Just nu i M3-nätverket
Jump to content

Genvägs virus


Hellspawn394

Recommended Posts

Hejsan! Skulle behöva hjälp med ett virus.

Tror jag fått ett så kallat genvägs virus ifrån ett usb minne, det stängde av regedit och aktivitets hanteraren. Lyckades få bort filen genom Malwarebytes, men problemen kvarstår.

 

Kan inte gå in på regedit eller Aktivitets hanteraren, kan inte heller gå in på vissa program och spel, Steam, Battle.net, WoW mm då dem krashar direkt.

 

Har kört igenom datorn med flera andra AV program men inte lyckats få bort viruset.

 

Dett är nu andra gången jag skriver ett nytt inlägg då Firefox fryser när jag försöker bifoga andra FRST filen, så lägger upp den i ett till inlägg.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by Alexander (administrator) on ALEXANDER-PC (20-01-2017 21:08:47)
Running from F:\Downloads\Mozilla firefox nedladdningar
Loaded Profiles: Alexander (Available Profiles: Alexander)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(SUPERAntiSpyware.com) F:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect32.exe
(Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect64.exe
(DT Soft Ltd) F:\Program Files\DAEMON Tools Lite\DTLite.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(VirusSecureLab) C:\Program Files (x86)\Virus Secure Lab\Virus Effect Remover\Virus Effect Remover.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) F:\Program Files\Mozilla Firefox\firefox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Cpu Level Up help] => F:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [971904 2009-12-28] ()
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [666136 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4171208 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [sMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1736704 2017-01-14] (Smadsoft)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [DisallowRun] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Run: [DAEMON Tools Lite] => F:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Run: [steam] => F:\Program Files\Steam\steam.exe [2946336 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Run: [uTorrent] => C:\Users\Alexander\AppData\Roaming\uTorrent\uTorrent.exe [2220224 2016-11-27] (BitTorrent Inc.)
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26502272 2016-06-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Run: [sUPERAntiSpyware] => F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-05] (SUPERAntiSpyware)
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Run: [Virus Effect Remover] => C:\Program Files (x86)\Virus Secure Lab\Virus Effect Remover\Virus Effect Remover.exe [1583104 2010-03-12] (VirusSecureLab)
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Run: [spybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1080832 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [NoUpdateCheck] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [TaskbarNoThumbnail] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alexander\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alexander\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alexander\AppData\Local\MEGAsync\ShellExtX64.dll [2016-06-30] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alexander\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alexander\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alexander\AppData\Local\MEGAsync\ShellExtX32.dll [2016-06-30] ()
BootExecute: autocheck autochk * sdnclean64.exe
AlternateShell:
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64308;https=127.0.0.1:64308;
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{19339081-504E-46E2-8597-61B94489EBDC}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{375848FB-9044-49A3-992E-979FBF8B865F}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{5DE1ECD6-AA61-470D-9917-F1FCD779F125}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{81BAE90A-CD79-4B5E-83DC-89FD54F12EFC}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B3939A6E-7C20-4328-8E73-1FA0C522C415}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{B88BDFB1-7722-498E-9F6D-5F8187C14ECF}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C9585221-7652-48E7-9F88-F7D7E10F339A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> J:\Program Files (x86)\Arc\plugins\ArcPluginIE.dll [2016-06-13] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-05-27] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-05-27] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-05-27] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-05-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: firefox
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\tvm71dll.default-1358261486415 [2017-01-20]
FF Homepage: Mozilla\Firefox\Profiles\tvm71dll.default-1358261486415 -> about:home
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tvm71dll.default-1358261486415 -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tvm71dll.default-1358261486415 -> Yahoo!
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\i0dhxcdg.default-1421624698079 [2017-01-20]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\i0dhxcdg.default-1421624698079 -> Yahoo!
FF Extension: (Adblock Plus) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\i0dhxcdg.default-1421624698079\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-01] [not signed]
FF Extension: (No Name) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\i0dhxcdg.default-1421624698079\extensions\ascsurfingprotection@iobit.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF ProfilePath: F:\firefox [2017-01-20]
FF SelectedSearchEngine: F:\firefox -> Yahoo!
FF Keyword.URL: F:\firefox -> hxxps://se.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=667671&p=
FF NetworkProxy: F:\firefox -> type", 0
FF Extension: (AdBlocker Ultimate) - F:\firefox\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28]
FF Extension: (Adguard AdBlocker) - F:\firefox\Extensions\adguardadblocker@adguard.com.xpi [2017-01-14]
FF Extension: (Ant Video Downloader) - F:\firefox\Extensions\anttoolbar@ant.com [2016-11-13]
FF Extension: (MEGA) - F:\firefox\Extensions\firefox@mega.co.nz.xpi [2017-01-17]
FF Extension: (The Adblocker Project) - F:\firefox\Extensions\info@theadblockerproject.org.xpi [2017-01-20]
FF Extension: (AdBlocker Lite) - F:\firefox\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2016-11-22]
FF Extension: (Popup Blocker Ultimate) - F:\firefox\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-01-16]
FF Extension: (Ad-Blocker ) - F:\firefox\Extensions\{b89efd87-232e-4829-87d2-22148919d72f}.xpi [2016-11-28]
FF Extension: (Adblock Plus) - F:\firefox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Greasemonkey) - F:\firefox\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-22]
FF Extension: (YouTube Flash Video Player) - F:\firefox\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-01-19]
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\w4oqiiwl.default-1460802421206 [2017-01-20]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-01-11] [not signed]
FF Extension: (Java Console) - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-01-11] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.4.3 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> F:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-17] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> J:\Program Files (x86)\Arc\plugins\npArcPluginFF.dll [2016-06-13] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3868706217-2309427623-3156016134-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3868706217-2309427623-3156016134-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-3868706217-2309427623-3156016134-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; F:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe [947328 2011-08-09] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-13] ()
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [242448 2016-10-19] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [208800 2011-08-15] (Futuremark Corporation) [File not signed]
S4 Hamachi2Svc; F:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2524496 2014-06-23] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [151552 2005-04-03] (Macrovision Corporation) [File not signed]
S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [317008 2013-01-28] () [File not signed]
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [242120 2016-12-16] (Mozilla Foundation) [File not signed]
S2 MSSQL$SQLEXPRESS; f:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29363040 2010-12-10] (Microsoft Corporation) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-17] (NVIDIA Corporation)
S3 Origin Client Service; J:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-28] (Electronic Arts)
S2 Origin Web Helper Service; J:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-09-28] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [402048 2016-05-23] (Skype Technologies) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 BRSptSvc; "C:\ProgramData\BitRaider\BRSptSvc.exe" [X]
S3 WatAdminSvc; %SystemRoot%\system32\Wat\WatAdminSvc.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-08-13] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-19] (DT Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-06] (REALiX)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-08-13] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R1 SASDIFSV; F:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; F:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-09-19] () [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-20] ()
R3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
U3 ae9zca2v; C:\Windows\System32\Drivers\ae9zca2v.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 ALSysIO; \??\F:\Local\Temp\ALSysIO64.sys [X]
S2 AODDriver4.01; \??\F:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\F:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.3; \??\F:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 BRDriver64_1_3_3_7ECFDFEA; \??\C:\ProgramData\BitRaider\support\1.3.3\7ECFDFEA\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135;  [X]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
S3 NVNET; system32\DRIVERS\nvmf6264.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S0 vysylcel; System32\drivers\sgytid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 20:17 - 2017-01-20 21:08 - 00000000 ____D C:\FRST
2017-01-20 20:11 - 2017-01-20 20:11 - 00000000 ____D C:\Program Files\Java
2017-01-20 19:43 - 2017-01-20 19:43 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2017-01-20 19:43 - 2017-01-20 19:43 - 00000000 ____D C:\Users\Alexander\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2017-01-20 18:39 - 2017-01-20 18:39 - 00000826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-01-20 18:39 - 2017-01-20 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-01-20 18:38 - 2017-01-20 18:38 - 00000000 ____D C:\ProgramData\NortonInstaller
2017-01-20 17:36 - 2017-01-20 20:41 - 00000000 __SHD C:\[smad-Cage]
2017-01-20 17:36 - 2017-01-20 17:36 - 00003166 _____ C:\Windows\System32\Tasks\smadav
2017-01-20 17:36 - 2017-01-20 17:36 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Smadav
2017-01-20 17:36 - 2017-01-20 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMADAV Antivirus
2017-01-20 17:36 - 2017-01-20 17:36 - 00000000 ____D C:\Program Files (x86)\SMADAV
2017-01-20 17:30 - 2017-01-20 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-01-20 17:18 - 2014-12-06 03:33 - 00021995 _____ C:\Windows\system32\Trojorm Removal Tool v1.5.bat
2017-01-20 17:17 - 2014-12-06 03:34 - 00000497 _____ C:\fixfolder.vbs
2017-01-20 17:17 - 2014-12-06 03:33 - 00021995 _____ C:\Trojorm Removal Tool v1.5.bat
2017-01-20 17:09 - 2017-01-20 17:09 - 00000572 _____ C:\AiOLog.txt
2017-01-20 16:52 - 2017-01-20 16:52 - 00000512 _____ C:\Windows\SysWOW64\win_hcleaner.ini
2017-01-20 16:41 - 2017-01-20 16:41 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-20 16:34 - 2017-01-20 16:34 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-01-20 16:33 - 2017-01-20 16:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-20 16:33 - 2017-01-20 16:33 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-20 16:33 - 2017-01-20 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-01-20 16:33 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-01-20 15:21 - 2017-01-20 15:21 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Heal
2017-01-20 15:21 - 2017-01-20 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Heal
2017-01-20 15:02 - 2017-01-20 15:02 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virus Secure Lab
2017-01-20 15:02 - 2017-01-20 15:02 - 00000000 ____D C:\Program Files (x86)\Virus Secure Lab
2017-01-20 12:40 - 2017-01-20 12:40 - 00000000 ____D C:\SUPERDelete
2017-01-20 12:39 - 2017-01-20 20:39 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a98a8743-a050-495c-b4ab-423374fb3212.job
2017-01-20 12:39 - 2017-01-20 14:56 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f8bc3f0f-d2a4-453c-9155-8ea2b9ff93a6.job
2017-01-20 12:39 - 2017-01-20 12:39 - 00003612 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task f8bc3f0f-d2a4-453c-9155-8ea2b9ff93a6
2017-01-20 12:39 - 2017-01-20 12:39 - 00003538 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task a98a8743-a050-495c-b4ab-423374fb3212
2017-01-20 12:39 - 2017-01-20 12:39 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\SUPERAntiSpyware.com
2017-01-20 12:39 - 2017-01-20 12:39 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-20 12:39 - 2017-01-20 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-19 17:48 - 2017-01-19 18:34 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\FileZilla
2017-01-17 21:31 - 2017-01-17 22:59 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Tropico 5
2017-01-17 00:06 - 2017-01-17 00:06 - 00000894 _____ C:\Users\Public\Desktop\Tropico 5 - Complete Collection.lnk
2017-01-17 00:06 - 2017-01-17 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media Digital
2017-01-12 00:51 - 2017-01-12 00:51 - 00000619 _____ C:\Users\Alexander\Desktop\Application-x64.exe - Shortcut.lnk
2017-01-06 15:33 - 2017-01-06 15:33 - 00000736 _____ C:\Users\Public\Desktop\A3Launcher.lnk
2017-01-06 14:42 - 2017-01-12 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-12-27 18:39 - 2016-12-27 18:39 - 00000216 _____ C:\Users\Alexander\Desktop\Warfleet.url
2016-12-26 15:13 - 2016-12-26 15:13 - 01207133 _____ C:\Windows\unins000.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 20:50 - 2014-11-16 14:36 - 00000000 ____D C:\Users\Alexander\Desktop\Program
2017-01-20 20:50 - 2010-10-15 18:39 - 00000000 ____D C:\Users\Alexander\Desktop\Spel
2017-01-20 20:46 - 2016-01-04 16:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-20 20:40 - 2009-07-14 06:13 - 00859658 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-20 20:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-20 20:38 - 2016-11-19 16:51 - 00000000 ____D C:\Users\Alexander\AppData\LocalLow\Mozilla
2017-01-20 20:38 - 2012-04-18 15:24 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\uTorrent
2017-01-20 20:37 - 2014-11-25 23:08 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Skype
2017-01-20 20:34 - 2016-11-20 13:24 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-20 20:34 - 2016-09-07 11:58 - 00000000 ____D C:\Users\Alexander\AppData\LocalLow\uTorrent
2017-01-20 20:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-20 20:29 - 2014-02-25 01:42 - 00000000 ___DC C:\AdwCleaner
2017-01-20 20:15 - 2013-09-15 10:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-20 18:59 - 2013-12-04 21:17 - 00000000 ____D C:\ProgramData\Norton
2017-01-20 18:07 - 2009-07-14 05:45 - 00046240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-20 18:07 - 2009-07-14 05:45 - 00046240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-20 17:31 - 2016-12-06 22:52 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-01-20 17:30 - 2016-12-06 22:49 - 00000000 ____D C:\Program Files\RogueKiller
2017-01-20 16:55 - 2011-07-20 12:04 - 00000000 ___HD C:\ProgramData\Spybot - Search & Destroy
2017-01-20 16:07 - 2016-05-12 16:47 - 00000584 __RSH C:\Users\Alexander\ntuser.pol
2017-01-20 16:07 - 2011-07-18 17:43 - 00000000 ____D C:\Users\Alexander
2017-01-20 01:16 - 2012-02-20 13:33 - 00000000 ____D C:\Users\Alexander\AppData\Local\Apps\2.0
2017-01-19 20:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2017-01-19 20:02 - 2010-09-14 17:21 - 00000000 ____D C:\Users\Alexander\Desktop\Annat
2017-01-19 18:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SchCache
2017-01-19 18:34 - 2011-07-18 18:43 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\DAEMON Tools Lite
2017-01-19 18:17 - 2009-07-14 03:34 - 00000251 _____ C:\Windows\system.ini
2017-01-18 20:17 - 2011-07-18 16:06 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\vlc
2017-01-16 13:04 - 2014-04-19 11:24 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-14 18:48 - 2013-09-20 18:43 - 00000097 _____ C:\Windows\SysWOW64\Userdata.ini
2017-01-12 18:19 - 2009-07-14 06:32 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-11 20:41 - 2011-07-18 19:35 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-01-10 23:15 - 2016-12-14 11:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 23:15 - 2013-09-05 19:53 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 23:15 - 2013-09-05 19:53 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 23:15 - 2011-11-17 12:50 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 23:15 - 2011-07-18 18:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-06 15:33 - 2016-11-24 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A3Launcher
2016-12-26 15:13 - 2012-09-29 17:16 - 00189648 _____ C:\Windows\unins000.dat

==================== Files in the root of some directories =======

2011-08-18 23:30 - 2011-08-18 23:30 - 0000032 _____ () C:\Program Files\plugins-04041e-1f8.dat
2014-01-14 20:59 - 2014-01-14 20:59 - 0000031 _____ () C:\Program Files\plugins.dat
2010-09-16 19:15 - 2011-05-05 01:10 - 0000031 _____ () C:\Program Files (x86)\plugins-04041e-1f8.dat
2014-09-12 17:02 - 2014-09-12 18:56 - 0000300 _____ () C:\Users\Alexander\AppData\Roaming\BreakingPoint_Login.ini
2014-09-12 17:02 - 2014-09-12 20:29 - 0001408 _____ () C:\Users\Alexander\AppData\Roaming\BreakingPoint_Options.ini
2015-10-19 22:17 - 2015-10-19 22:17 - 0081847 _____ () C:\Users\Alexander\AppData\Roaming\icarus-dxdiag.xml
2012-08-19 14:13 - 2012-09-24 07:07 - 0000057 _____ () C:\Users\Alexander\AppData\Roaming\mbam.context.scan
2011-07-18 16:06 - 2011-09-25 20:17 - 0000565 _____ () C:\Users\Alexander\AppData\Roaming\myMPQ.ini
2011-07-18 16:06 - 2010-11-26 22:57 - 0022328 _____ () C:\Users\Alexander\AppData\Roaming\PnkBstrK.sys
2014-07-03 21:19 - 2014-07-03 21:19 - 0000000 ___SH () C:\Users\Alexander\AppData\Local\LumaEmu
2011-07-18 16:03 - 2016-11-23 16:46 - 0007607 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Alexander\NTUSER (2).DAT
C:\Windows\Tasks\{6CEAEECA-8AEF-4C9F-B1CF-BB7EB4004304}.job


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-16 15:23

==================== End of FRST.txt ============================

Link to comment
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Alexander (20-01-2017 21:09:53)
Running from F:\Downloads\Mozilla firefox nedladdningar
Windows 7 Professional Service Pack 1 (X64) (2011-07-18 16:43:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3868706217-2309427623-3156016134-500 - Administrator - Disabled)
Alexander (S-1-5-21-3868706217-2309427623-3156016134-1001 - Administrator - Enabled) => C:\Users\Alexander
Guest (S-1-5-21-3868706217-2309427623-3156016134-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3868706217-2309427623-3156016134-1028 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"The last Kingdom" (HKLM-x32\...\"The last Kingdom") (Version:  - )
µTorrent (HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
7 Days To Die version 9.1 (HKLM-x32\...\7 Days To Die_is1) (Version: 9.1 - GMT-MAX.ORG)
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A3Launcher version 0.1.4.6 (HKLM-x32\...\{1E29A86E-9AE2-4CD8-74C8-6B170ED3C4D2}_is1) (Version: 0.1.4.6 - Maca134)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.06.16 - )
AMD Catalyst Install Manager (HKLM\...\{8D95B61A-9759-40F7-69BF-54DCE6675143}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Ansel (Version: 375.95 - NVIDIA Corporation) Hidden
Application Profiles (HKLM-x32\...\{1432E5F7-0AF6-8C43-EC53-08A4648CBD03}) (Version: 2.0.4427.36392 - Advanced Micro Devices, Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Banished (HKLM-x32\...\1207660783_is1) (Version: 2.3.0.7 - GOG.com)
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.1.4.3 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BFME2 All-In-One Patch Installer & Switcher version 1.6 (HKLM-x32\...\{B258BEC7-DFB5-4DDC-BA90-BF02B91CA0C6}_is1) (Version: 1.6 - dijkstra & forshire)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Blender (remove only) (HKLM-x32\...\Blender) (Version:  - )
Blender NIF Scripts (remove only) (HKLM-x32\...\BlenderNIFScripts) (Version:  - )
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.2 - Codeusa Software)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Brytenwalda version 1.391 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.391 - Brytenwalda Dev.)
Bygg båtar med Mulle Meck (HKLM-x32\...\Bygg båtar med Mulle Meck) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Celestial Command 0.62 (HKLM-x32\...\Celestial Command 0.62) (Version: 0.62 - DRAGAMES.NET)
Cheat Engine 6.5.1 (HKLM-x32\...\Cheat Engine 6.5.1_is1) (Version:  - Cheat Engine)
Combined Community Codec Pack 2014-01-17 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.01.17.0 - CCCP Project)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
Core Temp 1.0 RC2 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPU-Control (HKLM-x32\...\CPU-Control_is1) (Version:  - Koma-Code)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creation Kit (HKLM-x32\...\Steam App 202480) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134)
Device Doctor 1.0.0.1 (HKLM-x32\...\{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1) (Version:  - Device Doctor Software Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Disk Heal (HKLM-x32\...\Disk Heal) (Version:  - )
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
EasyCleaner (HKLM-x32\...\{F5346614-B7C4-4E94-826A-E2363155233D}) (Version: 2.0.6.380 - ToniArts)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry 4 (HKLM-x32\...\Far Cry 4_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Firestorm Launcher version 1.3 (HKLM-x32\...\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1) (Version: 1.3 - Firestorm)
Flawless Widescreen version 1.0.15 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 - Flawless Widescreen)
Foxit Reader (HKLM-x32\...\{30734E04-E8D3-4D2E-8379-70DB6F0B793A}) (Version: 5.1.0.1021 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Frhed 1.6.0 (HKLM-x32\...\Frhed) (Version: 1.6.0 - Raihan Kibria)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.2.0 - Futuremark Corporation)
GLInterceptx64 1.3.3 (HKLM\...\GLInterceptx64_is1) (Version: 1.3.3 - Damian Trebilco)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.33.5071 - Gretech Corporation)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V ver. 1.0.335.2 (HKLM-x32\...\{27159000-99AS-22CV-33F9-55GYHF2186AC}_is1) (Version: 1.0.335.2 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135 - Rockstar Games Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
Hellgate: London (HKLM\...\{A2B4455D-1046-4732-BFBC-0821BEFC07BC}) (Version: 1.10.180.3416 - Flagship Studios)
Heroes & Generals (HKLM\...\Steam App 227940) (Version:  - Reto-Moto)
HHD Software Free Hex Editor Neo 5.12 (HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 5.12.1.4748 - HHD Software, Ltd.)
Hjälpfiler för installation av Microsoft SQL Server (engelska) (HKLM-x32\...\{885DE773-CC47-4B94-97A3-C692C9AF1B05}) (Version: 9.00.5000.00 - Microsoft Corporation)
Homeworld Remastered Collection (HKLM-x32\...\Homeworld Remastered Collection_is1) (Version:  - )
Homeworld2 (HKLM-x32\...\Homeworld2) (Version:  - Sierra)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Imperium Romanum version 1.9.4 (HKLM-x32\...\{50D5D054-2FAE-4662-A9E2-E1223EA304B7}_is1) (Version: 1.9.4 - Vympel Inc.)
IObit Apps Toolbar v7.1 (HKLM-x32\...\{EA0F950C-D926-4366-A60C-9E7B71DB1FF2}) (Version: 7.1 - Spigot, Inc.) <==== ATTENTION
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Just Cause 3 (HKLM\...\Steam App 225540) (Version:  - Avalanche Studios)
Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version:  - )
K-Lite Codec Pack 12.2.2 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.2.2 - KLCP)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
KoA Reckoning ModTool 2.0 (HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\491c4d24ae4ec9c3) (Version: 1.0.0.0 - Hewlett-Packard)
left4dead 1.0.2.8 (HKLM-x32\...\left4dead 1.0.2.8) (Version: 1.0.2.8 - valve)
Livestreamer 1.8.2 (HKLM-x32\...\Livestreamer) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.214 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
LPEConnectFix 1.0 (HKLM-x32\...\LPEConnectFix_is1) (Version:  - LOTR, Inc. lol    www.gnutellaforums.com/)
LS-USBMX1/2/3 Steering¡­ (HKLM-x32\...\{AEC7CD2E-2BB5-40C3-9592-078F64677E6C}) (Version: 1.00.0000 - GASIA)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version: 3.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect 2 DLC Unlocker (HKLM-x32\...\Mass Effect 2 DLC Unlocker_is1) (Version: 1.0 - EA Games)
Mass Effect Reborn (HKLM-x32\...\Mass Effect Reborn) (Version:  - )
Master of Orion (HKLM-x32\...\Master of Orion_is1) (Version:  - )
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
MegaTrainer eXperience V1.2.6.9 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{C40D6727-57FE-4671-B51A-69B0F21F44B5}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Minecraft Black Edition - UPDATE 2013 1.4.7 (HKLM-x32\...\Minecraft Black Edition - UPDATE 2013 1.4.7) (Version: 1.4.7 - Mojang)
Minecraft1.7.9 (HKLM-x32\...\Minecraft1.7.9) (Version:  - )
Miscreated (HKLM\...\Steam App 299740) (Version:  - Entrada Interactive LLC)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
Mount and Blade Warband - Viking Conquest (HKLM-x32\...\Mount and Blade Warband - Viking Conquest_is1) (Version:  - )
Mount and Blade Warband - Viking Conquest Reforged Edition (HKLM-x32\...\Mount and Blade Warband - Viking Conquest Reforg~0F961404_is1) (Version:  - )
Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.3 - Black Tree Gaming)
NIF Utilities 3.7.3.265452180 for 3ds Max (HKLM\...\NIF Utilities for 3ds Max_is1) (Version:  - NIF File Format Library and Tools)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.95 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OCCT 4.4.1 (HKLM-x32\...\OCCT) (Version: 4.4.1 - Ocbase.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PCFix (HKLM-x32\...\PC Fix 2011_is1) (Version:  - Dubai Click LLC)
PixRecovery (HKLM-x32\...\PixRecovery) (Version:  - )
PlagueInc 1.0 (HKLM-x32\...\PlagueInc 1.0) (Version: 1.0 - Cat-A-Cat)
Play withSIX (HKLM-x32\...\{42DCB650-F003-4535-A5CD-32AD815CD2DD}) (Version: 1.30.0450 - SIX Networks)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.3 - Power Software Ltd)
PowerPaint 2.50 (HKLM-x32\...\PowerPaint_is1) (Version:  - FLISoft)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Punto Switcher (HKLM-x32\...\Punto Switcher) (Version: 3.1.1.72 - )
Python 2.6 (HKLM-x32\...\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}) (Version: 2.6.150 - Python Software Foundation)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rapture3D 2.3.22 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
RAR Password Unlocker 4.2.0.0 (HKLM-x32\...\{B789FA51-6A71-408F-92DE-EDE4A517B8F9}_is1) (Version:  - Password Unlocker Studio)
redist (HKLM-x32\...\{153C7D89-9CF4-4719-A551-C5BF45236DB5}) (Version: 1.0.0.0 - redist)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version:  - Roadkil.Net)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
Rymdjakten (HKLM-x32\...\Rymdjakten) (Version:  - )
Scavenger Armors  (HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Scavenger Armors ) (Version:  - )
Sgmod v1.3.5 (HKLM-x32\...\{992DEF1D-331A-40AA-A559-6BFD0DFDB9B3}) (Version: 1.3.5 - Your Company Name)
ShiftWindow 1.02 (HKLM-x32\...\ShiftWindow_is1) (Version:  - Grismar)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.)
SMADAV version 11.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.1 - Smadsoft)
SmartUndelete (HKLM-x32\...\SmartUndelete_is1) (Version: 2.9 - SmartSoft)
Sound Blaster Tactic(3D) (HKLM-x32\...\{E52E162A-C7E3-4EDE-B1DA-3ACBB9DFA7D6}) (Version: 1.0 - Creative Technology Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars: The Force Unleashed II DLC (HKLM-x32\...\Star Wars: The Force Unleashed II DLC_is1) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
Svea Rike (HKLM-x32\...\Svea Rike) (Version:  - )
Swords and Sandals 2 2.0 (HKLM-x32\...\Swords and Sandals 2) (Version: 2.0 - 3RDsense)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{C72B3F34-B920-46DB-89EA-904CCEB51BE6}) (Version: 6.1.6.0 - Husdawg, LLC)
System Requirements Lab Test (HKLM-x32\...\{D62576C2-C084-4698-974A-5BE77714FDDD}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Eagle and the Radiant Cross Ch. 3 (HKLM-x32\...\The Eagle and the Radiant Cross) (Version: 3 - )
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn © Bethes~300CD4A2_is1) (Version: 1 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Walking Dead Season 2 EP 2 (HKLM-x32\...\The Walking Dead Season 2 EP 2_is1) (Version:  - )
The Walking Dead: Season 2 Episode 3 (HKLM-x32\...\VGhlV2Fsa2luZ0RlYWRTZWFzb24y_is1) (Version: 1 - )
The Wolf Among Us Episode 2 (HKLM-x32\...\The Wolf Among Us Episode 2_is1) (Version:  - CODEX)
The Wolf Among Us Episode 4 (HKLM-x32\...\The Wolf Among Us Episode 4_is1) (Version:  - )
Total War - Rome II (HKLM-x32\...\Total War - Rome II_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Total War ATTILA Age of Charlemagne (HKLM-x32\...\Total War ATTILA Age of Charlemagne_is1) (Version: 1.0 - PLAZA)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version:  - The Creative Assembly)
TQ Defiler.NET (HKLM-x32\...\{F4CB0C1E-A88F-46D7-AC9A-03B349A8D64F}) (Version: 1.3.7 - Soul's Software)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Tropico 5 - Complete Collection (HKLM-x32\...\Tropico 5 - Complete Collection_is1) (Version:  - )
Turbo Key (HKLM-x32\...\{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}) (Version: 1.01.03 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
W40k - Dawn of War II - Chaos Rising (HKLM-x32\...\W40k - Dawn of War II - Chaos Rising_is1) (Version:  - )
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
Warfleet (HKLM\...\Steam App 548020) (Version:  - UUUU Interactive)
Warhammer 40000 - Dawn of War II Retribution (HKLM-x32\...\Warhammer 40000 - Dawn of War II Retribution_is1) (Version:  - )
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viking: Battle for Asgard (HKLM-x32\...\Viking: Battle for Asgard_is1) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\WinDirStat) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Silicon Integrated Systems Corp.(1.09d.00) (SIS163u) Net  (01/25/2007 6.0.1039.1094) (HKLM\...\D410A1715EF3A4E4A0EE33A217691DDBA3037DDE) (Version: 01/25/2007 6.0.1039.1094 - Silicon Integrated Systems Corp.(1.09d.00))
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Virus Effect Remover© (HKLM-x32\...\Virus Effect Remover - Version 3.2.2.26_20100312_is1) (Version: 3.2.2.26 - Virus Secure Lab®)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.4 - Wrye & Wrye Bash Development Team)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> F:\Users\Alexander\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> F:\Users\Alexander\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> F:\Users\Alexander\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> F:\Users\Alexander\AppData\Local\HHD Software\Hex Editor Neo\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> F:\Users\Alexander\AppData\Local\HHD Software\Hex Editor Neo\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> F:\Users\Alexander\AppData\Local\HHD Software\Hex Editor Neo\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015FCFC4-80A7-453B-84F2-43BF8E3EC4EF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe
Task: {170DD84D-B587-411A-A956-7C0487EF4E85} - System32\Tasks\{C400245A-358E-448C-812B-795B44F0C3BA} => pcalua.exe -a "C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKHGTK58\jre-6u26-windows-i586-iftw[1].exe" -d C:\Users\Alexander\Desktop
Task: {1BF5F1CF-3FAA-4EE1-A129-7D5F34C831D8} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2017-01-14] (Smadsoft)
Task: {289F2B40-6A65-4BF0-A405-09D454620374} - System32\Tasks\{9D9F2C57-9331-4C64-8A5C-D0041E223E18} => pcalua.exe -a C:\Users\Alexander\Desktop\BCS_The_Beginning_v1.0\BCS_The_Beginning_v1.0.exe -d C:\Users\Alexander\Desktop\BCS_The_Beginning_v1.0
Task: {29F10E00-B761-4AE0-81E7-D9D9D5B08906} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {36D4C685-28C8-4561-8E3C-9BACE671FC05} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {5BE9583E-A32A-4F37-A9AD-C4BB99E772D0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-14] (Adobe Systems Incorporated)
Task: {64085D0F-E927-425D-AF17-C5FBC2A8604B} - System32\Tasks\{5BD58A4E-2614-492A-9164-5CE31EFD38FC} => C:\Program Files\LimeWire\LimeWire.exe
Task: {721B1196-BBAD-4CA5-9032-3C36978347DF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {82CABFCB-4FFC-435B-A9F4-85042ECC96A7} - System32\Tasks\ASUS\ASUS SIX Engine => F:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {83C288B5-826B-4CDB-9678-9AE6BC3894F2} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {89E9CC5E-A3C3-4BAD-B181-61108D2EDD8D} - System32\Tasks\{95468CA5-52BF-4AE4-941D-B0776D7CE565} => pcalua.exe -a "F:\Program Files\AVG\AVG10\avgmfapx.exe" -d "F:\Program Files\AVG\AVG10"
Task: {A9126978-CEC0-480C-BBD5-8E1CA78D0A2E} - System32\Tasks\SUPERAntiSpyware Scheduled Task a98a8743-a050-495c-b4ab-423374fb3212 => F:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {D61E7396-3CAD-4B0B-85F5-969FF8F187F6} - System32\Tasks\{145A8E02-AB44-4F5C-BDD5-B808D623769D} => F:\Program Files\Bethesda Softworks\Fallout New Vegas\FalloutNVLauncher.exe
Task: {E9498BA6-35D1-409C-9EEF-9791C71445E8} - System32\Tasks\SUPERAntiSpyware Scheduled Task f8bc3f0f-d2a4-453c-9155-8ea2b9ff93a6 => F:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\PCFix.job => F:\Program Files\PCFix\PCFix.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a98a8743-a050-495c-b4ab-423374fb3212.job => F:\Program Files\SUPERAntiSpyware\SASTask.exe dF:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f8bc3f0f-d2a4-453c-9155-8ea2b9ff93a6.job => F:\Program Files\SUPERAntiSpyware\SASTask.exe dF:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\UnCleaner.job => C:\Program Files\UnCleaner\UnCleaner.exe
Task: C:\Windows\Tasks\{6CEAEECA-8AEF-4C9F-B1CF-BB7EB4004304}.job => f:\program files\mozilla firefox\firefox.exe ^hxxp:/ui.skype.com/ui/0/7.7.0.102/sv/

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-06-30 09:23 - 2016-06-30 09:23 - 00592384 _____ () C:\Users\Alexander\AppData\Local\MEGAsync\ShellExtX64.dll
2012-02-07 21:10 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () F:\Program Files\Notepad++\NppShell_05.dll
2011-09-30 23:03 - 2014-09-28 23:14 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-11-20 13:25 - 2016-11-17 02:03 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-30 12:24 - 2016-06-30 12:24 - 00564224 _____ () C:\Users\Alexander\AppData\Local\MEGAsync\ShellExtX32.dll
2017-01-20 16:33 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-01-20 16:33 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-20 16:33 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-01-20 16:33 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-20 16:33 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Alexander:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [146]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [250]
AlternateDataStreams: C:\ProgramData\TEMP:EC2E1DEC [464]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [98]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\scrfile\shell\open\command: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-12-07 01:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BRSptSvc => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: Mobile Broadband HL Service => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\Services: vToolbarUpdater11.2.0 => 2
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\startupfolder: C:^Users^Alexander^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk => C:\Windows\pss\IMVU.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "F:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: AtiDriverStart => C:\Users\Alexander\AppData\Local\ATI Technologies\atidxx.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Users\Alexander\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: DAEMON Tools Lite => "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "J:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: flawlesswidescreen =>
MSCONFIG\startupreg: GalaxyClient => F:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: limewire plus+ =>
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "F:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MSIAfterburner => "F:\Program Files\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => F:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Alexander\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "F:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Turbo Key => "F:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Alexander\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{978AAC84-CA7B-44EF-B3C7-E9624B3D5DD6}] => C:\Users\Alexander\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{306A969E-C112-490C-A540-05DA4E78A0BB}] => C:\Users\Alexander\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C09E4FA2-5CB8-480F-9880-8831E2729C18}] => F:\Program Files\Steam\Steam.exe
FirewallRules: [{CF029A34-785E-4EF2-96EC-D95ADCA2430A}] => F:\Program Files\Steam\Steam.exe
FirewallRules: [{9B695FE7-51B8-43E2-BBF0-2E96EA40DFD3}] => F:\Program Files\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{4EC7A9FB-3459-4C27-9231-5CFDD8FCAC0D}] => F:\Program Files\Steam\SteamApps\common\Source SDK Base\hl2.exe
FirewallRules: [{FEB9FD77-E891-4970-9686-E1DBD106A258}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{BB26F9E4-15D0-4ECD-8E59-1304BC6BA685}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C564F1C8-B495-479F-BC6D-D87270BC0C95}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{56D270EA-E4FE-40BA-B6CD-25D75C4F3DD9}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{31F2DB5B-6E51-4811-96A1-511BC67A1ECC}] => F:\Program Files\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{217BB009-A4E1-4C28-A201-BB9BD3E0C676}] => F:\Program Files\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{6CA007E2-4507-4D25-83CA-819B135DECEF}] => F:\Program Files\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{540C4C30-6A99-4494-89C6-726CBB0AEFEE}] => F:\Program Files\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{34B85F45-B7F7-49CE-9910-1F39DEB81CBC}F:\program files\steam\steamapps\common\skyrim\creationkit.exe] => F:\program files\steam\steamapps\common\skyrim\creationkit.exe
FirewallRules: [uDP Query User{36B63D5E-33B8-4A67-BF84-146259B5404E}F:\program files\steam\steamapps\common\skyrim\creationkit.exe] => F:\program files\steam\steamapps\common\skyrim\creationkit.exe
FirewallRules: [{A746A82F-F2C6-42F1-8CAB-5D3FD3ACE58A}] => F:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{8247AF20-4195-4C00-B4BC-874902FC91EF}] => F:\Program Files\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{C649867F-0F6A-4622-ADA4-7E648BCA6D59}] => LPort=49216
FirewallRules: [{DC1B3DB4-2C90-4CBA-912F-88AD6CDB30C8}] => LPort=5000
FirewallRules: [{598ED248-DC0A-49EC-AE56-F2A75753776E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9C78A2A1-BF9E-42C9-94F7-C0742A3599D3}] => F:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{DA0A2AE0-A575-49EF-843F-7358A1F9E924}] => F:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{55BE3DA4-7FE8-43A1-8FDE-C63A06A1D0AC}] => F:\Games\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{D55065E2-31F6-4478-BDD5-BF65A846A3FF}] => F:\Games\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{C62FD655-3B9A-41D0-9FBB-14F6466E21BB}] => F:\Games\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{74A9EF35-F6E0-4BBF-A583-C64CC296C4A8}] => F:\Games\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{C9692DC9-DB1F-4F5E-9038-AB9B6CFC76DD}] => F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{A5A71C2C-3302-43F0-9F41-52CAD3910F0E}] => F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{EF47EF9A-F302-4EDB-AA4B-C1E504A1BEC6}] => F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{602C79B2-7731-4859-B6FF-8D5E4EAC9B8B}] => F:\Games\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{955553FA-7943-409C-A2A0-A3E75D4AF02D}] => F:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{2D456116-444F-41B4-BF18-E3733B96BA9A}] => F:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{6A186F60-2FB4-4575-8880-0BD88550F2A9}] => F:\Program Files\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{412E39F2-394C-47FD-899B-DEBEE4BA8946}] => F:\Program Files\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{A99145FB-9E5F-4383-A07D-0DB5E0B5BE92}] => F:\Program Files\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{1E8C5C94-E888-4CDF-9B83-8A857A528C32}] => F:\Program Files\Steam\SteamApps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{F172D950-6D06-47BC-8151-34C77F1B69C5}] => J:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{3ACEAA68-F74E-4519-AD1D-76693B2DD501}] => J:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{F4A1543B-03E3-4388-AD2A-A2722F22093F}] => J:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{79AAD589-A44C-47F3-9BE8-AE89B3CA8E8C}] => J:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{363247A7-86B6-466E-ACDE-417DAC08D91A}] => F:\Program Files\Steam\SteamApps\common\Miscreated\Miscreated.exe
FirewallRules: [{8940AB00-8904-41FF-9F29-694D6034B083}] => F:\Program Files\Steam\SteamApps\common\Miscreated\Miscreated.exe
FirewallRules: [{E1C5EB94-0A20-4002-AA9A-57A8F86ABDC4}] => F:\Program Files\Steam\SteamApps\common\Miscreated\Bin64\Miscreated.exe
FirewallRules: [{053108F4-7E09-4F45-9DA7-CB86DE8D920B}] => F:\Program Files\Steam\SteamApps\common\Miscreated\Bin64\Miscreated.exe
FirewallRules: [{80C788B1-0BAB-4EF5-8747-9674B342BD83}] => F:\Program Files\Steam\SteamApps\common\Miscreated\EasyAntiCheat\EasyAntiCheat_x64.dll
FirewallRules: [{A38F5076-1719-4981-86A7-5EEC358EB0AB}] => F:\Program Files\Steam\SteamApps\common\Miscreated\EasyAntiCheat\EasyAntiCheat_x64.dll
FirewallRules: [{E21C13F9-5C6C-40AD-9CC1-51239F50FE79}] => LPort=1688
FirewallRules: [{607D730F-AD39-4499-BA34-E1FABA5B8AEC}] => F:\Program Files\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{F79BCEBF-BE63-4492-8687-C4730CD69ABB}] => F:\Program Files\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{F6BED3B0-258F-40CD-8E06-6F5B510DD24A}] => F:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{77AE85A6-3EFC-471B-B76A-59A57FFF1773}] => F:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{945A5AD1-BE2A-4AE5-84F2-134F9746DE62}] => F:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9A1C3CB4-82CA-46CC-9E6F-DB41D2224740}] => F:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6DACF6B2-9C4C-49A1-AC63-A1010BD7B3FE}] => J:\Games\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{C2DEBB01-7357-4B68-B79B-E56249B1E0A4}] => J:\Games\Steam\steamapps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{0BAB00BD-744A-42F0-AE45-C88EEE5935F0}] => J:\Games\Steam\steamapps\common\Warfleet\Warfleet.exe
FirewallRules: [{6A928389-BACA-4703-9E5E-6D91D832A7A9}] => J:\Games\Steam\steamapps\common\Warfleet\Warfleet.exe
FirewallRules: [{868EAC13-357D-42F3-9ED7-9EB7C35380CF}] => C:\Users\Alexander\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E274A107-6489-4B39-9102-6055A06C3E85}] => C:\Users\Alexander\AppData\Roaming\uTorrent\uTorrent.exe
StandardProfile\AuthorizedApplications: [J:\New directory\$RECYCLE.BIN\Photo.scr] => J:\New directory\$RECYCLE.BIN\Photo.scr:*:Enabled:ipsec
StandardProfile\AuthorizedApplications: [F:\Program Files\Mozilla Firefox\plugin-container.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Users\Alexander\AppData\Roaming\uTorrent\uTorrent.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Skype\Phone\Skype.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [F:\Program Files\DAEMON Tools Lite\DTLite.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [F:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [J:\Program Files (x86)\ImgBurn\ImgBurn.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Smadav\SM?RTP.exe] => C:\Program Files (x86)\SMADAV\SM?RTP.exe:*:Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Smadav\SmadavProtect32.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [F:\Downloads\Mozilla firefox nedladdningar\adwcleaner_6.042.exe] => Enabled:ipsec

==================== Restore Points =========================

20-01-2017 19:42:30 Installed Windows 7 USB/DVD Download Tool

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ElRawDisk
Description: ElRawDisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ElRawDisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/20/2017 08:38:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.1.0.6186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 964

Start Time: 01d2735401ca9b20

Termination Time: 8

Application Path: F:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 033d8e81-df48-11e6-8989-000be0f000ed

Error: (01/20/2017 08:34:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 08:33:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Updater.exe, version: 7.0.0.435, time stamp: 0x5743108a
Faulting module name: Updater.exe, version: 7.0.0.435, time stamp: 0x5743108a
Exception code: 0xc0000005
Fault offset: 0x0001a81c
Faulting process id: 0xc9c
Faulting application start time: 0x01d27354151f8cd0
Faulting application path: C:\Program Files (x86)\Skype\Updater\Updater.exe
Faulting module path: C:\Program Files (x86)\Skype\Updater\Updater.exe
Report Id: 5d00cb40-df47-11e6-8989-000be0f000ed

Error: (01/20/2017 08:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sqlservr.exe, version: 2005.90.5000.0, time stamp: 0x4d02a863
Faulting module name: sqlservr.exe, version: 2005.90.5000.0, time stamp: 0x4d02a863
Exception code: 0xc0000005
Fault offset: 0x01c27f7a
Faulting process id: 0x814
Faulting application start time: 0x01d27353e6391c60
Faulting application path: f:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
Faulting module path: f:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
Report Id: 2fce4c60-df47-11e6-8989-000be0f000ed

Error: (01/20/2017 08:18:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.1.0.6186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e40

Start Time: 01d2734f72470fa0

Termination Time: 9

Application Path: F:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 4a06dcc1-df45-11e6-9c7a-000be0f000ed

Error: (01/20/2017 08:18:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.1.0.6186, time stamp: 0x584a057c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1158
Faulting application start time: 0x01d2735203a25b10
Faulting application path: F:\Program Files\Mozilla Firefox\plugin-container.exe
Faulting module path: unknown
Report Id: 41756950-df45-11e6-9c7a-000be0f000ed

Error: (01/20/2017 08:13:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinPKG.exe version 1.0.0.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 978

Start Time: 01d27350f994eb70

Termination Time: 3

Application Path: F:\Downloads\AiO-Files\WinPKG.exe

Report Id: 78ef7cf1-df44-11e6-9c7a-000be0f000ed

Error: (01/20/2017 08:00:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/20/2017 08:00:15 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Skype Updater Service because of this error.

Program: Skype Updater Service
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (01/20/2017 08:00:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Updater.exe, version: 7.0.0.435, time stamp: 0x5743108a
Faulting module name: Updater.exe, version: 7.0.0.435, time stamp: 0x5743108a
Exception code: 0xc0000096
Fault offset: 0x0001a813
Faulting process id: 0xc88
Faulting application start time: 0x01d2734f66100430
Faulting application path: C:\Program Files (x86)\Skype\Updater\Updater.exe
Faulting module path: C:\Program Files (x86)\Skype\Updater\Updater.exe
Report Id: ad02bc20-df42-11e6-9c7a-000be0f000ed


System errors:
=============
Error: (01/20/2017 08:40:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/20/2017 08:38:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/20/2017 08:35:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ElRawDisk
vysylcel

Error: (01/20/2017 08:35:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (01/20/2017 08:33:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Skype Updater service to connect.

Error: (01/20/2017 08:33:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/20/2017 08:33:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (01/20/2017 08:33:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/20/2017 08:32:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/20/2017 08:32:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.


CodeIntegrity:
===================================
  Date: 2017-01-20 21:09:21.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 21:09:21.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 21:09:21.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 21:09:21.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 21:06:43.887
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 21:06:43.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 21:06:43.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 20:37:44.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 20:37:44.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-20 20:37:42.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Phenom II X6 1090T Processor
Percentage of memory in use: 38%
Total physical RAM: 6143.23 MB
Available physical RAM: 3801.75 MB
Total Virtual: 21284.64 MB
Available Virtual: 18889.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:31.49 GB) (Free:0.13 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (Ny volym) (Fixed) (Total:465.76 GB) (Free:58.24 GB) NTFS
Drive j: () (Fixed) (Total:441.29 GB) (Free:103.72 GB) NTFS
Drive n: () (Removable) (Total:7.46 GB) (Free:7.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 31.5 GB) (Disk ID: FDA0C610)
Partition 1: (Active) - (Size=31.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33409FAD)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: CA263C05)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Link to comment
Share on other sites

Hej!

 

1.

Se till att slå på systemåterställningsfunktionen om det går.

Se till att UAC (användarkontrollen) står på den rekommenderade nivån.

Sätt på Windows-brandväggen om det går.

 

2.

Har du installerat detta själv?

SMADAV version 11.1 (HKLM-x32\...\{8B9FA5FF-3E61-4658-B0DA-E6DDB46D6BAD}_is1) (Version: 11.1 - Smadsoft)
SmartUndelete (HKLM-x32\...\SmartUndelete_is1) (Version: 2.9 - SmartSoft)

PCFix (HKLM-x32\...\PC Fix 2011_is1) (Version:  - Dubai Click LLC)

Jag hittar vissa indikationer på att det är olämpliga eller skadliga program så avinstallera eftersom det i alla fall inte verkar hjälpa dig.

 

Avinstallera Disk Heal och andra onödiga program också.

 

Avinstallera:

Java 7 Update 51
Java 8 Update 91

eftersom det är gamla versioner med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida. De flesta behöver inte ha Java installerat men om du måste se till att det alltid är senaste versionen.

 

3.

Eftersom Norton verkar vara avinstallerad kör Norton Removal Tool för att få bort de Norton-rester som finns i datorn.

 

4.

Jag hittar inget antivirusprogram i loggen utan bara anti-malware-program som är tänkta att vara kompletteringar till antivirusprogram. Du bör installera ett antivirusprogram.

 

5.

När du skriver genvägsvirus menar du då något som gjort något så som beskrivs i tråden https://www.symantec.com/connect/forums/usb-flash-drive-shortcut-virus ?

 

6.

Städa upp bland alla adblocker-tillägg i den Firefox-profil som ligger på F: eftersom att ha en massa likartade tillägg som ska in och göra ungefär samma sak med alla webbsidor kan få Firefox att krascha. Nöj dig med ett.

 

7.

Flytta FRST-programmet från mappen för Firefox-nedladdningar till Skrivbordet för annars funkar inte nedanstående.

 

Starta programmet Anteckningar.
Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64308;https=127.0.0.1:64308;
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
FF Extension: (No Name) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\i0dhxcdg.default-1421624698079\extensions\ascsurfingprotection@iobit.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
U3 ae9zca2v; C:\Windows\System32\Drivers\ae9zca2v.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135;  [X]
S0 vysylcel; System32\drivers\sgytid.sys [X]
2017-01-20 17:18 - 2014-12-06 03:33 - 00021995 _____ C:\Windows\system32\Trojorm Removal Tool v1.5.bat
2017-01-20 17:17 - 2014-12-06 03:34 - 00000497 _____ C:\fixfolder.vbs
2017-01-20 17:17 - 2014-12-06 03:33 - 00021995 _____ C:\Trojorm Removal Tool v1.5.bat
C:\Windows\Tasks\{6CEAEECA-8AEF-4C9F-B1CF-BB7EB4004304}.job
Task: {170DD84D-B587-411A-A956-7C0487EF4E85} - System32\Tasks\{C400245A-358E-448C-812B-795B44F0C3BA} => pcalua.exe -a "C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKHGTK58\jre-6u26-windows-i586-iftw[1].exe" -d C:\Users\Alexander\Desktop
Task: {1BF5F1CF-3FAA-4EE1-A129-7D5F34C831D8} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2017-01-14] (Smadsoft)
Task: {89E9CC5E-A3C3-4BAD-B181-61108D2EDD8D} - System32\Tasks\{95468CA5-52BF-4AE4-941D-B0776D7CE565} => pcalua.exe -a "F:\Program Files\AVG\AVG10\avgmfapx.exe" -d "F:\Program Files\AVG\AVG10"
Task: C:\Windows\Tasks\PCFix.job => F:\Program Files\PCFix\PCFix.exe
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [146]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [250]
AlternateDataStreams: C:\ProgramData\TEMP:EC2E1DEC [464]
E trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\sony.com -> sony.com
Reboot:
och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Om datorn inte startas om automatiskt så gör det själv.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.

 

8.

Skriv i ditt svar om datorn beter sig bättre nu.

Link to comment
Share on other sites

Halloj igen!

 

1: Har startat allt.

 

2: Pcfix är borttaget, ingen aning om jag fixade det programmet, har säkert gjort det för länge sedan.

Det andra programmet var diverse filer som blev över ifrån Iobit programmet, Advanced system care tror jag det hette.

 

3: klart!

 

4: Fixar det så fort som möjligt.

 

5: Ja det är nog nästan samma fast med en annan effekt då.

 

6: Färdigt, ser mycket bättre ut :P

 

7: Klart men det verkar inte som om det löst något tyvärr.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by Alexander (20-01-2017 23:12:23) Run:2
Running from C:\Users\Alexander\Desktop
Loaded Profiles: Alexander (Available Profiles: Alexander)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64308;https=127.0.0.1:64308;
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -  No File
FF Extension: (No Name) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\i0dhxcdg.default-1421624698079\extensions\ascsurfingprotection@iobit.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
U3 ae9zca2v; C:\Windows\System32\Drivers\ae9zca2v.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135;  [X]
S0 vysylcel; System32\drivers\sgytid.sys [X]
2017-01-20 17:18 - 2014-12-06 03:33 - 00021995 _____ C:\Windows\system32\Trojorm Removal Tool v1.5.bat
2017-01-20 17:17 - 2014-12-06 03:34 - 00000497 _____ C:\fixfolder.vbs
2017-01-20 17:17 - 2014-12-06 03:33 - 00021995 _____ C:\Trojorm Removal Tool v1.5.bat
C:\Windows\Tasks\{6CEAEECA-8AEF-4C9F-B1CF-BB7EB4004304}.job
Task: {170DD84D-B587-411A-A956-7C0487EF4E85} - System32\Tasks\{C400245A-358E-448C-812B-795B44F0C3BA} => pcalua.exe -a "C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKHGTK58\jre-6u26-windows-i586-iftw[1].exe" -d C:\Users\Alexander\Desktop
Task: {1BF5F1CF-3FAA-4EE1-A129-7D5F34C831D8} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2017-01-14] (Smadsoft)
Task: {89E9CC5E-A3C3-4BAD-B181-61108D2EDD8D} - System32\Tasks\{95468CA5-52BF-4AE4-941D-B0776D7CE565} => pcalua.exe -a "F:\Program Files\AVG\AVG10\avgmfapx.exe" -d "F:\Program Files\AVG\AVG10"
Task: C:\Windows\Tasks\PCFix.job => F:\Program Files\PCFix\PCFix.exe
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 [146]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [250]
AlternateDataStreams: C:\ProgramData\TEMP:EC2E1DEC [464]
E trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\...\sony.com -> sony.com
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableRegistryTools => value removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => value removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1 => value removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2 => value removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"C:\Windows\system32\GroupPolicy\User" => not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => value removed successfully
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => key not found.
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\i0dhxcdg.default-1421624698079\extensions\ascsurfingprotection@iobit.com => path removed successfully
C:\Program Files (x86)\IObit Apps Toolbar\FF => path removed successfully
ae9zca2v => service not found.
catchme => service not found.
cpuz135 => service not found.
vysylcel => service not found.
C:\Windows\system32\Trojorm Removal Tool v1.5.bat => moved successfully
C:\fixfolder.vbs => moved successfully
C:\Trojorm Removal Tool v1.5.bat => moved successfully
C:\Windows\Tasks\{6CEAEECA-8AEF-4C9F-B1CF-BB7EB4004304}.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{170DD84D-B587-411A-A956-7C0487EF4E85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{170DD84D-B587-411A-A956-7C0487EF4E85} => key removed successfully
C:\Windows\System32\Tasks\{C400245A-358E-448C-812B-795B44F0C3BA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C400245A-358E-448C-812B-795B44F0C3BA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BF5F1CF-3FAA-4EE1-A129-7D5F34C831D8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BF5F1CF-3FAA-4EE1-A129-7D5F34C831D8} => key removed successfully
C:\Windows\System32\Tasks\smadav => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\smadav => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89E9CC5E-A3C3-4BAD-B181-61108D2EDD8D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89E9CC5E-A3C3-4BAD-B181-61108D2EDD8D} => key removed successfully
C:\Windows\System32\Tasks\{95468CA5-52BF-4AE4-941D-B0776D7CE565} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{95468CA5-52BF-4AE4-941D-B0776D7CE565} => key removed successfully
C:\Windows\Tasks\PCFix.job => not found.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":EC2E1DEC" ADS removed successfully.
HKU\E trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\E trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com => key removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com => key removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com => key removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com => key removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com => key removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com => key removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com => key removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com => key removed successfully
HKU\S-1-5-21-3868706217-2309427623-3156016134-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com => key removed successfully


The system needed a reboot.

==== End of Fixlog 23:12:44 ====

Link to comment
Share on other sites

Kan du beskriva vad som hände i din dator, hur kom det skadliga programmet, hur betedde sig datorn efter det etc?

Link to comment
Share on other sites

Programmet kom ifrån ett USB minne som jag använde för att föra över bilder ifrån min gamla dator till denna, däri fanns programmet som jag då trodde var en mapp, Den hette PHOTO.scr, det var den filen som Malwarebytes tog bort senare, men det löste inte skadan som blev.  Här är länken som jag hittade på den. https://howtoremove.guide/photo-scr-virus-windows-removal/

 

När jag klickade på filen så kom det upp en ruta snabbt men sen hände det inget mer, det var inte förrän jag startade om datorn som jag märkte att Aktivitets hanteraren var borta som alternativ när jag tryckte in ctrl-alt-delete.

Sedan när jag kollade upp hur man kunde fixa detta så märkte jag att regedit inte gick att komma in på heller, det stog på båda när jag försökte starta dem att Administratören hade stängt av dem, Jag kunde komma in på regedit och AH efter att jag använde mig av virus effect remover. Försökte ändra inställningarna där men ändringarna återställde sig direkt.

 

Fick ju lite smått panik och laddade ner en jäkla massa skit som jag trodde skulle hjälpa med att få bort skiten, men det gick ju inte alls.

 

Datorn har varit väldigt seg, cpu användingen hoppar upp o ner hela tiden, kan inte komma in på vissa program för dom krashar direkt. En del sidor på nätet gör att firefox fryser i ett par minuter.

Link to comment
Share on other sites

Det ser i alla fall ut som att mycket skadligt och olämpligt har tagits bort.

 

1.

Starta FRST.

Bocka för Addition.txt och skanna sen.

Bifoga de två nya loggarna (klicka på knappen "Använd fullständig editor" för att se hur du bifogar filer) så får vi se hur det ser ut nu.

 

2.

Spara TDSSKiller på Skrivbordet: http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.
Kör programmet TDSSKiller.exe.

Klicka på Start Scan.

Om några malicious hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Om några suspicious hittas så välj Skip och klicka på Continue. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

Bifoga loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

 

3.

Spara gratis RougueKiller på Skrivbordet: http://www.adlice.com/softwares/roguekiller/ Välj "Portable 64 bits".

Stäng av alla program.
Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

Starta RogueKiller.

Klicka på "Start scan"-knappen uppe till höger.
Vänta tills skanningen är klar.
Klicka på "Report"-knappen.
En rapport skapas. Klistra in innehållet i den i ditt svar.
 

4.

Skanna datorn online genom att följa instruktionen på sidan http://support.eset.com/kb2921/ .
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats, viktigt eftersom falsklarm förekommer vid denna noggranna kontroll.
Bocka för:
Scan Archives
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Link to comment
Share on other sites

Programmet kom ifrån ett USB minne som jag använde för att föra över bilder ifrån min gamla dator till denna, däri fanns programmet som jag då trodde var en mapp, Den hette PHOTO.scr, det var den filen som Malwarebytes tog bort senare, men det löste inte skadan som blev.  Här är länken som jag hittade på den. https://howtoremove.guide/photo-scr-virus-windows-removal/

 

När jag klickade på filen så kom det upp en ruta snabbt men sen hände det inget mer, det var inte förrän jag startade om datorn som jag märkte att Aktivitets hanteraren var borta som alternativ när jag tryckte in ctrl-alt-delete.

Sedan när jag kollade upp hur man kunde fixa detta så märkte jag att regedit inte gick att komma in på heller, det stog på båda när jag försökte starta dem att Administratören hade stängt av dem, Jag kunde komma in på regedit och AH efter att jag använde mig av virus effect remover. Försökte ändra inställningarna där men ändringarna återställde sig direkt.

 

Fick ju lite smått panik och laddade ner en jäkla massa skit som jag trodde skulle hjälpa med att få bort skiten, men det gick ju inte alls.

 

Datorn har varit väldigt seg, cpu användingen hoppar upp o ner hela tiden, kan inte komma in på vissa program för dom krashar direkt. En del sidor på nätet gör att firefox fryser i ett par minuter.

 

Det var ingen särskilt bra sida du hittade för enda anledningen till att den finns är att den som skrivit den ska tjäna pengar när du köper dåliga SpywareHunter.

 

Kan du öppna Malwarebytes Anti-Malware och försöka hitta den logg som skapades när den tog bort photo.scr?

I så fall klistra in (eller bifoga om den är lång) för det vore bra att se vad det programmet tyckte att det var för skadligt i den.

Link to comment
Share on other sites

Jaha okej.

 

Tyvärr så finns ju den inte kvar då jag var korkad och tog bort den i samband med att jag tog bort gamla loggar..

 

Kör igenom datorn med roguekiller just nu så skickar in rapporterna efter allt är färdigt.

Link to comment
Share on other sites

Någon sorts bitcoin-miner alltså.

 

Något finns kvar i datorn eftersom åtgärder som fixen med FRST gjorde har ändrats tillbaka, t ex aktiveringen av Aktivitetshanteraren. Har du fortfarande hög CPU-last?

Går det i så fall att se i Aktivitetshanteraren, fliken Processer, vilken process det är som belastar datorn (kom ihåg att välja att visa alla användares processer nertill)?

 

På sidan http://www.virustotal.com klickar du på Choose File -knappen och klistrar in filnamnet nedan i fältet "Filnamn", klicka på Öppna och sedan på Scan it!. Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här.

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

 

Upprepa med: C:\Users\Alexander\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe

 

Hittar Malwarebytes Anti-Malware något om du söker igenom datorn nu?

Link to comment
Share on other sites

Körde igenom datorn med online scannern inatt och hitta ca 650 hot, alla dom filerna blev rensade. Glömde ju naturligtvis att spara loggen på dom, men klockan var sex på morgonen så var som en zombie, får skylla på det ;)

Laddade i samma veva hem ESET antiviruset och aktiverade 30 dagars gratis perioden.

 

AH och regedit går att komma in på nu, det går även att gå in på alla andra program som krashade, steam etc.

 

Laddar upp de andra länkarna du ville ha och söker igenom med Malwarebytes en sista gång, men det verkar som om allt har löst sig :P  Så får tacka så jättemycket för all hjälp, nu vet jag vart jag ska vända mig i fortsättningen om jag behöver proffesionell hjälp :) . Du är en riktig pärla!

 

https://www.virustotal.com/sv/file/47be49370b618ad4150d51c5ba2de4573f1b0e0471c3907d1af8995cba0a5ff0/analysis/1485000309/

https://www.virustotal.com/sv/file/7efd3e402a8befe437c884c1e95549dbf9beabac1c3c338249a14910fa311236/analysis/1485000650/

Link to comment
Share on other sites

Vad roligt att datorn fungerar igen och bara trevligt att kunna hjälpa till :)

 

För att avinstallera FRST är följande en bra metod och om du vill kan det även återställa en del inställningar.

Spara Delfix på Skrivbordet: http://www.bleepingcomputer.com/download/delfix/
Starta programmet.

Se till att det finns bockar framför dessa, men inga andra:
* Remove disinfection tools
* Create registry backup

 

Om du vill även:
* Reset System Settings

Klicka på Run-knappen.
 

 

Se till att ha ett bra och uppdaterat antivirusprogram i fortsättningen.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...