Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Removal of adchoices [Solved]

adware

  • This topic is locked This topic is locked
15 replies to this topic

#1 matswahl

matswahl

    New Member

  • Authentic Member
  • Pip
  • 8 posts

Posted 23 October 2014 - 12:30 PM

Have tried now for several weeks to get rid of this irritating malware but unfortunately without any success. By this I hope any of you more skilled people can help me in my quest. As you can see my latest effort was to install Adaware....

 

Thank you in advance!

 

Logs:

 

 

aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software
Run date: 2014-10-23 20:07:05
-----------------------------
20:07:05.402    OS Version: Windows x64 6.2.9200 
20:07:05.402    Number of processors: 4 586 0x4501
20:07:05.403    ComputerName: WAHL-LAPTOP  UserName: Wahl
20:07:08.318    Initialize success
20:07:08.356    VM: initialized successfully
20:07:08.419    VM: Intel CPU BiosDisabled 
20:07:17.323    VM: disk I/O iaStorA.sys
20:10:52.388    AVAST engine defs: 14102300
20:13:04.745    The log file has been saved successfully to "C:\Users\Wahl\Desktop\aswMBR.txt"
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Wahl (administrator) on WAHL-LAPTOP on 23-10-2014 20:16:36
Running from C:\Users\Wahl\Desktop
Loaded Profile: Wahl (Available profiles: Wahl & Administratör)
Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Wahl\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Wahl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\...\Run: [Spotify] => C:\Users\Wahl\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-17] (Spotify Ltd)
HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\...\Run: [Spotify Web Helper] => C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-17] (Spotify Ltd)
HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\...\Run: [GoogleChromeAutoLaunch_A7B7C26D1B49638D0DBD0CEB89A8CE09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
Startup: C:\Users\Wahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch...&u=___userid___
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM - {74600F6A-B7B1-4B27-8114-FE1A678C8B07} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {74600F6A-B7B1-4B27-8114-FE1A678C8B07} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = 
SearchScopes: HKCU - {74600F6A-B7B1-4B27-8114-FE1A678C8B07} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
CHR Extension: (Google Drive) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (YouTube) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Sök på Google) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (Spara på Google Drive) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-10]
CHR Extension: (Google Wallet) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Gmail) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-07-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-07-10] (BitDefender LLC)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [408136 2013-05-09] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2014-04-20] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
U3 aswMBR; \??\C:\Users\Wahl\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Wahl\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 20:16 - 2014-10-23 20:16 - 00019586 _____ () C:\Users\Wahl\Desktop\FRST.txt
2014-10-23 20:16 - 2014-10-23 20:16 - 00000000 ____D () C:\FRST
2014-10-23 20:15 - 2014-10-23 20:15 - 02112000 _____ (Farbar) C:\Users\Wahl\Desktop\FRST64.exe
2014-10-23 20:13 - 2014-10-23 20:13 - 00000597 _____ () C:\Users\Wahl\Desktop\aswMBR.txt
2014-10-23 20:06 - 2014-10-23 20:06 - 05192704 _____ (AVAST Software) C:\Users\Wahl\Downloads\aswMBR (1).exe
2014-10-23 19:44 - 2014-10-23 19:44 - 05192704 _____ (AVAST Software) C:\Users\Wahl\Desktop\aswMBR.exe
2014-10-22 06:19 - 2014-09-30 00:49 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-22 06:19 - 2014-09-30 00:49 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-18 08:39 - 2014-07-12 06:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-10-18 08:39 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-10-18 08:39 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-10-18 08:39 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-10-18 08:39 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-10-18 08:39 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-10-18 08:39 - 2014-07-12 06:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-10-18 08:39 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-10-18 08:39 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-10-18 08:39 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-10-18 08:39 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-10-18 08:39 - 2014-07-12 06:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-10-18 08:39 - 2014-07-12 02:02 - 00478352 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-10-18 08:39 - 2014-07-12 02:00 - 00478352 _____ () C:\WINDOWS\system32\locale.nls
2014-10-18 08:39 - 2014-07-09 00:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-10-18 08:39 - 2014-07-09 00:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-10-18 08:39 - 2014-07-09 00:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-10-18 08:39 - 2014-07-09 00:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-10-18 08:39 - 2014-07-07 07:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2014-10-18 08:39 - 2014-07-07 07:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-10-18 08:39 - 2014-07-04 12:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-10-18 08:39 - 2014-07-03 03:59 - 01824784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-18 08:39 - 2014-07-03 02:30 - 01408952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-18 08:39 - 2014-06-28 09:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-10-18 08:39 - 2014-06-28 08:57 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-10-18 08:39 - 2014-06-28 08:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-10-18 08:39 - 2014-06-25 09:09 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-18 08:39 - 2014-06-25 09:07 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-18 08:39 - 2014-06-18 01:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-10-18 08:39 - 2014-06-18 01:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-10-18 08:39 - 2014-06-11 16:47 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-10-18 08:39 - 2014-06-11 06:40 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-10-18 08:39 - 2014-06-11 00:44 - 01403896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-10-18 08:39 - 2014-05-30 01:31 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-18 08:39 - 2014-05-30 01:03 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-18 08:39 - 2014-02-04 12:57 - 01271664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-10-18 08:38 - 2014-10-10 06:47 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-18 08:38 - 2014-10-10 06:47 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-18 08:38 - 2014-10-08 06:26 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-18 08:38 - 2014-09-28 06:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-18 08:38 - 2014-09-20 07:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-18 08:38 - 2014-09-20 07:17 - 02236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-18 08:38 - 2014-09-20 07:17 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-18 08:38 - 2014-09-20 07:17 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-10-18 08:38 - 2014-09-20 07:17 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 19280896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-10-18 08:38 - 2014-09-20 07:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-10-18 08:38 - 2014-09-20 07:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-18 08:38 - 2014-09-20 07:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-10-18 08:38 - 2014-09-20 07:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 13757952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-10-18 08:38 - 2014-09-20 05:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-10-18 08:38 - 2014-09-20 05:56 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-18 08:38 - 2014-09-20 05:56 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-10-18 08:38 - 2014-09-20 05:56 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-18 08:38 - 2014-09-20 05:38 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-10-18 08:38 - 2014-09-20 05:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-10-18 08:38 - 2014-09-20 03:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-10-18 08:38 - 2014-09-13 07:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-18 08:38 - 2014-09-13 06:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-18 08:38 - 2014-09-03 04:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-18 08:38 - 2014-09-03 04:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-18 08:38 - 2014-07-07 07:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2014-10-18 08:38 - 2014-07-07 07:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-10-18 08:38 - 2014-07-07 07:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-10-18 08:38 - 2014-07-07 07:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2014-10-18 08:38 - 2014-07-07 07:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-18 08:38 - 2014-07-07 06:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2014-10-18 08:38 - 2014-07-07 06:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2014-10-18 08:38 - 2014-07-07 06:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-18 08:38 - 2014-07-07 05:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2014-10-18 08:37 - 2014-09-18 01:24 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-18 08:37 - 2014-09-18 00:56 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-18 08:37 - 2014-08-30 07:48 - 10115072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-18 08:37 - 2014-08-30 07:46 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-18 08:37 - 2014-08-30 06:05 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-18 08:37 - 2014-08-30 06:03 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-18 08:37 - 2014-08-02 00:08 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-18 08:37 - 2014-07-24 15:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-10-18 08:37 - 2014-07-17 01:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2014-10-18 08:37 - 2014-07-17 00:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-10-18 08:37 - 2014-07-17 00:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2014-10-18 08:37 - 2014-07-12 08:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2014-10-18 08:37 - 2014-07-12 06:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-10-18 08:37 - 2014-07-12 06:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-10-18 08:37 - 2014-07-12 06:34 - 00404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-10-18 08:37 - 2014-07-12 06:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-10-18 08:37 - 2014-06-28 08:57 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-10-18 08:37 - 2014-06-28 04:23 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-10-18 08:37 - 2014-06-13 01:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-10-18 08:37 - 2014-06-13 01:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-27 08:21 - 2014-09-27 08:21 - 00000000 _____ () C:\autoexec.bat
2014-09-27 08:20 - 2014-10-23 19:47 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-27 08:20 - 2014-09-27 08:20 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-27 08:17 - 2014-09-27 08:17 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Wahl\Downloads\SpyHunter-Installer.exe
2014-09-23 20:38 - 2014-09-27 08:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-23 20:38 - 2014-09-27 08:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-23 20:37 - 2014-09-23 20:37 - 01055416 _____ (Microsoft Corporation) C:\Users\Wahl\Downloads\Setup.x86.sv-SE_ProPlusRetail_BQGPH-NXHXH-XHJHX-M2THX-XKVT3_act_1_.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-23 19:56 - 2014-04-10 12:33 - 00001014 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 19:13 - 2014-05-01 17:31 - 00000000 ____D () C:\Users\Wahl\AppData\Roaming\Spotify
2014-10-23 19:09 - 2014-05-01 17:32 - 00000000 ____D () C:\Users\Wahl\AppData\Local\Spotify
2014-10-23 19:09 - 2014-04-10 12:49 - 00000000 ____D () C:\Users\Wahl\AppData\Roaming\Dropbox
2014-10-23 19:09 - 2014-03-08 18:23 - 00000000 ___RD () C:\Users\Wahl\Dropbox
2014-10-23 19:08 - 2014-04-10 12:33 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 19:04 - 2014-08-31 03:57 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-10-23 19:03 - 2014-05-23 22:43 - 00000352 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForWahl.job
2014-10-23 19:03 - 2012-08-04 00:23 - 00609974 _____ () C:\WINDOWS\PFRO.log
2014-10-23 19:03 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-23 19:02 - 2014-07-12 19:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-23 19:02 - 2014-04-07 21:07 - 01919660 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-23 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-10-23 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-10-22 20:34 - 2014-05-23 22:43 - 00003164 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForWahl
2014-10-22 20:34 - 2014-04-07 18:34 - 00000000 ____D () C:\Users\Wahl
2014-10-22 18:27 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-22 17:56 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-22 06:16 - 2014-04-10 09:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-22 06:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-22 06:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-22 06:11 - 2014-04-10 09:40 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-11 08:33 - 2014-04-11 20:05 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-10-11 08:33 - 2014-04-11 20:05 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-04 08:06 - 2014-04-10 07:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2413700451-3622536314-1208494308-1001
2014-10-01 21:04 - 2014-04-07 21:08 - 00000000 ____D () C:\Users\Wahl\AppData\Local\Packages
 
Some content of TEMP:
====================
C:\Users\Wahl\AppData\Local\Temp\1aaa0098-834f-4f4b-9b1f-ab7cf66b1e4b.exe
C:\Users\Wahl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1vjg2f.dll
C:\Users\Wahl\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 21:30
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by Wahl at 2014-10-23 20:17:24
Running from C:\Users\Wahl\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9329FB02-864A-0B4D-B98E-EDECF804F22B}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.5.3606 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.4.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3224 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 8.0.3.30619 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 - sv-se (HKLM\...\ProPlusRetail - sv-se) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Liven peruspaketti (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
XnView 2.20 (HKLM-x32\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Windows.old\Users\Wahl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
27-09-2014 06:20:30 Installed SpyHunter
12-10-2014 15:12:04 Schemalagd kontrollpunkt
18-10-2014 10:55:24 Windows Update
22-10-2014 04:09:14 Windows Update
23-10-2014 17:44:49 Removed SpyHunter
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2014-08-10 19:10 - 00000860 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {171F04DE-14E2-43FC-8C1A-45D8A3F8A4D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-09-27] (Microsoft Corporation)
Task: {1A8213AE-ADD8-4CBE-AC00-1E3BC7708818} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3CBF1437-CE82-4D9A-9F82-76352C17EBDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {524BB629-FAD3-4931-ABBE-26FD336D2283} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {55A0EE66-FDE4-450F-BEAB-490AC4DC7116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
Task: {5E84E09A-3C4E-415C-9B17-120E5E1157B8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {83570FA4-3FB9-4A1D-B365-26F2191C3D14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {9D28A397-D9A9-4683-BC17-9A2D25919A9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ADD1DED2-2B3C-48A1-9059-153DDE7EB8D8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-22] (Microsoft Corporation)
Task: {B6FC4CCC-FB63-4357-84DC-512E583BC8F4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {C6918C91-ABC3-4F9E-BBEE-B2F972E09C8C} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => Rundll32.exe ResetEng.dll,RjvLogSuccessEntryPoint
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CD4AF338-03D8-445E-A1BD-4CCE050A4919} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {CF6D3F03-CF05-47EC-AE49-B4C041A8D579} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D3E80345-A32B-480E-8AD3-7C4D726FB089} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\WINDOWS\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {D9082D01-9DB4-4582-B7A0-F65EABF31235} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-09-27] (Microsoft Corporation)
Task: {DDD3AE31-4E78-4E31-915F-917FA55F3024} - System32\Tasks\HPCeeScheduleForWahl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F6AB6D3B-E5FD-4EBE-B655-EB8120EEBEF8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {F885D1E6-2FDA-468D-A11B-E3B319DA8A44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForWahl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-27 07:49 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-27 12:32 - 2014-08-27 12:32 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 11947856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 02167640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00943960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01105224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00247624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00988504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01277248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00975192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01109336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00891720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00843088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 03090768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02624848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01238848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll
2014-08-27 12:52 - 2014-08-27 12:52 - 00928072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll
2014-08-27 12:53 - 2014-08-27 12:53 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll
2014-08-31 03:57 - 2014-07-10 14:08 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2014-07-10 14:09 - 2014-08-31 04:58 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2014-07-10 14:09 - 2014-08-31 04:58 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2014-07-10 14:09 - 2014-08-31 04:58 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2014-07-10 14:09 - 2014-08-31 04:58 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2014-08-27 12:52 - 2014-08-27 12:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll
2014-05-01 17:32 - 2014-10-17 07:34 - 00613944 _____ () C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-10-05 23:10 - 2013-05-08 23:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-05-01 17:32 - 2014-10-17 07:34 - 36966968 _____ () C:\Users\Wahl\AppData\Roaming\Spotify\Data\libcef.dll
2014-10-23 19:09 - 2014-10-23 19:09 - 00043008 _____ () c:\users\wahl\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1vjg2f.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Wahl\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-03 09:50 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-07-20 22:03 - 2014-10-17 07:34 - 00867896 _____ () C:\Users\Wahl\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-05-01 17:32 - 2014-10-17 07:34 - 00886840 _____ () C:\Users\Wahl\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-05-01 17:32 - 2014-10-17 07:34 - 00108600 _____ () C:\Users\Wahl\AppData\Roaming\Spotify\Data\libegl.dll
2014-10-17 19:59 - 2014-10-10 04:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-17 19:59 - 2014-10-10 04:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-17 19:59 - 2014-10-10 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-17 19:59 - 2014-10-10 04:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-17 19:59 - 2014-10-10 04:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Wahl\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\Software\Classes\exefile:  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "AdAwareTray"
 
========================= Accounts: ==========================
 
Administratör (S-1-5-21-2413700451-3622536314-1208494308-500 - Administrator - Disabled) => C:\Users\Administrator
Gäst (S-1-5-21-2413700451-3622536314-1208494308-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2413700451-3622536314-1208494308-1005 - Limited - Enabled)
Wahl (S-1-5-21-2413700451-3622536314-1208494308-1001 - Administrator - Enabled) => C:\Users\Wahl
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/23/2014 05:59:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203
 
Error: (10/23/2014 05:59:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203
 
Error: (10/23/2014 05:59:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/23/2014 05:42:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32375265
 
Error: (10/23/2014 05:42:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32375265
 
Error: (10/23/2014 05:42:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/22/2014 08:43:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140
 
Error: (10/22/2014 08:43:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140
 
Error: (10/22/2014 08:43:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/22/2014 07:09:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2034938
 
 
System errors:
=============
Error: (10/23/2014 07:03:27 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Den här datorn är konfigurerad som medlem i en arbetsgrupp,
och inte som medlem i en domän. Tjänsten Netlogon behöver inte vara igång
i den här konfigurationen.
 
Error: (10/23/2014 07:03:14 PM) (Source: Service Control Manager) (EventID: 7018) (User: )
Description: Identifierade cirkulärt tjänstberoende vid automatisk start av tjänster. Kontrollera trädet med tjänstberoenden.
 
Error: (10/23/2014 07:03:14 PM) (Source: Service Control Manager) (EventID: 7019) (User: )
Description: Tjänsten EsgScanner är beroende av en tjänst i en grupp som startar senare. Ändra ordningen i trädet med tjänstberoenden om du vill säkerställa att alla tjänster som krävs för att starta den här tjänsten startar före den här tjänsten.
 
Error: (10/23/2014 07:03:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten sbapifs kunde inte startas på grund av följande fel: 
%%2
 
Error: (10/23/2014 05:59:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten CyberLink PowerDVD 12 Media Server Service avslutades oväntat. Detta har skett 3 gånger.
 
Error: (10/22/2014 08:43:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten CyberLink PowerDVD 12 Media Server Service avslutades oväntat. Detta har skett 2 gånger.
 
Error: (10/22/2014 06:35:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten CyberLink PowerDVD 12 Media Server Service avslutades oväntat. Detta har skett 1 gånger.
 
Error: (10/22/2014 05:53:42 PM) (Source: Schannel) (EventID: 4120) (User: NT instans)
Description: Ett allvarligt fel uppstod och skickades till fjärrslutpunkten. Det kan leda till att anslutningen bryts. Koden för det allvarliga felet som definieras i TLS-protokollet är 70. Feltillståndet i Windows SChannel är 105.
 
Error: (10/22/2014 06:18:57 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Den här datorn är konfigurerad som medlem i en arbetsgrupp,
och inte som medlem i en domän. Tjänsten Netlogon behöver inte vara igång
i den här konfigurationen.
 
Error: (10/22/2014 06:18:54 AM) (Source: Service Control Manager) (EventID: 7018) (User: )
Description: Identifierade cirkulärt tjänstberoende vid automatisk start av tjänster. Kontrollera trädet med tjänstberoenden.
 
 
Microsoft Office Sessions:
=========================
Error: (10/23/2014 05:59:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203
 
Error: (10/23/2014 05:59:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203
 
Error: (10/23/2014 05:59:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/23/2014 05:42:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32375265
 
Error: (10/23/2014 05:42:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32375265
 
Error: (10/23/2014 05:42:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/22/2014 08:43:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140
 
Error: (10/22/2014 08:43:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140
 
Error: (10/22/2014 08:43:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/22/2014 07:09:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2034938
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 31%
Total physical RAM: 7962.14 MB
Available physical RAM: 5433.26 MB
Total Pagefile: 9178.14 MB
Available Pagefile: 6413.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:909.72 GB) (Free:785.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.68 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 335F744C)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 October 2014 - 04:13 AM

:welcome:

 

All our tools and scanners run more efficiently when downloaded and run from the desktop

 

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 matswahl

    matswahl

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 25 October 2014 - 02:17 AM

    Hi ken545 and thanks for taking on my issues, here my logs

     

    # AdwCleaner v3.020 - Report created 06/03/2014 at 21:07:29
    # Updated 27/02/2014 by Xplode
    # Operating System : Windows 8  (64 bits)
    # Username : Wahl - WAHL-LAPTOP
    # Running from : C:\Users\Wahl\Downloads\adwcleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\Software\caphyon
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v10.0.9200.16798
     
     
    -\\ Google Chrome v33.0.1750.146
     
    [ File : C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [931 octets] - [06/03/2014 21:06:10]
    AdwCleaner[S0].txt - [859 octets] - [06/03/2014 21:07:29]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [918 octets] ##########
    # AdwCleaner v4.001 - Report created 25/10/2014 at 09:37:05
    # DB v2014-10-23.2
    # Updated 20/10/2014 by Xplode
    # Operating System : Windows 8  (64 bits)
    # Username : Wahl - WAHL-LAPTOP
    # Running from : C:\Users\Wahl\Desktop\AdwCleaner (1).exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Users\Wahl\AppData\LocalLow\adawaretb
    Folder Deleted : C:\ProgramData\Search Protection
    Folder Deleted : C:\Users\Wahl\AppData\Roaming\SecureSearch
    Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
    Folder Deleted : C:\Program Files\Enigma Software Group
    File Deleted : C:\Users\Wahl\AppData\Local\Temp\EsgScanner.sys
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKLM\SOFTWARE\adawaretb
    Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v10.0.9200.17116
     
     
    -\\ Google Chrome v38.0.2125.104
     
     
    *************************
     
    AdwCleaner[R0].txt - [2789 octets] - [06/03/2014 22:06:10]
    AdwCleaner[R1].txt - [1918 octets] - [25/10/2014 09:34:34]
    AdwCleaner[S0].txt - [2677 octets] - [06/03/2014 22:07:29]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2737 octets] ##########
     
     
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
     
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 2014-10-25
    Scan Time: 09:55:51
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.10.25.01
    Rootkit Database: v2014.10.22.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Wahl
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 348028
    Time Elapsed: 18 min, 43 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #4 matswahl

    matswahl

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 25 October 2014 - 02:26 AM

    Apparently these programs did not removed adchoices, but one odd change in character though. Now adchoices seems to have "converted" into swedish (when I hold the mouse pointer on the adchoice icon in the upper rhight corner of the add it shows the text "annonsval" which is swedish for the same meaning....)

     

    Never happened before



    #5 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 25 October 2014 - 04:34 AM

    Go ahead and run a new scan with FRST, be sure to checkmark Additions and post both new logs please



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #6 matswahl

    matswahl

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 25 October 2014 - 04:52 AM

    OK, here are the logs

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014
    Ran by Wahl at 2014-10-25 12:50:26
    Running from C:\Users\Wahl\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Ad-Aware Antivirus (HKLM\...\{E39A80AE-0CC0-43EE-AB6B-BE11DC4F969F}_AdAwareUpdater) (Version: 11.3.6321.0 - Lavasoft)
    AdAwareInstaller (Version: 11.3.6321.0 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.3.6321.0 - Lavasoft) Hidden
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    AMD Catalyst Install Manager (HKLM\...\{9329FB02-864A-0B4D-B98E-EDECF804F22B}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
    AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Profiles Mobile (x32 Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2013.0518.0333.4496 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2013.0518.334.4496 - Advanced Micro Devices, Inc.) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
    CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
    CyberLink Media Suite 10 (x32 Version: 10.0.5.3606 - CyberLink Corp.) Hidden
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
    Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
    CyberLink Power2Go 8 (x32 Version: 8.0.4.3202 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
    CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
    CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
    HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
    HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
    HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3224 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
    Intel® Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
    Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 8.0.3.30619 - Juniper Networks)
    Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 8.0.3.44983 - Juniper Networks)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft Office Professional Plus 2013 - sv-se (HKLM\...\ProPlusRetail - sv-se) (Version: 15.0.4659.1001 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
    Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
    Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Liven peruspaketti (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    XnView 2.20 (HKLM-x32\...\XnView_is1) (Version: 2.20 - Gougelet Pierre-e)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Windows.old\Users\Wahl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2413700451-3622536314-1208494308-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
     
    ==================== Restore Points  =========================
     
    27-09-2014 06:20:30 Installed SpyHunter
    12-10-2014 15:12:04 Schemalagd kontrollpunkt
    18-10-2014 10:55:24 Windows Update
    22-10-2014 04:09:14 Windows Update
    23-10-2014 17:44:49 Removed SpyHunter
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2012-07-26 07:26 - 2014-08-10 19:10 - 00000860 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {0C626775-4A72-404D-83A1-32797912A29A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
    Task: {1A8213AE-ADD8-4CBE-AC00-1E3BC7708818} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {3CBF1437-CE82-4D9A-9F82-76352C17EBDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {509AC696-9E87-4A20-8544-093C4B2C0261} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
    Task: {524BB629-FAD3-4931-ABBE-26FD336D2283} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {55A0EE66-FDE4-450F-BEAB-490AC4DC7116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-10] (Google Inc.)
    Task: {57847A12-9E37-43E0-B2AE-AF1C85375604} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
    Task: {5E84E09A-3C4E-415C-9B17-120E5E1157B8} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {83570FA4-3FB9-4A1D-B365-26F2191C3D14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
    Task: {9D28A397-D9A9-4683-BC17-9A2D25919A9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {ADB4BDC2-78E5-4AB5-A018-D8568D8B9DC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
    Task: {ADD1DED2-2B3C-48A1-9059-153DDE7EB8D8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-22] (Microsoft Corporation)
    Task: {B6FC4CCC-FB63-4357-84DC-512E583BC8F4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {C6918C91-ABC3-4F9E-BBEE-B2F972E09C8C} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => Rundll32.exe ResetEng.dll,RjvLogSuccessEntryPoint
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {CF6D3F03-CF05-47EC-AE49-B4C041A8D579} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {D3E80345-A32B-480E-8AD3-7C4D726FB089} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\WINDOWS\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
    Task: {DDD3AE31-4E78-4E31-915F-917FA55F3024} - System32\Tasks\HPCeeScheduleForWahl => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {F6AB6D3B-E5FD-4EBE-B655-EB8120EEBEF8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
    Task: {F885D1E6-2FDA-468D-A11B-E3B319DA8A44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForWahl.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-09-27 07:49 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-08-27 12:32 - 2014-08-27 12:32 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
    2014-08-27 12:53 - 2014-08-27 12:53 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_thread-vc100-mt-1_55.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_system-vc100-mt-1_55.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_date_time-vc100-mt-1_55.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_filesystem-vc100-mt-1_55.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_chrono-vc100-mt-1_55.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 11947856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareServiceKernel.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\RCF.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_regex-vc100-mt-1_55.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareActivation.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 02167640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareApplicationUpdater.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareGamingMode.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareReset.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTime.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00943960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdater.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareDefinitionsUpdaterScheduler.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01105224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIgnoreList.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00247624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareQuarantine.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00988504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiMalwareEngine.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiRootkitEngine.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerHistory.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01277248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScanner.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\boost_timer-vc100-mt-1_55.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00975192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareScannerScheduler.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01109336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareRealTimeProtection.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareIncompatibles.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00891720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiSpam.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00843088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAntiPhishing.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 03090768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareParentalControl.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 02624848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareWebProtection.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareEmailProtection.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNetworkProtection.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePromo.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareFeedback.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareThreatWorkAlliance.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01238848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwarePinCode.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareNotice.dll
    2014-08-27 12:52 - 2014-08-27 12:52 - 00928072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareAvcEngine.dll
    2014-08-27 12:53 - 2014-08-27 12:53 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\SecurityCenter.dll
    2014-08-31 03:57 - 2014-07-10 14:08 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
    2014-07-10 14:09 - 2014-08-31 04:58 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
    2014-07-10 14:09 - 2014-08-31 04:58 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
    2014-07-10 14:09 - 2014-08-31 04:58 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
    2014-07-10 14:09 - 2014-08-31 04:58 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
    2014-08-27 12:52 - 2014-08-27 12:52 - 02745168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareShellExtension.dll
    2014-10-25 09:41 - 2014-10-25 09:41 - 00043008 _____ () c:\users\wahl\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbnqali.dll
    2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Wahl\AppData\Roaming\Dropbox\bin\libcef.dll
    2014-05-03 09:50 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2013-10-05 23:10 - 2013-05-08 23:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
    2014-10-17 19:59 - 2014-10-10 04:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
    2014-10-17 19:59 - 2014-10-10 04:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
    2014-10-17 19:59 - 2014-10-10 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
    2014-10-17 19:59 - 2014-10-10 04:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
    2014-10-17 19:59 - 2014-10-10 04:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Users\Wahl\SkyDrive:ms-properties
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
    HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
    HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\Software\Classes\exefile:  <===== ATTENTION!
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    HKLM\...\StartupApproved\Run: => "AdAwareTray"
     
    ========================= Accounts: ==========================
     
    Administratör (S-1-5-21-2413700451-3622536314-1208494308-500 - Administrator - Disabled) => C:\Users\Administrator
    Gäst (S-1-5-21-2413700451-3622536314-1208494308-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2413700451-3622536314-1208494308-1005 - Limited - Enabled)
    Wahl (S-1-5-21-2413700451-3622536314-1208494308-1001 - Administrator - Enabled) => C:\Users\Wahl
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
    Error: (10/25/2014 10:57:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: Tjänsten CyberLink PowerDVD 12 Media Server Service avslutades oväntat. Detta har skett 1 gånger.
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 32%
    Total physical RAM: 7962.14 MB
    Available physical RAM: 5355.63 MB
    Total Pagefile: 9178.14 MB
    Available Pagefile: 6011.52 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:909.72 GB) (Free:784.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:20.68 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 335F744C)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================
     
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
    Ran by Wahl (administrator) on WAHL-LAPTOP on 25-10-2014 12:49:55
    Running from C:\Users\Wahl\Desktop
    Loaded Profile: Wahl (Available profiles: Wahl & Administratör)
    Platform: Windows 8 (X64) OS Language: Svenska (Sverige)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Spotify Ltd) C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Dropbox, Inc.) C:\Users\Wahl\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareTray.exe [8886592 2014-08-27] ()
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-18] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\...\Run: [Spotify] => C:\Users\Wahl\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-17] (Spotify Ltd)
    HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\...\Run: [Spotify Web Helper] => C:\Users\Wahl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-17] (Spotify Ltd)
    HKU\S-1-5-21-2413700451-3622536314-1208494308-1001\...\Run: [GoogleChromeAutoLaunch_A7B7C26D1B49638D0DBD0CEB89A8CE09] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
    Startup: C:\Users\Wahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Wahl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON13/11
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON13/11
    SearchScopes: HKLM - {74600F6A-B7B1-4B27-8114-FE1A678C8B07} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKLM-x32 - {74600F6A-B7B1-4B27-8114-FE1A678C8B07} URL = http://www.amazon.co...s={searchTerms}
    SearchScopes: HKCU - {74600F6A-B7B1-4B27-8114-FE1A678C8B07} URL = 
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Dokument) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-10]
    CHR Extension: (Google Drive) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
    CHR Extension: (YouTube) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
    CHR Extension: (Sök på Google) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
    CHR Extension: (Spara på Google Drive) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-04-10]
    CHR Extension: (Google Wallet) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
    CHR Extension: (Gmail) - C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
    R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
    R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
    R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.3.6321.0\AdAwareService.exe [706864 2014-08-27] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
    R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
    R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
    R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-07-10] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-07-10] (BitDefender LLC)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-25] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
    U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [408136 2013-05-09] (Realsil Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2014-04-20] (Realtek Semiconductor Corporation                           )
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-25 12:49 - 2014-10-25 12:49 - 00000000 ____D () C:\Users\Wahl\Desktop\FRST-OlderVersion
    2014-10-25 09:50 - 2014-10-25 09:50 - 00001339 _____ () C:\Users\Wahl\Desktop\JRT.txt
    2014-10-25 09:47 - 2014-10-25 09:47 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-10-25 09:44 - 2014-10-25 09:44 - 01706144 _____ (Thisisu) C:\Users\Wahl\Desktop\JRT.exe
    2014-10-25 09:43 - 2014-10-25 10:15 - 00003974 _____ () C:\Users\Wahl\Desktop\20141025.txt
    2014-10-25 09:38 - 2014-10-25 09:38 - 00432096 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-10-25 09:34 - 2014-10-25 09:34 - 00000056 _____ () C:\Users\Wahl\Desktop\tråden.txt
    2014-10-25 09:33 - 2014-10-25 09:33 - 01962496 _____ () C:\Users\Wahl\Downloads\AdwCleaner (1).exe
    2014-10-25 09:26 - 2014-10-25 09:26 - 01962496 _____ () C:\Users\Wahl\Desktop\AdwCleaner (1).exe
    2014-10-23 20:17 - 2014-10-23 20:17 - 00039115 _____ () C:\Users\Wahl\Desktop\Addition.txt
    2014-10-23 20:16 - 2014-10-25 12:50 - 00018994 _____ () C:\Users\Wahl\Desktop\FRST.txt
    2014-10-23 20:16 - 2014-10-25 12:49 - 00000000 ____D () C:\FRST
    2014-10-23 20:15 - 2014-10-25 12:49 - 02112512 _____ (Farbar) C:\Users\Wahl\Desktop\FRST64.exe
    2014-10-23 20:13 - 2014-10-23 20:13 - 00000597 _____ () C:\Users\Wahl\Desktop\aswMBR.txt
    2014-10-23 20:06 - 2014-10-23 20:06 - 05192704 _____ (AVAST Software) C:\Users\Wahl\Downloads\aswMBR (1).exe
    2014-10-23 19:44 - 2014-10-23 19:44 - 05192704 _____ (AVAST Software) C:\Users\Wahl\Desktop\aswMBR.exe
    2014-10-22 06:19 - 2014-09-30 00:49 - 00705480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-10-22 06:19 - 2014-09-30 00:49 - 00104904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-18 08:39 - 2014-07-12 06:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
    2014-10-18 08:39 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
    2014-10-18 08:39 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
    2014-10-18 08:39 - 2014-07-12 06:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
    2014-10-18 08:39 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
    2014-10-18 08:39 - 2014-07-12 06:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
    2014-10-18 08:39 - 2014-07-12 06:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
    2014-10-18 08:39 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
    2014-10-18 08:39 - 2014-07-12 06:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
    2014-10-18 08:39 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
    2014-10-18 08:39 - 2014-07-12 06:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
    2014-10-18 08:39 - 2014-07-12 06:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
    2014-10-18 08:39 - 2014-07-12 02:02 - 00478352 _____ () C:\WINDOWS\SysWOW64\locale.nls
    2014-10-18 08:39 - 2014-07-12 02:00 - 00478352 _____ () C:\WINDOWS\system32\locale.nls
    2014-10-18 08:39 - 2014-07-09 00:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
    2014-10-18 08:39 - 2014-07-09 00:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
    2014-10-18 08:39 - 2014-07-09 00:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2014-10-18 08:39 - 2014-07-09 00:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
    2014-10-18 08:39 - 2014-07-07 07:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2014-10-18 08:39 - 2014-07-07 07:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2014-10-18 08:39 - 2014-07-04 12:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
    2014-10-18 08:39 - 2014-07-03 03:59 - 01824784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-10-18 08:39 - 2014-07-03 02:30 - 01408952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-10-18 08:39 - 2014-06-28 09:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
    2014-10-18 08:39 - 2014-06-28 08:57 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2014-10-18 08:39 - 2014-06-28 08:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2014-10-18 08:39 - 2014-06-25 09:09 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2014-10-18 08:39 - 2014-06-25 09:07 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-10-18 08:39 - 2014-06-18 01:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2014-10-18 08:39 - 2014-06-18 01:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2014-10-18 08:39 - 2014-06-11 16:47 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2014-10-18 08:39 - 2014-06-11 06:40 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2014-10-18 08:39 - 2014-06-11 00:44 - 01403896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2014-10-18 08:39 - 2014-05-30 01:31 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2014-10-18 08:39 - 2014-05-30 01:03 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2014-10-18 08:39 - 2014-02-04 12:57 - 01271664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2014-10-18 08:38 - 2014-10-10 06:47 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-10-18 08:38 - 2014-10-10 06:47 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-10-18 08:38 - 2014-10-08 06:26 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-10-18 08:38 - 2014-09-28 06:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-10-18 08:38 - 2014-09-20 07:18 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-10-18 08:38 - 2014-09-20 07:17 - 02236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-10-18 08:38 - 2014-09-20 07:17 - 01407488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-10-18 08:38 - 2014-09-20 07:17 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
    2014-10-18 08:38 - 2014-09-20 07:17 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 19280896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-10-18 08:38 - 2014-09-20 07:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-10-18 08:38 - 2014-09-20 07:15 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-10-18 08:38 - 2014-09-20 07:15 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-10-18 08:38 - 2014-09-20 07:15 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 13757952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 01180672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-10-18 08:38 - 2014-09-20 05:57 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-10-18 08:38 - 2014-09-20 05:56 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-10-18 08:38 - 2014-09-20 05:56 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-10-18 08:38 - 2014-09-20 05:56 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-10-18 08:38 - 2014-09-20 05:38 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-10-18 08:38 - 2014-09-20 05:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-10-18 08:38 - 2014-09-20 03:06 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
    2014-10-18 08:38 - 2014-09-13 07:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2014-10-18 08:38 - 2014-09-13 06:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2014-10-18 08:38 - 2014-09-03 04:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2014-10-18 08:38 - 2014-09-03 04:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2014-10-18 08:38 - 2014-07-07 07:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
    2014-10-18 08:38 - 2014-07-07 07:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2014-10-18 08:38 - 2014-07-07 07:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2014-10-18 08:38 - 2014-07-07 07:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
    2014-10-18 08:38 - 2014-07-07 07:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2014-10-18 08:38 - 2014-07-07 06:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
    2014-10-18 08:38 - 2014-07-07 06:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
    2014-10-18 08:38 - 2014-07-07 06:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2014-10-18 08:38 - 2014-07-07 05:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
    2014-10-18 08:37 - 2014-09-18 01:24 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-10-18 08:37 - 2014-09-18 00:56 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-10-18 08:37 - 2014-08-30 07:48 - 10115072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-10-18 08:37 - 2014-08-30 07:46 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-10-18 08:37 - 2014-08-30 06:05 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-10-18 08:37 - 2014-08-30 06:03 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-10-18 08:37 - 2014-08-02 00:08 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-10-18 08:37 - 2014-07-24 15:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2014-10-18 08:37 - 2014-07-17 01:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
    2014-10-18 08:37 - 2014-07-17 00:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2014-10-18 08:37 - 2014-07-17 00:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
    2014-10-18 08:37 - 2014-07-12 08:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
    2014-10-18 08:37 - 2014-07-12 06:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2014-10-18 08:37 - 2014-07-12 06:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2014-10-18 08:37 - 2014-07-12 06:34 - 00404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2014-10-18 08:37 - 2014-07-12 06:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2014-10-18 08:37 - 2014-06-28 08:57 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2014-10-18 08:37 - 2014-06-28 04:23 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2014-10-18 08:37 - 2014-06-13 01:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-10-18 08:37 - 2014-06-13 01:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-09-27 08:21 - 2014-09-27 08:21 - 00000000 _____ () C:\autoexec.bat
    2014-09-27 08:20 - 2014-10-23 19:47 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-09-27 08:17 - 2014-09-27 08:17 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Wahl\Downloads\SpyHunter-Installer.exe
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-10-25 12:29 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-10-25 10:43 - 2014-09-07 14:58 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-10-25 10:09 - 2014-04-07 21:07 - 01983652 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-10-25 10:02 - 2014-04-10 12:33 - 00001026 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-25 09:54 - 2014-09-07 14:58 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-25 09:54 - 2014-09-07 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-25 09:54 - 2014-09-07 14:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-25 09:44 - 2014-05-01 17:31 - 00000000 ____D () C:\Users\Wahl\AppData\Roaming\Spotify
    2014-10-25 09:42 - 2014-03-08 18:23 - 00000000 ___RD () C:\Users\Wahl\Dropbox
    2014-10-25 09:41 - 2014-04-10 12:49 - 00000000 ____D () C:\Users\Wahl\AppData\Roaming\Dropbox
    2014-10-25 09:40 - 2014-04-10 12:33 - 00001022 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-25 09:39 - 2014-08-31 03:57 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2014-10-25 09:38 - 2012-08-04 00:23 - 00610890 _____ () C:\WINDOWS\PFRO.log
    2014-10-25 09:38 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-10-25 09:37 - 2014-03-06 22:06 - 00000000 ____D () C:\AdwCleaner
    2014-10-25 08:59 - 2014-04-11 20:05 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2014-10-25 08:58 - 2014-04-11 20:05 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-10-25 08:57 - 2014-04-10 12:33 - 00003998 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-10-25 08:57 - 2014-04-10 12:33 - 00003762 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-10-24 13:16 - 2014-09-23 20:38 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-10-23 19:09 - 2014-05-01 17:32 - 00000000 ____D () C:\Users\Wahl\AppData\Local\Spotify
    2014-10-23 19:03 - 2014-05-23 22:43 - 00000352 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForWahl.job
    2014-10-23 19:02 - 2014-07-12 19:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-10-23 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
    2014-10-23 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\en-GB
    2014-10-22 20:34 - 2014-05-23 22:43 - 00003164 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForWahl
    2014-10-22 20:34 - 2014-04-07 18:34 - 00000000 ____D () C:\Users\Wahl
    2014-10-22 18:27 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
    2014-10-22 17:56 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-10-22 06:16 - 2014-04-10 09:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-10-22 06:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-10-22 06:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-10-22 06:11 - 2014-04-10 09:40 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-10-04 08:06 - 2014-04-10 07:23 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2413700451-3622536314-1208494308-1001
    2014-10-01 21:04 - 2014-04-07 21:08 - 00000000 ____D () C:\Users\Wahl\AppData\Local\Packages
    2014-10-01 11:11 - 2014-09-07 14:58 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-10-01 11:11 - 2014-09-07 14:58 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-10-01 11:11 - 2014-09-07 14:58 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-09-27 08:02 - 2014-09-23 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
     
    Some content of TEMP:
    ====================
    C:\Users\Wahl\AppData\Local\Temp\1aaa0098-834f-4f4b-9b1f-ab7cf66b1e4b.exe
    C:\Users\Wahl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbnqali.dll
    C:\Users\Wahl\AppData\Local\Temp\Quarantine.exe
    C:\Users\Wahl\AppData\Local\Temp\SHSetup.exe
    C:\Users\Wahl\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-17 21:30
     
    ==================== End Of Log ============================


    #7 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 25 October 2014 - 07:07 AM

    I am not seeing any reference on your logs for AdChoices ??   See if this helps

     


    Download AVAST-BROWSER-CLEANUP to your desktop
     
  • There is nothing to  install, just right click on it and Run As Adminstrator
  • When its finished scanning it will list Browser Add ONs
  • If if finds Ad choices or any other bogus toolbars
  • Just high light them and select REMOVE
  • Close out the program
  • Reboot your system and test your browsers
  •  


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #8 matswahl

    matswahl

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 25 October 2014 - 07:51 AM

    Nope, it didn´t look like I had any strange add ons...

     

    Here is the log if it is of any use

     

    25.10.2014 15:47:45 (TID: 3068)
    ProductVersion: 9.0.0.224
    Mozilla Firefox Browser
    Mozilla Firefox Warning: Failed to find install path
    Google Chrome Browser
    Version: 38.0.2125.104
    Install Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Profile Path: C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\
    Google Chrome Profiles
    Name: Default Path: C:\Users\Wahl\AppData\Local\Google\Chrome\User Data\Default
    Opera Browser
    Opera Warning: Failed to find install path
    Apple Safari Browser
    Apple Safari Warning: Failed to access Safari
    Google Chrome
    Extensions
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
    Microsoft IE
    Extensions
    ID: {233c1507-6a77-46a4-9443-f871f945d258} Name: Shockwave ActiveX Control
    ID: {25510184-5a38-4a99-b273-dca8eef6cd08} Name: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102
    ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Name: Lync Browser Helper
    ID: {5852f5ed-8bf4-11d4-a245-0080c6f74284} Name: isInstalled Class
    ID: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} Name: Java™ Plug-In SSV Helper
    ID: {8ad9c840-044e-11d1-b3e9-00805f499d93} Name: Java Plug-in 10.51.2
    ID: {cafeefac-dec7-0000-0001-abcdeffedcba} Name: Deployment Toolkit
    ID: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} Name: Microsoft SkyDrive Pro Browser Helper
    ID: {d27cdb6e-ae6d-11cf-96b8-444553540000} Name: Shockwave Flash Object
    ID: {dbc80044-a445-435b-bc74-9c25c1c588a9} Name: Java™ Plug-In 2 SSV Helper
    ID: {e76fd755-c1ba-4dcb-9f13-99bd91223ade} Name: HP Network Check Helper
    ID: {ed8c108e-4349-11d2-91a4-00c04f7969e8} Name: XML HTTP Request
    Homepages
    Microsoft IE Warning: default search engine not set (DefaultScope is empty)
    Search Engines
    Homepages
    Search Engines
    Name: Google
    Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}
    Homepages
    Microsoft IE Warning: default search engine not set (DefaultScope is empty)
    Search Engines
    BCURequest:
    os_language : sv-se
    location: sv-se
    osType: 6.2
    browser: chrome is_default: 1
    browser: iexplorer is_default: 0
    id: {233c1507-6a77-46a4-9443-f871f945d258} name: Shockwave ActiveX Control
    id: {25510184-5a38-4a99-b273-dca8eef6cd08} name: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} name: Lync Browser Helper
    id: {5852f5ed-8bf4-11d4-a245-0080c6f74284} name: isInstalled Class
    id: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} name: Java™ Plug-In SSV Helper
    id: {8ad9c840-044e-11d1-b3e9-00805f499d93} name: Java Plug-in 10.51.2
    id: {cafeefac-dec7-0000-0001-abcdeffedcba} name: Deployment Toolkit
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} name: Microsoft SkyDrive Pro Browser Helper
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} name: Shockwave Flash Object
    id: {dbc80044-a445-435b-bc74-9c25c1c588a9} name: Java™ Plug-In 2 SSV Helper
    id: {e76fd755-c1ba-4dcb-9f13-99bd91223ade} name: HP Network Check Helper
    id: {ed8c108e-4349-11d2-91a4-00c04f7969e8} name: XML HTTP Request
    BCUResponse:
    Browser: chrome provider_modified: 0
    Browser: iexplorer provider_modified: 0
    id: {233c1507-6a77-46a4-9443-f871f945d258} intarnal_id: 8000 rating: 5
    id: {25510184-5a38-4a99-b273-dca8eef6cd08} intarnal_id: 8000 rating: 5
    id: {31d09ba0-12f5-4cce-be8a-2923e76605da} intarnal_id: 5210 rating: 4
    id: {5852f5ed-8bf4-11d4-a245-0080c6f74284} intarnal_id: 8000 rating: 5
    id: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} intarnal_id: 1 rating: 5
    id: {8ad9c840-044e-11d1-b3e9-00805f499d93} intarnal_id: 8000 rating: 5
    id: {cafeefac-dec7-0000-0001-abcdeffedcba} intarnal_id: 8000 rating: 5
    id: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} intarnal_id: 5200 rating: 5
    id: {d27cdb6e-ae6d-11cf-96b8-444553540000} intarnal_id: 8000 rating: 5
    id: {dbc80044-a445-435b-bc74-9c25c1c588a9} intarnal_id: 1 rating: 5
    id: {e76fd755-c1ba-4dcb-9f13-99bd91223ade} intarnal_id: 8000 rating: 5
    id: {ed8c108e-4349-11d2-91a4-00c04f7969e8} intarnal_id: 8000 rating: 5
    Detected a potential browser protector: {
       "Services" : {
          "Description" : "@%programfiles%\\windows defender\\mpasdesc.dll,-240",
          "DisplayName" : "@%programfiles%\\windows defender\\mpasdesc.dll,-310",
          "FileInfo" : {
             "Path" : "\"c:\\program files (x86)\\windows defender\\msmpeng.exe\"",
             "md5" : ""
          },
          "Name" : "WinDefend"
       }
    }
    Detected a potential browser protector: {
       "Services" : {
          "Description" : "helps protect users from malware and other potentially unwanted software",
          "DisplayName" : "ad-aware service 11",
          "FileInfo" : {
             "Path" : "\"c:\\program files\\lavasoft\\ad-aware antivirus\\ad-aware antivirus\\11.3.6321.0\\adawareservice.exe\"",
             "md5" : ""
          },
          "Name" : "LavasoftAdAwareService11"
       },
       "runKeys" : {
          "AdAwareTray" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\AdAwareTray=\"c:\\program files\\lavasoft\\ad-aware antivirus\\ad-aware antivirus\\11.3.6321.0\\adawaretray.exe\""
       }
    }
    Detected a potential browser protector: {
       "Services" : {
          "Description" : "",
          "DisplayName" : "esgiguard",
          "FileInfo" : {
             "Path" : "\\??\\c:\\program files\\enigma software group\\spyhunter\\esgiguard.sys",
             "md5" : ""
          },
          "Name" : "esgiguard"
       }
    }
    Detected a potential browser protector:EAC1780FCA264EFA36FEDAFEF676594D11BDD0C00998C5EBB86F2F21012E71B7 {
       "Services" : {
          "Description" : "@oem26.inf,%bdfndisf_desc%;bitdefender firewall ndis 6 filter driver",
          "DisplayName" : "@oem26.inf,%bdfndisf_desc%;bitdefender firewall ndis 6 filter driver",
          "FileInfo" : {
             "Path" : "\\??\\c:\\program files\\lavasoft\\ad-aware antivirus\\firewall engine\\1.6.0.0\\drivers\\bdfndisf6.sys",
             "md5" : "8F966B0778C248ACC4D22DB88364455E"
          },
          "Name" : "BdfNdisf"
       }
    }
    Detected a potential browser protector: {
       "runKeys" : {
          "AccelerometerSysTrayApplet" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\AccelerometerSysTrayApplet=c:\\program files (x86)\\hewlett-packard\\hp 3d driveguard\\accelerometerst.exe"
       }
    }
    Detected a potential browser protector:94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C {
       "Services" : {
          "Description" : "andrea service",
          "DisplayName" : "andrea rt filters service",
          "FileInfo" : {
             "CompanyName" : "Andrea Electronics Corporation",
             "FileDescription" : "Andrea filters APO access service (64-bit)",
             "FileVersion" : "1.0.64.10",
             "Path" : "c:\\program files\\realtek\\audio\\hda\\aertsr64.exe",
             "md5" : "D1E343BC00136CE03C4D403194D06A80"
          },
          "Name" : "AERTFilters"
       },
       "runKeys" : {
          "RTHDVCPL" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RTHDVCPL=\"c:\\program files\\realtek\\audio\\hda\\rtkngui64.exe\" -s"
       }
    }
    Detected a potential browser protector:EECFD39B55C23099658195A736A5F59C8A7864E6CAA681C81E7F048778153D6E {
       "Services" : {
          "Description" : "intel® content protection heci service - enables communication with the content protection fw",
          "DisplayName" : "intel® content protection heci service",
          "FileInfo" : {
             "CompanyName" : "Intel Corporation",
             "FileDescription" : "IntelCpHeciSvc Executable",
             "Path" : "c:\\windows\\syswow64\\intelcphecisvc.exe",
             "ProductVersion" : "9.0.0.1340",
             "md5" : "9A85362107A6E35DEDECF7A4ED09DDC7"
          },
          "Name" : "cphs"
       },
       "runKeys" : {
          "StubPath" : "HKCU\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\StubPath=c:\\windows\\syswow64\\rundll32.exe c:\\windows\\syswow64\\mscories.dll,install"
       },
       "uninstallInfo" : {
          "Adobe Shockwave Player"Microsoft IE Warning: default search engine not set (DefaultScope is empty)


    #9 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 25 October 2014 - 08:09 AM

    Lets reset all your browsers back to company defaults
     
  • Open IE
  • Go to Tools> Internet Options > Advanced Tab
  • Reset Internet Explorer Setting
  • Reset
  • This will take a few seconds
  • Close IE and then reopen it and see if it helped
  •  
     
     
     
  • Open Firefox
  • Click on Help > Troubleshooting Information > Reset Firefox to its default state
  •  
     
     
     
     
     
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Down on the bottom you will see an option for RESET BROWSER SETTINGS
  • Click on it and it will set Chome back to defaults


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #10 matswahl

    matswahl

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 25 October 2014 - 09:06 AM

    I believe you made it! Have tried to restart the pc several times and visit all the web sites that usually show these pop-ups, but so far all is good!

     

    Thank you very much! You are like one in the nights watch in Game of thrones... :-)

     

    When going through all the logs, did you find any other malwares that now should be erased?


      Advertisements

    Register to Remove


    #11 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 25 October 2014 - 09:14 AM

    Nopr your logs looked fine, but lets do this to be sure

     

    Read the instructions and DO NOT HAVE ESET REMOVE ANYTHING...sometimes there are false positives 

     

     

     

     
    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan
     
    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
     
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
  • scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as
  • ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #12 matswahl

    matswahl

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 26 October 2014 - 01:30 AM

    Hm, the scan just wont work properly. By the pace it seems this will take days. Any background processes in particular that I should kill?



    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 26 October 2014 - 06:01 AM

    You should disable your onboard anti virus and see if it works

    http://www.bleepingc...lware-programs/

     

     

    Or try this one instead

    http://housecall.trendmicro.com/



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 matswahl

    matswahl

      New Member

    • Authentic Member
    • Pip
    • 8 posts

    Posted 29 October 2014 - 12:27 PM

    trendmicro seemed to work. Have not seen any adchoice-adds for a couple of days now so probably the problem is solved.

     

    Thank you again!



    #15 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 29 October 2014 - 01:49 PM

    :thumbup:

     

    Did Trendmicro find anything ??   If so can you post the log



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics




    Also tagged with one or more of these keywords: adware

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users