\Users\Micke\Downloads\ACFrOgDmDrogVpPLhinxfI6xYc3-p1lwt-2Hr3oScRw22Hhzd9t5CTmWTf9xGrqXRm79ze04EHVgf8oRyQD0SSKTzakRzMKSXF3C81qm4DRqwqoXnxdk7RZ9-gfz6Z0=
2015-08-16 00:14 - 2015-06-26 18:28 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw2E15.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00209048 _____ C:\Windows\system32\Drivers\asw3122.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw3567.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw200D.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw27FB.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00049904 _____ C:\Windows\system32\Drivers\asw2B94.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00024144 _____ C:\Windows\system32\Drivers\asw2471.tmp
2015-08-16 00:14 - 2015-06-15 06:26 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw1996.tmp
2015-08-13 07:44 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 5 Complete 720p.BRrip.Sujaidr
2015-08-13 07:39 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 4 Complete 720p.BRrip.Sujaidr
2015-08-13 07:14 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 3 Complete 720p.BRrip.Sujaidr
2015-08-13 07:13 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 2 Complete 720p.BRrip.Sujaidr
2015-08-13 07:02 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 1 Complete 720p.BRrip.Sujaidr
2015-08-12 20:11 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Desktop\Breaking Bad Season 1, 2, 3, 4 & 5 + Extras BDRip DVDRip HDTV TSV
2015-08-12 15:11 - 2015-08-12 15:11 - 00013996 _____ C:\Users\Micke\Desktop\ACFrOgCnktbCZqhEkiAAeAZdKdXVNlV4yMJh2U4GdGM_QTMsBQOL4daXmJmKTDplunANCA3bnVqXmJ5KLi8heTuGQyQ4bv-hpEGTzZaR10PbWUCUrYyNPY146JQtus4=
2015-08-09 13:26 - 2015-08-10 01:16 - 00000000 ____D C:\Users\Micke\Desktop\Ny mapp
2015-08-08 14:35 - 2015-08-08 14:35 - 00074792 _____ C:\Users\Micke\Desktop\ACFrOgACWmNNDt_AZVFMcVHw2hZ__2vq9vtFvHQ1qN2R-PWRsYr9VHLZLtw-t-WFdAvKyt9TIYp94NXoyBwiXrbawL-G-Hj1X4cZvXy-Q2d5pBWHaqGHkiNnK0ZMl3M=
2015-08-07 10:08 - 2015-08-07 10:08 - 00000000 ____D C:\Users\Micke\AppData\Local\CEF
2015-08-07 00:21 - 2015-09-03 14:54 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-06 13:29 - 2015-01-25 20:37 - 00000000 ____D C:\Users\Micke\AppData\Roaming\uTorrent
2015-09-06 13:10 - 2014-08-19 21:09 - 01354529 _____ C:\Windows\WindowsUpdate.log
2015-09-06 13:02 - 2014-08-22 19:42 - 00000868 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-06 12:59 - 2015-06-20 22:48 - 00001014 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000UA.job
2015-09-06 12:59 - 2014-08-20 12:18 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-06 11:57 - 2014-08-20 09:22 - 00000000 ____D C:\Users\Micke\Documents\Outlook-filer
2015-09-06 11:43 - 2009-07-14 06:34 - 00032976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-06 11:43 - 2009-07-14 06:34 - 00032976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-06 11:38 - 2014-10-12 16:17 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Spotify
2015-09-06 11:38 - 2014-08-23 16:10 - 00000000 ___RD C:\Users\Micke\Dropbox
2015-09-06 11:38 - 2014-08-23 14:56 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Dropbox
2015-09-06 11:36 - 2014-10-12 16:20 - 00000000 ____D C:\Users\Micke\AppData\Local\Spotify
2015-09-06 11:36 - 2014-08-20 12:17 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-06 11:34 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-06 08:58 - 2015-06-20 22:48 - 00000962 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000Core.job
2015-09-03 14:54 - 2014-08-19 21:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-25 15:31 - 2015-06-15 09:06 - 00000000 __SHD C:\Jumpshot
2015-08-25 14:46 - 2014-08-19 21:51 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-25 14:46 - 2014-08-19 21:51 - 00001072 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-25 14:44 - 2015-06-15 09:06 - 00000000 ____D C:\Windows\jumpshot.com
2015-08-25 13:16 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-25 12:32 - 2015-07-04 14:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-08-25 12:32 - 2014-08-20 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-25 12:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-08-25 12:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-08-25 12:30 - 2014-08-20 09:28 - 00000000 __RHD C:\MSOCache
2015-08-25 12:13 - 2014-08-19 22:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-25 11:50 - 2014-08-19 21:43 - 00000000 ____D C:\Users\Micke
2015-08-17 05:33 - 2015-07-30 14:02 - 00000000 ____D C:\Windows\system32\MRT
2015-08-17 05:16 - 2015-07-30 14:02 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-16 09:48 - 2014-08-22 19:42 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-16 09:48 - 2014-08-22 19:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-16 00:47 - 2015-07-22 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-16 00:47 - 2015-07-22 15:15 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-08-16 00:47 - 2014-08-22 19:42 - 00000000 ____D C:\Windows\system32\Macromed
2015-08-16 00:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-08-09 14:39 - 2011-04-12 08:32 - 00663312 _____ C:\Windows\system32\perfh01D.dat
2015-08-09 14:39 - 2011-04-12 08:32 - 00142080 _____ C:\Windows\system32\perfc01D.dat
2015-08-09 14:39 - 2010-11-20 23:01 - 01578190 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-10-20 17:38 - 2014-10-20 17:38 - 0000017 _____ () C:\Users\Micke\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Micke\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Micke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4ylxzv.dll
C:\Users\Micke\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Micke\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 17:15

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Micke (2015-09-06 13:34:15)
Running from C:\Users\Micke\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-2344796923-460791167-1111748507-500 - Administrator - Disabled)
Gäst (S-1-5-21-2344796923-460791167-1111748507-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2344796923-460791167-1111748507-1002 - Limited - Enabled)
Micke (S-1-5-21-2344796923-460791167-1111748507-1000 - Administrator - Enabled) => C:\Users\Micke

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Svenska (HKLM\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Dropbox (HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Läs bruksanvisningen (HKLM\...\View User Guide) (Version: 3.60.02.0 - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - sv-se (HKLM\...\ProPlusRetail - sv-se) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 sv-SE) (HKLM\...\Mozilla Firefox 40.0.3 (x86 sv-SE)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Samsung C460 Series (HKLM\...\Samsung C460 Series) (Version: 1.02 (2013-07-11) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.05.61 (2013-04-10) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.03.23.00(2013-05-03) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.09.14 (2013-02-05) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Spotify (HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

05-09-2015 03:00:15 Windows Update
06-09-2015 03:00:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-07-22 15:15 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1    mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09BC86A8-E454-433F-9C12-561AD4D70E9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2B0BD56B-3AF7-4D48-91F7-67BBBEBEF013} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000Core => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {41A4F5DA-E0F2-49BC-A841-63803D5319C3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {44E59D31-4399-490C-894D-F55DD106773D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {58919A09-90BD-4062-BDC1-370C8EEBF5C7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {639C62ED-1F49-4FF4-975A-AB2CE1729F24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {730C0496-93B3-4857-A1D5-7E3987365A31} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000UA => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {CD2EA173-D0C1-430F-8B92-A38A05B18A01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {D15F926C-880E-441D-956A-23B320C63E74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-16] (Adobe Systems Incorporated)
Task: {D44CC134-F680-413D-9DDF-059428F1B617} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {D60E030D-D5FE-4F20-8DED-B4307A97DD2E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-25] (Avast Software s.r.o.)
Task: {EE871092-1E80-4601-AEB0-830303EC1A95} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000Core.job => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000UA.job => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-15 06:26 - 2015-06-15 06:26 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-15 06:26 - 2015-06-15 06:26 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-06 10:07 - 2015-09-06 10:07 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090600\algo.dll
2014-08-28 13:36 - 2013-05-06 08:04 - 00024064 _____ () C:\Windows\System32\sst9clm.dll
2014-08-19 22:12 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-03-18 16:31 - 2015-03-18 16:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00056696 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-09-06 11:36 - 2015-09-06 11:36 - 00071168 _____ () c:\users\micke\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4ylxzv.dll
2015-09-01 22:05 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Micke\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-09-01 22:05 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Micke\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-01 22:05 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Micke\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-01 22:05 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Micke\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-08-16 09:48 - 2015-08-16 09:48 - 17482952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2344796923-460791167-1111748507-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Micke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 46.17.101.204 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4237C3EC-9295-4B39-A0BD-7E2DF29E277B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4720D742-DCE8-44A2-B771-4BD3DF78CE8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E78AB09F-9589-4F0E-8D50-F72864459507}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{04C42982-BD40-4E91-BBF9-F14B20F6401C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8C4A3B6E-D9E7-469A-8E1B-592473D42F6E}] => (Allow) C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{174E6398-989A-4C49-B562-FA8022A815A5}] => (Allow) C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{58AE0FD2-73EA-4047-95C0-ACD4E4D42C48}] => (Allow) C:\Windows\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe
FirewallRules: [{DC929D9A-6BAF-4BE5-AFAC-E09D3667CB75}] => (Allow) C:\Windows\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe
FirewallRules: [{BD97CC4D-161A-4779-9457-A5378009334B}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{E80FA658-6C7F-4BAD-A5EF-9925A2714134}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{4F1E9C2E-B434-4E83-870B-08FB9B6A9ACD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{AF0AB7F1-FBC1-404B-B5D4-C69F1F8E6139}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{2DA648F7-9BFF-4B42-AA15-6D6FFEE35D50}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{21BDE5E7-F3C8-4A6A-90A7-1B023FEC9FE1}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{CAB7FE27-8DA4-45E3-AE95-DA3194FD2574}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{CDA74FD1-AEF0-4A7C-AFEC-E820C7F3AADD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{EB819BF7-E3EC-45C5-9B4E-5198B395B2BB}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D0735AF7-2280-4A67-AA07-9C39728B36BC}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{DD99FD4E-1335-475B-99F9-AF3FB9EAB175}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{13275830-600C-407D-8B1E-EF11552C537F}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{1859F2A1-BCF3-42DE-907E-5B7AD79EEA44}C:\users\micke\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micke\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{0921A62C-70C6-42FD-A562-14729168A928}C:\users\micke\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micke\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{35E72BB7-3855-4938-B3AB-065F2691F877}C:\users\micke\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\micke\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{6C7B64DB-1C6C-44F5-B975-E277323C47F9}C:\users\micke\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\micke\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FA4CF73B-7D86-41F7-8B70-88589627EDB4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3C89BB29-4F94-4778-A404-C7470ECC9D00}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AED2765B-185E-4262-A6CE-AE8AD52BCAFA}] => (Allow) C:\Users\Micke\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A1953D07-F9CE-4B63-8A72-80E79593DF74}] => (Allow) C:\Users\Micke\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{92D8A5C9-0769-43F2-8F8C-BF081D2D4E11}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{D35A8B0F-8405-4696-8D2C-3C01836DA6C5}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{9DDF6DF9-FADE-4152-84E2-245C2FE232B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D6958697-067F-4014-A4D0-4B7A90BFC74E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0532C6E4-34D7-441F-8526-227A29BF7700}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D9B0629A-B7A3-4139-A3C4-A5B9E745EAB8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1BEA463B-390A-496E-BA88-C5C4AFD5407D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{EF109276-3A80-4079-BC61-95F5528F33DE}C:\users\micke\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\micke\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{3EED6737-E7B6-4F08-83AF-41F04EF5154B}C:\users\micke\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\micke\appdata\roaming\dropbox\bin\dropbox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2015 11:50:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet RogueKiller.exe, version 10.10.4.0, avslutades eftersom det slutade att samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 13bc

Starttid: 01d0e8896bad8a4d

Avslutningstid: 0

Programsökväg: C:\Users\Micke\Desktop\RogueKiller.exe

Rapport-ID: ba2dda5f-547c-11e5-b1ed-001a7d0abf3d

Error: (09/06/2015 11:34:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2015 01:51:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 10:29:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1.
Den beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (09/04/2015 09:17:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 08:43:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när gränssnittet IVssWriterCallback skulle erhållas.  hr = 0x80070005, Åtkomst nekad.
.
Det orsakas ofta av inkorrekta säkerhetsinställningar i processen för antingen skrivaren eller beställaren.


Åtgärd:
   Samlar in skrivardata

Kontext:
   Skrivarklass-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Skrivarnamn: System Writer
   Skrivarinstans-ID: {76b894b9-b93f-48ef-87a2-944e3e52585a}

Error: (09/04/2015 08:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 09:14:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 01:21:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1.
Den beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (09/04/2015 01:21:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1.
Den beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.


System errors:
=============
Error: (09/06/2015 11:39:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjänsten Windows Defender avbröts med följande fel:
%%-2147023113

Error: (09/06/2015 11:33:54 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/06/2015 11:33:54 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/06/2015 04:45:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x800706f7: Säkerhetsuppdatering för Microsoft .NET Framework 3.5.1 i Windows 7 SP1 x86 (KB3048070).

Error: (09/06/2015 03:04:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x800706f7: Uppdatering för Windows 7 (KB3006137).

Error: (09/06/2015 03:04:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x800706f7: Säkerhetsuppdatering för Microsoft .NET Framework 3.5.1 i Windows 7 SP1 x86 (KB3032655).

Error: (09/06/2015 03:04:11 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x800706f7: Säkerhetsuppdatering för Windows 7 (KB3046269).

Error: (09/06/2015 03:03:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x800706f7: Säkerhetsuppdatering för Microsoft .NET Framework 3.5.1 i Windows 7 SP1 x86 (KB3037574).

Error: (09/06/2015 03:02:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT instans)
Description: Installationsfel: Det gick inte att installera följande uppdatering på grund av fel 0x800706f7: Säkerhetsuppdatering för Microsoft .NET Framework 3.5.1 i Windows 7 SP1 x86 (KB3023215).

Error: (09/06/2015 01:57:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Tjänsten Windows Defender avbröts med följande fel:
%%-2147023113


Microsoft Office:
=========================
Error: (09/06/2015 11:50:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: RogueKiller.exe10.10.4.013bc01d0e8896bad8a4d0C:\Users\Micke\Desktop\RogueKiller.exeba2dda5f-547c-11e5-b1ed-001a7d0abf3d

Error: (09/06/2015 11:34:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2015 01:51:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 10:29:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\samsung c460 series\Setup\Setup\bin\wiainst64.exe

Error: (09/04/2015 09:17:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 08:43:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Åtkomst nekad.


Åtgärd:
   Samlar in skrivardata

Kontext:
   Skrivarklass-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Skrivarnamn: System Writer
   Skrivarinstans-ID: {76b894b9-b93f-48ef-87a2-944e3e52585a}

Error: (09/04/2015 08:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 09:14:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2015 01:21:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\network pc fax\drv\NetFaxTray64.exe

Error: (09/04/2015 01:21:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\network pc fax\drv\NetFaxMon64.exe


CodeIntegrity:
===================================
  Date: 2015-09-06 11:50:08.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 11:34:11.774
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 10:32:36.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 10:14:16.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 10:04:51.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 01:50:13.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 01:47:25.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 00:21:46.542
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-05 18:39:54.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-04 21:45:38.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 63%
Total physical RAM: 3071.27 MB
Available physical RAM: 1113.43 MB
Total Virtual: 6140.84 MB
Available Virtual: 4428.77 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:20.49 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:137.33 GB) (Free:58.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Länk till kommentar
Dela på andra webbplatser

1. Vad är detta för konstiga filer du har på skrivbordet resp. i mappen Hämtade filer?

2015-08-19 09:38 - 2015-08-19 09:38 - 00053973 _____ C:\Users\Micke\Desktop\ACFrOgA40i1ByRHs2fXMUZEgkjmDIpfTRJoov4G7JFK2EFrZ-vrQw5V9mZykcV_jUT3KMNWNs1qgFRfugGg0jugG1rpPRZjLFs-GiKMG1bgvamkytb798REZL06gnqs=
2015-08-19 09:36 - 2015-08-19 09:36 - 00013996 _____ C:\Users\Micke\Downloads\ACFrOgDmDrogVpPLhinxfI6xYc3-p1lwt-2Hr3oScRw22Hhzd9t5CTmWTf9xGrqXRm79ze04EHVgf8oRyQD0SSKTzakRzMKSXF3C81qm4DRqwqoXnxdk7RZ9-gfz6Z0=

2015-08-12 15:11 - 2015-08-12 15:11 - 00013996 _____ C:\Users\Micke\Desktop\ACFrOgCnktbCZqhEkiAAeAZdKdXVNlV4yMJh2U4GdGM_QTMsBQOL4daXmJmKTDplunANCA3bnVqXmJ5KLi8heTuGQyQ4bv-hpEGTzZaR10PbWUCUrYyNPY146JQtus4=
2015-08-08 14:35 - 2015-08-08 14:35 - 00074792 _____ C:\Users\Micke\Desktop\ACFrOgACWmNNDt_AZVFMcVHw2hZ__2vq9vtFvHQ1qN2R-PWRsYr9VHLZLtw-t-WFdAvKyt9TIYp94NXoyBwiXrbawL-G-Hj1X4cZvXy-Q2d5pBWHaqGHkiNnK0ZMl3M=

 

 

2. Hur står det till med dina Windows-filer?

Windows-filer ska vara signerade av Microsoft för att man ska veta att de inte har ändrats, men du har mängder av Windows-filer som inte är signerade och således är de inte pålitliga.

 

 

3. Starta programmet Anteckningar.
Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1
S3 cpuz134; \??\C:\Users\Micke\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-09-01 06:10 - 2015-09-01 06:10 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Optimizer Pro
2015-08-27 14:26 - 2015-09-06 05:12 - 00000000 ____D C:\Program Files\RelayLevel
2015-08-27 14:26 - 2015-09-06 05:12 - 00000000 ____D C:\Program Files\ProcessInit
DNS Servers: 46.17.101.204 - 192.168.1.1
CMD: ipconfig /flushdns
Reboot:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Om datorn inte startas om automatiskt så gör det själv.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.
Länk till kommentar
Dela på andra webbplatser

Fix result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Micke (2015-09-06 18:52:47) Run:2
Running from C:\Users\Micke\Desktop
Loaded Profiles: Micke (Available Profiles: Micke)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1
S3 cpuz134; \??\C:\Users\Micke\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-09-01 06:10 - 2015-09-01 06:10 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Optimizer Pro
2015-08-27 14:26 - 2015-09-06 05:12 - 00000000 ____D C:\Program Files\RelayLevel
2015-08-27 14:26 - 2015-09-06 05:12 - 00000000 ____D C:\Program Files\ProcessInit
DNS Servers: 46.17.101.204 - 192.168.1.1
CMD: ipconfig /flushdns
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}\\DhcpNameServer => value not found.
cpuz134 => service removed successfully.
VGPU => service removed successfully.
C:\Users\Micke\AppData\Roaming\Optimizer Pro => moved successfully
C:\Program Files\RelayLevel => moved successfully
C:\Program Files\ProcessInit => moved successfully
DNS Servers: 46.17.101.204 - 192.168.1.1 => Error: No automatic fix found for this entry.

=========  ipconfig /flushdns =========


IP-konfiguration f�r Windows

DNS-matcharens cacheminne har rensats.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 18:53:16 ====

Länk till kommentar
Dela på andra webbplatser

 

1. Vad är detta för konstiga filer du har på skrivbordet resp. i mappen Hämtade filer?

2015-08-19 09:38 - 2015-08-19 09:38 - 00053973 _____ C:\Users\Micke\Desktop\ACFrOgA40i1ByRHs2fXMUZEgkjmDIpfTRJoov4G7JFK2EFrZ-vrQw5V9mZykcV_jUT3KMNWNs1qgFRfugGg0jugG1rpPRZjLFs-GiKMG1bgvamkytb798REZL06gnqs=

2015-08-19 09:36 - 2015-08-19 09:36 - 00013996 _____ C:\Users\Micke\Downloads\ACFrOgDmDrogVpPLhinxfI6xYc3-p1lwt-2Hr3oScRw22Hhzd9t5CTmWTf9xGrqXRm79ze04EHVgf8oRyQD0SSKTzakRzMKSXF3C81qm4DRqwqoXnxdk7RZ9-gfz6Z0=

2015-08-12 15:11 - 2015-08-12 15:11 - 00013996 _____ C:\Users\Micke\Desktop\ACFrOgCnktbCZqhEkiAAeAZdKdXVNlV4yMJh2U4GdGM_QTMsBQOL4daXmJmKTDplunANCA3bnVqXmJ5KLi8heTuGQyQ4bv-hpEGTzZaR10PbWUCUrYyNPY146JQtus4=

2015-08-08 14:35 - 2015-08-08 14:35 - 00074792 _____ C:\Users\Micke\Desktop\ACFrOgACWmNNDt_AZVFMcVHw2hZ__2vq9vtFvHQ1qN2R-PWRsYr9VHLZLtw-t-WFdAvKyt9TIYp94NXoyBwiXrbawL-G-Hj1X4cZvXy-Q2d5pBWHaqGHkiNnK0ZMl3M=

 

 

2. Hur står det till med dina Windows-filer?

Windows-filer ska vara signerade av Microsoft för att man ska veta att de inte har ändrats, men du har mängder av Windows-filer som inte är signerade och således är de inte pålitliga.

 

 

3. Starta programmet Anteckningar.

Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1
S3 cpuz134; \??\C:\Users\Micke\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-09-01 06:10 - 2015-09-01 06:10 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Optimizer Pro
2015-08-27 14:26 - 2015-09-06 05:12 - 00000000 ____D C:\Program Files\RelayLevel
2015-08-27 14:26 - 2015-09-06 05:12 - 00000000 ____D C:\Program Files\ProcessInit
DNS Servers: 46.17.101.204 - 192.168.1.1
CMD: ipconfig /flushdns
Reboot:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på skrivbordet med namnet fixlist.txt.

 

Stäng av alla program.

Starta FRST som finns på skrivbordet.

Klicka på knappen Fix.

Vänta tills programmet är klart.

Om datorn inte startas om automatiskt så gör det själv.

 

Programmet skapar en logg Fixlog.txt på skrivbordet.

Klistra in innehållet i den i ditt svar.

 

Dom konstiga filerna är posten elr Schenkers utskriftsbara fraktsedel.

 

Har ingen aning hur windowsfilerna är, vet bara att den vägrat systemåterställning ett tag

Länk till kommentar
Dela på andra webbplatser

kört den nu, det stod att inte alla filer kunde repareras och att en log skapats i C:\Windows\Logs\CBS\CBS.log    hittar den där men nekas åtkomst

Länk till kommentar
Dela på andra webbplatser

Du kan pröva med att kopiera CBS.log och klistra in den på skrivbordet, men det är inte lätt att begripa sig på den.

 

Kan du skanna med FRST och bifoga FRST.txt för en kontroll av att DNS-inställningarna fortsätter att vara de riktiga.

Länk till kommentar
Dela på andra webbplatser

Nej, den loggen är nog alldeles för stor för det så den behöver bifogas i stället. Eftersom den inte heller har med skadliga program att göra, och jag inte kan mycket om att åtgärda problem som visas i den, utan det handlar om problem med Windows-filer är det bäst att du tar det i en ny tråd i underforumet för Windows.

Länk till kommentar
Dela på andra webbplatser

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-09-2015 01
Ran by Micke (administrator) on MICKE-DATOR (07-09-2015 11:34:44)
Running from C:\Users\Micke\Desktop
Loaded Profiles: Micke (Available Profiles: Micke)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Spotify Ltd) C:\Users\Micke\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\Micke\AppData\Roaming\uTorrent\uTorrent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(Dropbox, Inc.) C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-15] (Avast Software s.r.o.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Run: [spotify Web Helper] => C:\Users\Micke\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Run: [uTorrent] => C:\Users\Micke\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-28] (BitTorrent Inc.)
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Run: [spotify] => C:\Users\Micke\AppData\Roaming\Spotify\Spotify.exe [7535672 2015-09-03] (Spotify Ltd)
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Run: [Dropbox Update] => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-15] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-07-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-08-28]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
Startup: C:\Users\Micke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{033F4DAA-4461-435E-92E4-ABA38DDB944D}: [DhcpNameServer] 46.17.101.204 192.168.1.1
Tcpip\..\Interfaces\{11124D57-F19C-4653-960F-42B27E12A018}: [DhcpNameServer] 46.17.101.204 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2344796923-460791167-1111748507-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://se.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-07] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\4vlvrbc8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-16] ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-19] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-20]

Chrome:
=======
CHR Profile: C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-20]
CHR Extension: (Google Wallet) - C:\Users\Micke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-15] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-15] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1874104 2015-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [235696 2015-06-26] (McAfee, Inc.)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [378416 2013-02-05] (Samsung Electronics Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-15] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-15] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-15] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-15] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-15] ()
S3 eapihdrv; C:\Users\Micke\AppData\Local\Temp\ehdrv.sys [135760 2015-09-06] (ESET)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-04-10] (Samsung Electronics) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-15] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 11:34 - 2015-09-07 11:34 - 00000000 ____D C:\Users\Micke\Desktop\FRST-OlderVersion
2015-09-07 11:30 - 2015-09-07 10:12 - 87346729 _____ C:\Users\Micke\Desktop\CBS.log
2015-09-07 03:08 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-07 03:08 - 2015-01-09 01:44 - 00419936 _____ C:\Windows\system32\locale.nls
2015-09-06 02:04 - 2015-09-06 02:04 - 00000000 ____D C:\Program Files\ESET
2015-09-05 18:08 - 2015-09-06 11:58 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-05 18:08 - 2015-09-05 21:57 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-05 18:05 - 2015-09-05 18:05 - 18779208 _____ C:\Users\Micke\Desktop\RogueKiller.exe
2015-09-05 10:18 - 2015-09-06 13:35 - 00033661 _____ C:\Users\Micke\Desktop\Addition.txt
2015-09-05 10:13 - 2015-09-07 11:36 - 00011556 _____ C:\Users\Micke\Desktop\FRST.txt
2015-09-04 20:41 - 2015-09-07 11:34 - 01692160 _____ (Farbar) C:\Users\Micke\Desktop\FRST.exe
2015-09-04 09:50 - 2015-09-04 10:03 - 00002664 _____ C:\Windows\IE11_main.log
2015-09-04 09:50 - 2015-09-04 09:50 - 02077392 _____ (Microsoft Corporation) C:\Users\Micke\Downloads\IE11-Windows6.1.exe
2015-09-04 09:17 - 2015-09-06 02:04 - 00000000 ____D C:\Users\Micke\Desktop\Virus(3)
2015-09-04 00:17 - 2015-09-04 09:03 - 00000000 ____D C:\AdwCleaner
2015-09-04 00:14 - 2015-09-04 00:14 - 01654272 _____ C:\Users\Micke\Desktop\adwcleaner_5.005.exe
2015-09-03 21:14 - 2015-09-07 11:34 - 00000000 ____D C:\FRST
2015-09-03 19:41 - 2015-09-03 19:41 - 00000000 ____D C:\Users\Micke\Desktop\Ny mapp (2)
2015-09-03 14:56 - 2015-09-07 03:42 - 00000504 _____ C:\Windows\setupact.log
2015-09-03 14:56 - 2015-09-03 14:56 - 00000000 _____ C:\Windows\setuperr.log
2015-09-03 14:54 - 2015-09-04 19:58 - 00005700 _____ C:\Windows\PFRO.log
2015-09-01 22:05 - 2015-09-01 22:05 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-26 05:26 - 2015-08-26 19:20 - 00000000 ____D C:\Windows\Minidump
2015-08-25 14:33 - 2015-08-25 14:34 - 00106132 _____ C:\Users\Micke\Desktop\cc_20150825_143319.reg
2015-08-25 11:40 - 2015-06-15 06:26 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-08-23 20:51 - 2015-08-23 20:51 - 00000000 ____D C:\Users\Micke\Documents\Scan
2015-08-19 09:38 - 2015-08-19 09:38 - 00053973 _____ C:\Users\Micke\Desktop\ACFrOgA40i1ByRHs2fXMUZEgkjmDIpfTRJoov4G7JFK2EFrZ-vrQw5V9mZykcV_jUT3KMNWNs1qgFRfugGg0jugG1rpPRZjLFs-GiKMG1bgvamkytb798REZL06gnqs=
2015-08-19 09:36 - 2015-08-19 09:36 - 00013996 _____ C:\Users\Micke\Downloads\ACFrOgDmDrogVpPLhinxfI6xYc3-p1lwt-2Hr3oScRw22Hhzd9t5CTmWTf9xGrqXRm79ze04EHVgf8oRyQD0SSKTzakRzMKSXF3C81qm4DRqwqoXnxdk7RZ9-gfz6Z0=
2015-08-16 00:14 - 2015-06-26 18:28 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw2E15.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00209048 _____ C:\Windows\system32\Drivers\asw3122.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw3567.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw200D.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw27FB.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00049904 _____ C:\Windows\system32\Drivers\asw2B94.tmp
2015-08-16 00:14 - 2015-06-15 06:27 - 00024144 _____ C:\Windows\system32\Drivers\asw2471.tmp
2015-08-16 00:14 - 2015-06-15 06:26 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw1996.tmp
2015-08-13 07:44 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 5 Complete 720p.BRrip.Sujaidr
2015-08-13 07:39 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 4 Complete 720p.BRrip.Sujaidr
2015-08-13 07:14 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 3 Complete 720p.BRrip.Sujaidr
2015-08-13 07:13 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 2 Complete 720p.BRrip.Sujaidr
2015-08-13 07:02 - 2015-08-16 00:46 - 00000000 ____D C:\Users\Micke\Downloads\Breaking Bad Season 1 Complete 720p.BRrip.Sujaidr
2015-08-12 15:11 - 2015-08-12 15:11 - 00013996 _____ C:\Users\Micke\Desktop\ACFrOgCnktbCZqhEkiAAeAZdKdXVNlV4yMJh2U4GdGM_QTMsBQOL4daXmJmKTDplunANCA3bnVqXmJ5KLi8heTuGQyQ4bv-hpEGTzZaR10PbWUCUrYyNPY146JQtus4=
2015-08-09 13:26 - 2015-09-06 19:44 - 00000000 ____D C:\Users\Micke\Desktop\Ny mapp
2015-08-08 14:35 - 2015-08-08 14:35 - 00074792 _____ C:\Users\Micke\Desktop\ACFrOgACWmNNDt_AZVFMcVHw2hZ__2vq9vtFvHQ1qN2R-PWRsYr9VHLZLtw-t-WFdAvKyt9TIYp94NXoyBwiXrbawL-G-Hj1X4cZvXy-Q2d5pBWHaqGHkiNnK0ZMl3M=

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 11:35 - 2015-01-25 20:37 - 00000000 ____D C:\Users\Micke\AppData\Roaming\uTorrent
2015-09-07 11:34 - 2014-08-20 09:22 - 00000000 ____D C:\Users\Micke\Documents\Outlook-filer
2015-09-07 11:21 - 2015-06-20 22:48 - 00001014 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000UA.job
2015-09-07 11:20 - 2014-08-22 19:42 - 00000868 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-07 11:20 - 2014-08-20 12:18 - 00000982 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-07 11:20 - 2014-08-19 21:09 - 01281192 _____ C:\Windows\WindowsUpdate.log
2015-09-07 09:59 - 2014-08-20 12:17 - 00000978 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-07 08:58 - 2015-06-20 22:48 - 00000962 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000Core.job
2015-09-07 07:01 - 2014-10-12 16:17 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Spotify
2015-09-07 07:01 - 2014-08-23 16:10 - 00000000 ___RD C:\Users\Micke\Dropbox
2015-09-07 07:01 - 2014-08-23 14:56 - 00000000 ____D C:\Users\Micke\AppData\Roaming\Dropbox
2015-09-07 07:00 - 2014-10-12 16:20 - 00000000 ____D C:\Users\Micke\AppData\Local\Spotify
2015-09-07 03:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-07 03:53 - 2009-07-14 06:34 - 00032976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-07 03:53 - 2009-07-14 06:34 - 00032976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-07 03:46 - 2009-07-14 06:33 - 00434176 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-07 03:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-07 01:10 - 2011-04-12 08:32 - 00663312 _____ C:\Windows\system32\perfh01D.dat
2015-09-07 01:10 - 2011-04-12 08:32 - 00142080 _____ C:\Windows\system32\perfc01D.dat
2015-09-07 01:10 - 2010-11-20 23:01 - 01578190 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-06 23:17 - 2014-08-29 11:15 - 00000000 ____D C:\Users\Micke\Desktop\Bilder
2015-09-03 14:54 - 2015-08-07 00:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-03 14:54 - 2014-08-19 21:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-25 15:31 - 2015-06-15 09:06 - 00000000 __SHD C:\Jumpshot
2015-08-25 14:46 - 2014-08-19 21:51 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-25 14:46 - 2014-08-19 21:51 - 00001072 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-25 14:44 - 2015-06-15 09:06 - 00000000 ____D C:\Windows\jumpshot.com
2015-08-25 12:32 - 2015-07-04 14:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-08-25 12:32 - 2014-08-20 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-25 12:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-08-25 12:32 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-08-25 12:30 - 2014-08-20 09:28 - 00000000 __RHD C:\MSOCache
2015-08-25 12:13 - 2014-08-19 22:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-25 11:50 - 2014-08-19 21:43 - 00000000 ____D C:\Users\Micke
2015-08-17 05:33 - 2015-07-30 14:02 - 00000000 ____D C:\Windows\system32\MRT
2015-08-17 05:16 - 2015-07-30 14:02 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-16 09:48 - 2014-08-22 19:42 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-16 09:48 - 2014-08-22 19:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-16 00:47 - 2015-07-22 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-16 00:47 - 2015-07-22 15:15 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-08-16 00:47 - 2014-08-22 19:42 - 00000000 ____D C:\Windows\system32\Macromed
2015-08-16 00:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles

==================== Files in the root of some directories =======

2014-10-20 17:38 - 2014-10-20 17:38 - 0000017 _____ () C:\Users\Micke\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Micke\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Micke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvzwobq.dll
C:\Users\Micke\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Micke\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 17:15

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-09-2015 01
Ran by Micke (2015-09-07 11:36:56)
Running from C:\Users\Micke\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-08-19 19:43:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-2344796923-460791167-1111748507-500 - Administrator - Disabled)
Gäst (S-1-5-21-2344796923-460791167-1111748507-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2344796923-460791167-1111748507-1002 - Limited - Enabled)
Micke (S-1-5-21-2344796923-460791167-1111748507-1000 - Administrator - Enabled) => C:\Users\Micke

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Svenska (HKLM\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Dropbox (HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
Läs bruksanvisningen (HKLM\...\View User Guide) (Version: 3.60.02.0 - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - sv-se (HKLM\...\ProPlusRetail - sv-se) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 sv-SE) (HKLM\...\Mozilla Firefox 40.0.3 (x86 sv-SE)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Samsung C460 Series (HKLM\...\Samsung C460 Series) (Version: 1.02 (2013-07-11) - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.05.61 (2013-04-10) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.03.23.00(2013-05-03) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM\...\Easy Wireless Setup) (Version: 3.60.40.03 - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.09.14 (2013-02-05) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Spotify (HKU\S-1-5-21-2344796923-460791167-1111748507-1000\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Micke\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2344796923-460791167-1111748507-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Micke\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

05-09-2015 03:00:15 Windows Update
06-09-2015 03:00:39 Windows Update
06-09-2015 18:52:48 Restore Point Created by FRST
07-09-2015 03:00:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-07-22 15:15 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1    mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09BC86A8-E454-433F-9C12-561AD4D70E9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2B0BD56B-3AF7-4D48-91F7-67BBBEBEF013} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000Core => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {41A4F5DA-E0F2-49BC-A841-63803D5319C3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {44E59D31-4399-490C-894D-F55DD106773D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {58919A09-90BD-4062-BDC1-370C8EEBF5C7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {639C62ED-1F49-4FF4-975A-AB2CE1729F24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {730C0496-93B3-4857-A1D5-7E3987365A31} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000UA => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {CD2EA173-D0C1-430F-8B92-A38A05B18A01} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {D15F926C-880E-441D-956A-23B320C63E74} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-16] (Adobe Systems Incorporated)
Task: {D44CC134-F680-413D-9DDF-059428F1B617} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {D60E030D-D5FE-4F20-8DED-B4307A97DD2E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-25] (Avast Software s.r.o.)
Task: {EE871092-1E80-4601-AEB0-830303EC1A95} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000Core.job => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2344796923-460791167-1111748507-1000UA.job => C:\Users\Micke\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-15 06:26 - 2015-06-15 06:26 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-15 06:26 - 2015-06-15 06:26 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-06 23:20 - 2015-09-06 23:20 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090601\algo.dll
2014-08-28 13:36 - 2013-05-06 08:04 - 00024064 _____ () C:\Windows\System32\sst9clm.dll
2014-08-19 22:12 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2015-03-18 16:31 - 2015-03-18 16:31 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00056696 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-09-07 07:00 - 2015-09-07 07:00 - 00071168 _____ () c:\users\micke\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvzwobq.dll
2015-09-01 22:05 - 2015-08-05 07:26 - 00012800 _____ () C:\Users\Micke\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-09-01 22:05 - 2015-08-05 07:26 - 00779776 _____ () C:\Users\Micke\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-09-01 22:05 - 2015-08-05 07:26 - 00056320 _____ () C:\Users\Micke\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-09-01 22:05 - 2015-08-05 07:26 - 00012288 _____ () C:\Users\Micke\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-07-24 03:47 - 2015-07-24 03:47 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-11-21 06:26 - 2014-11-21 06:26 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2344796923-460791167-1111748507-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Micke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 46.17.101.204 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4237C3EC-9295-4B39-A0BD-7E2DF29E277B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4720D742-DCE8-44A2-B771-4BD3DF78CE8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E78AB09F-9589-4F0E-8D50-F72864459507}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{04C42982-BD40-4E91-BBF9-F14B20F6401C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8C4A3B6E-D9E7-469A-8E1B-592473D42F6E}] => (Allow) C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{174E6398-989A-4C49-B562-FA8022A815A5}] => (Allow) C:\Users\Micke\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{58AE0FD2-73EA-4047-95C0-ACD4E4D42C48}] => (Allow) C:\Windows\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe
FirewallRules: [{DC929D9A-6BAF-4BE5-AFAC-E09D3667CB75}] => (Allow) C:\Windows\twain_32\Samsung\SLC460\ScanCDLM\ScanCDLM.exe
FirewallRules: [{BD97CC4D-161A-4779-9457-A5378009334B}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{E80FA658-6C7F-4BAD-A5EF-9925A2714134}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{4F1E9C2E-B434-4E83-870B-08FB9B6A9ACD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{AF0AB7F1-FBC1-404B-B5D4-C69F1F8E6139}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{2DA648F7-9BFF-4B42-AA15-6D6FFEE35D50}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{21BDE5E7-F3C8-4A6A-90A7-1B023FEC9FE1}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{CAB7FE27-8DA4-45E3-AE95-DA3194FD2574}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{CDA74FD1-AEF0-4A7C-AFEC-E820C7F3AADD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{EB819BF7-E3EC-45C5-9B4E-5198B395B2BB}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{D0735AF7-2280-4A67-AA07-9C39728B36BC}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{DD99FD4E-1335-475B-99F9-AF3FB9EAB175}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{13275830-600C-407D-8B1E-EF11552C537F}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{1859F2A1-BCF3-42DE-907E-5B7AD79EEA44}C:\users\micke\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micke\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{0921A62C-70C6-42FD-A562-14729168A928}C:\users\micke\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micke\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{35E72BB7-3855-4938-B3AB-065F2691F877}C:\users\micke\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\micke\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{6C7B64DB-1C6C-44F5-B975-E277323C47F9}C:\users\micke\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\micke\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FA4CF73B-7D86-41F7-8B70-88589627EDB4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3C89BB29-4F94-4778-A404-C7470ECC9D00}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AED2765B-185E-4262-A6CE-AE8AD52BCAFA}] => (Allow) C:\Users\Micke\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A1953D07-F9CE-4B63-8A72-80E79593DF74}] => (Allow) C:\Users\Micke\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{92D8A5C9-0769-43F2-8F8C-BF081D2D4E11}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{D35A8B0F-8405-4696-8D2C-3C01836DA6C5}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{9DDF6DF9-FADE-4152-84E2-245C2FE232B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{D6958697-067F-4014-A4D0-4B7A90BFC74E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{0532C6E4-34D7-441F-8526-227A29BF7700}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D9B0629A-B7A3-4139-A3C4-A5B9E745EAB8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1BEA463B-390A-496E-BA88-C5C4AFD5407D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{EF109276-3A80-4079-BC61-95F5528F33DE}C:\users\micke\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\micke\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{3EED6737-E7B6-4F08-83AF-41F04EF5154B}C:\users\micke\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\micke\appdata\roaming\dropbox\bin\dropbox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2015 03:53:16 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

Error: (09/07/2015 03:44:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 01:11:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet Explorer.EXE, version 6.1.7601.17567, avslutades eftersom det slutade att samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: ca0

Starttid: 01d0e8f874c55051

Avslutningstid: 0

Programsökväg: C:\Windows\Explorer.EXE

Rapport-ID: 7780f86b-54ec-11e5-a84d-001a7d0abf3d

Error: (09/07/2015 01:04:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 12:32:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2015 07:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2015 06:52:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när gränssnittet IVssWriterCallback skulle erhållas.  hr = 0x80070005, Åtkomst nekad.
.
Det orsakas ofta av inkorrekta säkerhetsinställningar i processen för antingen skrivaren eller beställaren.


Åtgärd:
   Samlar in skrivardata

Kontext:
   Skrivarklass-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Skrivarnamn: System Writer
   Skrivarinstans-ID: {76e36b69-86e9-4a92-b8c8-dad80166dd7f}

Error: (09/06/2015 04:16:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1.
Den beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (09/06/2015 04:16:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1.
Den beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (09/06/2015 04:16:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1.
Den beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.


System errors:
=============
Error: (09/07/2015 11:20:20 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/07/2015 09:48:24 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/07/2015 08:26:21 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/07/2015 07:38:46 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/07/2015 06:59:43 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/07/2015 03:42:37 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/07/2015 03:42:37 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/07/2015 01:10:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Tjänsten Windows Update stannade under start.

Error: (09/07/2015 01:03:28 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/07/2015 01:03:28 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office:
=========================
Error: (09/07/2015 03:53:16 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020
Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil

Error: (09/07/2015 03:44:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 01:11:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567ca001d0e8f874c550510C:\Windows\Explorer.EXE7780f86b-54ec-11e5-a84d-001a7d0abf3d

Error: (09/07/2015 01:04:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/07/2015 12:32:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2015 07:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/06/2015 06:52:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Åtkomst nekad.


Åtgärd:
   Samlar in skrivardata

Kontext:
   Skrivarklass-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Skrivarnamn: System Writer
   Skrivarinstans-ID: {76e36b69-86e9-4a92-b8c8-dad80166dd7f}

Error: (09/06/2015 04:16:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\network pc fax\drv\NetFaxTray64.exe

Error: (09/06/2015 04:16:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\network pc fax\drv\NetFaxMon64.exe

Error: (09/06/2015 04:16:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\samsung c460 series\Setup\Setup\bin\wiainst64.exe


CodeIntegrity:
===================================
  Date: 2015-09-06 19:39:13.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 19:17:32.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 17:53:28.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 11:50:08.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 11:34:11.774
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 10:32:36.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 10:14:16.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 10:04:51.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 01:50:13.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-09-06 01:47:25.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T5850 @ 2.16GHz
Percentage of memory in use: 31%
Total physical RAM: 3071.27 MB
Available physical RAM: 2104.12 MB
Total Virtual: 6140.84 MB
Available Virtual: 4682.79 MB

==================== Drives ================================

Drive c: (VistaOS) (Fixed) (Total:149.04 GB) (Free:15.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:137.33 GB) (Free:58.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 97646C29)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Länk till kommentar
Dela på andra webbplatser

Vill inte försvinna :(

 

Är det fortfarande problem med att köra Esets skanner med alla tre webbläsarna?

I så fall pröva ett par av dessa online-scanners:

http://www.bitdefender.com/scanner/online/free.html

https://www.f-secure.com/sv_SE/web/home_se/online-scanner

http://www.kaspersky.com/se/security-scan

https://security.symantec.com/nss/getnss.aspx?langid=ie&venid=sym

Om det går så välj att de inte ska ta bort något utan bara ge dig en rapport om vad som hittas.

 

Eller kanske ändå hellre en CD-skiva eller USB-minne med antivirusprogram på som du startar datorn från. Mer krångel för dig men det kan vara lättare att genomsöka hårddisken när inte Windows är igång.

http://www.eset.com/int/support/sysrescue/

https://www.f-secure.com/en/web/labs_global/rescue-cd

http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html

https://security.symantec.com/nbrt/nbrt.aspx?

http://support.kaspersky.com/viruses/rescuedisk

Länk till kommentar
Dela på andra webbplatser

Det där handlar inte om skadliga program utan om inställningar som du senare kan fundera över hur du vill ha dem.

Länk till kommentar
Dela på andra webbplatser

OK, dom övriga hittar inget, det verkar som om alla dessa popups som kommer överallt slöar ned datorn massor, när det kommer en så dör nästan datorn

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...