Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Influx of ads: Take 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Influx of ads: Take 2

Unread postby therewillbecake » June 8th, 2015, 8:41 am

Hi again! Since I failed to follow simple instructions last time let us see if I fare any better this time.
Since about a week ago I´ve recieved way more popups and Adblocker has picked up way more ads than usual.
I have since installed and run malwarebytes Anti malware which has helped a bit but the issue still remains.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Henrik (administrator) on GOFAXYOURSELF on 08-06-2015 14:32:56
Running from C:\Users\Henrik\Desktop
Loaded Profiles: Henrik (Available Profiles: Henrik)
Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Henrik\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Henrik\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Spotify Ltd) C:\Users\Henrik\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Spotify Ltd) C:\Users\Henrik\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Henrik\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) D:\Spel\Steam\Steam.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Valve Corporation) D:\Spel\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.374.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893576 2013-08-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Thunderbolt] => C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [767944 2013-10-25] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe [63272 2014-12-04] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [EPSON1F3465 (Epson Stylus SX440)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [Spotify Web Helper] => C:\Users\Henrik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [Spotify] => C:\Users\Henrik\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [Steam] => D:\Spel\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [GoogleChromeAutoLaunch_DF40D8C060472F57B9CE96D22E742A9B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-03-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2988599023-887452739-3193836158-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2988599023-887452739-3193836158-1001] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2988599023-887452739-3193836158-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2988599023-887452739-3193836158-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-05-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-05-25] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-05-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-05-25] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-29]

Chrome:
=======
CHR Profile: C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Cast) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-18]
CHR Extension: (Adblock Plus) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-31]
CHR Extension: (Google Search) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Netrunner Lookup) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\falbpbbdomlkdjlfippfjopgihdekanf [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (SiteAdvisor) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-08]
CHR Extension: (Bookmark Manager) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (MuteTab) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-08-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-05-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 PrivoxyService; C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe [371200 2015-05-28] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 Origin Client Service; "D:\Spel\Origin\OriginClientService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-03-29] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-28] (Todos Data System AB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 14:32 - 2015-06-08 14:33 - 00026726 _____ C:\Users\Henrik\Desktop\FRST.txt
2015-06-08 14:24 - 2015-06-08 14:24 - 00044226 _____ C:\Users\Henrik\Downloads\Addition.txt
2015-06-08 14:23 - 2015-06-08 14:24 - 00047399 _____ C:\Users\Henrik\Downloads\FRST.txt
2015-06-08 14:22 - 2015-06-08 14:32 - 00000000 ____D C:\FRST
2015-06-08 14:22 - 2015-06-08 14:22 - 02108928 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2015-06-08 12:40 - 2015-06-08 12:40 - 00688992 _____ (Swearware) C:\Users\Henrik\Downloads\dds.com
2015-06-08 12:19 - 2015-06-08 12:19 - 00156782 _____ C:\Users\Henrik\Downloads\OTL.Txt
2015-06-08 12:19 - 2015-06-08 12:19 - 00085692 _____ C:\Users\Henrik\Downloads\Extras.Txt
2015-06-08 12:04 - 2015-06-08 12:04 - 00602112 _____ (OldTimer Tools) C:\Users\Henrik\Downloads\OTL.exe
2015-06-08 11:59 - 2015-06-08 11:59 - 00688992 _____ (Swearware) C:\Users\Henrik\Downloads\dds (2).scr
2015-06-08 11:09 - 2015-06-08 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-05 20:09 - 2015-06-05 20:09 - 00014435 _____ C:\Users\Henrik\Downloads\h1
2015-06-05 18:30 - 2015-06-05 18:31 - 00000000 ____D C:\Users\Henrik\Downloads\DnD
2015-06-05 14:25 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 14:25 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-04 13:52 - 2015-06-04 13:52 - 02632228 _____ C:\Users\Henrik\Downloads\5E_CHARACTERSHEETSV3.ZIP
2015-06-04 13:52 - 2015-06-04 13:52 - 00000000 ____D C:\Users\Henrik\Downloads\5E_CHARACTERSHEETSV3
2015-05-31 23:50 - 2015-05-31 23:50 - 00688992 _____ (Swearware) C:\Users\Henrik\Downloads\dds (1).scr
2015-05-31 23:49 - 2015-05-31 23:49 - 00688992 _____ (Swearware) C:\Users\Henrik\Downloads\dds.scr
2015-05-31 23:21 - 2015-05-31 23:21 - 00018944 ___SH C:\Users\Henrik\Downloads\Thumbs.db
2015-05-30 15:51 - 2015-05-30 15:51 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\ParadoxInteractive
2015-05-29 00:02 - 2015-05-29 00:05 - 00000000 ____D C:\Users\Henrik\AppData\Local\Adobe
2015-05-29 00:02 - 2015-05-29 00:05 - 00000000 ____D C:\ProgramData\Adobe
2015-05-29 00:02 - 2015-05-29 00:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-29 00:02 - 2015-05-29 00:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-29 00:02 - 2015-05-29 00:02 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-29 00:02 - 2015-05-29 00:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-28 21:53 - 2015-06-08 11:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 21:53 - 2015-05-28 21:56 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-28 21:53 - 2015-05-28 21:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-28 21:53 - 2015-05-28 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-28 21:53 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-28 21:53 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-28 21:53 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-28 21:52 - 2015-05-28 21:52 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Henrik\Downloads\mbam-setup-2.0.0.1000.exe
2015-05-28 21:40 - 2015-05-28 21:41 - 62889760 _____ (MediaFire) C:\Users\Henrik\Downloads\MediaFireDesktop-1.4.29.10845-windows-PRODUCTION.exe
2015-05-28 21:19 - 2015-06-08 11:06 - 00003302 _____ C:\Windows\System32\Tasks\SmartComp Safe Network Schedualer
2015-05-28 21:19 - 2015-05-28 22:07 - 00000000 ____D C:\Program Files (x86)\SmartComp Safe Network
2015-05-28 21:19 - 2015-05-28 21:21 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Getprivate VPN
2015-05-28 21:19 - 2015-05-28 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN
2015-05-28 21:19 - 2015-05-28 21:19 - 00003346 _____ C:\Windows\System32\Tasks\Malware Cleaner
2015-05-28 21:19 - 2015-05-28 21:19 - 00000000 _____ C:\Users\Henrik\AppData\Roaming\9E4F.tmp
2015-05-28 21:18 - 2015-05-28 22:07 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Updater
2015-05-28 21:18 - 2015-05-28 21:23 - 00003284 _____ C:\Windows\System32\Tasks\Security Update
2015-05-24 15:24 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-24 15:24 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-24 15:24 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-24 15:24 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-24 15:24 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-24 15:24 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-24 15:24 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-24 15:24 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-24 15:24 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-24 15:24 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-24 15:24 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-24 15:24 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-24 15:24 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-24 15:24 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-24 15:24 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-24 15:24 - 2015-03-13 02:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-24 15:24 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-24 15:24 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-24 15:24 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-24 15:24 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-24 15:24 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-24 15:24 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-24 15:24 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-24 15:24 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-24 15:24 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-24 15:24 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-24 15:24 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-18 12:38 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 12:38 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 10:53 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 10:53 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 10:53 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 10:53 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 10:53 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 10:53 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 10:53 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 10:53 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 10:53 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 10:53 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 10:53 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-18 10:53 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 10:53 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 10:53 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 10:53 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-18 10:53 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 10:53 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 10:53 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-18 10:53 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 10:53 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-18 10:53 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 10:53 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 10:53 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 10:53 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 10:53 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 10:53 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 10:53 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-18 10:53 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 10:53 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-18 10:53 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 10:53 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-18 10:53 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 10:53 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 10:53 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 10:53 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 10:53 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 10:53 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 10:53 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 10:53 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 10:53 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 10:53 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 10:53 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 10:53 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 10:53 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 10:53 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 10:53 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 10:53 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-18 10:53 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 10:53 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 10:53 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 10:48 - 2015-06-08 12:00 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-05-18 10:48 - 2015-06-08 12:00 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-05-18 10:47 - 2015-05-18 10:47 - 00003382 _____ C:\Windows\System32\Tasks\Update Checker

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 14:27 - 2015-01-02 18:41 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Skype
2015-06-08 14:24 - 2014-03-29 17:40 - 01543006 _____ C:\Windows\WindowsUpdate.log
2015-06-08 14:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-08 13:43 - 2015-02-14 00:33 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d047dd6e88209.job
2015-06-08 13:40 - 2015-01-02 18:29 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2988599023-887452739-3193836158-1001
2015-06-08 13:38 - 2015-01-02 18:27 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 11:11 - 2015-01-24 20:20 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Spotify
2015-06-08 11:07 - 2015-01-02 18:25 - 00003948 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{76DE06A4-5CD9-4049-B2EF-B1CB8465D1AF}
2015-06-08 11:06 - 2015-01-02 18:24 - 00000074 _____ C:\Users\Henrik\AppData\Roaming\sp_data.sys
2015-06-08 11:05 - 2015-02-23 20:46 - 00000000 ____D C:\Users\Henrik\AppData\Local\Spotify
2015-06-08 11:05 - 2015-01-02 18:27 - 00001026 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 11:05 - 2015-01-02 18:25 - 00000000 ___DO C:\Users\Henrik\SkyDrive
2015-06-08 11:04 - 2013-08-22 16:46 - 00031238 _____ C:\Windows\setupact.log
2015-06-08 11:03 - 2014-03-29 17:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-08 11:03 - 2013-12-13 03:29 - 00026452 _____ C:\Windows\PFRO.log
2015-06-08 11:03 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 11:03 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-08 11:01 - 2015-01-05 12:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-08 11:01 - 2015-01-05 12:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-05 19:29 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-05 15:37 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-05 15:36 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-02 10:10 - 2015-01-02 18:40 - 00000000 ____D C:\ProgramData\Skype
2015-05-30 15:51 - 2015-01-03 18:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-29 00:38 - 2015-01-02 18:24 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Adobe
2015-05-28 22:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\ADFS
2015-05-28 21:20 - 2015-01-02 18:27 - 00002160 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 21:20 - 2015-01-02 18:24 - 00001375 _____ C:\Users\Henrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-28 21:15 - 2015-01-02 18:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-28 21:15 - 2013-08-22 16:44 - 00337344 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-25 00:04 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-05-24 18:14 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-24 18:13 - 2015-01-02 20:08 - 00000000 ____D C:\Windows\system32\MRT
2015-05-24 18:03 - 2015-01-02 20:08 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-24 18:02 - 2015-04-06 22:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-24 18:02 - 2015-04-06 22:33 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-18 16:38 - 2015-02-14 00:33 - 00004002 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d047dd6e88209
2015-05-18 16:38 - 2015-01-02 18:27 - 00003766 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 15:30 - 2013-12-13 10:38 - 00733830 _____ C:\Windows\system32\perfh01D.dat
2015-05-18 15:30 - 2013-12-13 10:38 - 00152166 _____ C:\Windows\system32\perfc01D.dat
2015-05-18 15:30 - 2013-12-13 03:41 - 01740478 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-18 12:38 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-18 12:37 - 2013-08-22 22:59 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-18 10:47 - 2013-12-13 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-18 10:47 - 2013-12-13 03:41 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-05-10 21:45 - 2015-04-01 20:14 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-05-10 21:44 - 2015-01-02 18:49 - 00000000 ____D C:\Users\Henrik\AppData\Local\Battle.net

==================== Files in the root of some directories =======

2015-05-28 21:19 - 2015-05-28 21:19 - 0000000 _____ () C:\Users\Henrik\AppData\Roaming\9E4F.tmp
2015-01-02 18:24 - 2015-06-08 11:06 - 0000074 _____ () C:\Users\Henrik\AppData\Roaming\sp_data.sys
2014-03-29 17:44 - 2014-03-29 17:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-13 03:41 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 03:41 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 03:41 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some files in TEMP:
====================
C:\Users\Henrik\AppData\Local\Temp\COMAP.EXE
C:\Users\Henrik\AppData\Local\Temp\Gw2.exe
C:\Users\Henrik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henrik\AppData\Local\Temp\tasks.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 15:30

==================== End of log ============================
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Henrik at 2015-06-08 14:33:17
Running from C:\Users\Henrik\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-2988599023-887452739-3193836158-500 - Administrator - Disabled)
Gäst (S-1-5-21-2988599023-887452739-3193836158-501 - Limited - Disabled)
Henrik (S-1-5-21-2988599023-887452739-3193836158-1001 - Administrator - Enabled) => C:\Users\Henrik
HomeGroupUser$ (S-1-5-21-2988599023-887452739-3193836158-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivirus- och antispionprogram från McAfee (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus- och antispionprogram från McAfee (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.4 - ASUS)
ASUS GPU Tweak (HKLM\...\{7353D4C7-43E9-46A3-A1FF-79DD94A386F2}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.8 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5712.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.2.5.1 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)
Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.5.12.1_WHQL (HKLM\...\Elantech) (Version: 11.5.12.1 - ELAN Microelectronic Corp.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
Getprivate VPN version 1.0 (HKLM-x32\...\{43A12E1B-6532-4C90-90A5-60972044DFED}_is1) (Version: 1.0 - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Handelsbanken kortläsare (HKLM-x32\...\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}) (Version: 1.00.0000 - Todos Data System AB)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HEX (HKLM-x32\...\{E31B651A-B48C-423C-8D0D-855756C8B7E8}_is1) (Version: - HEX Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Magicka 2 (HKLM-x32\...\Steam App 238370) (Version: - Pieces Interactive)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.314 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.7 - Black Tree Gaming)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version: - Q-Games, Ltd.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
Thunderbolt(TM) Software (HKLM\...\{A1E0CC92-937C-4D22-8F42-C5BE96F35AC0}) (Version: 1.4.0.1 - Intel(R) Corporation)
Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.458 - ASUS Cloud Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8070 - Broadcom Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.25 - WildTangent)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft Classic (HKLM-x32\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

24-05-2015 17:59:29 Windows Update
30-05-2015 15:50:05 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
30-05-2015 15:51:03 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
05-06-2015 15:31:21 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0649C340-F179-4205-83E7-AC08560ED2EC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {0EB8B1DF-A421-4E02-AF43-2C445C944513} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {1ED5F1D3-2C4C-4229-A49D-C49981178F15} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {21B8A746-BCFB-4D39-976E-CAEAE95DE057} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {29937B70-AE90-408F-901A-21D9061AD4CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {3C4F57B6-E939-431A-9645-3E22B6496CD1} - System32\Tasks\Security Update => C:\Users\Henrik\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {50A46917-EAA6-43B2-B369-B2358FFF599F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-24] (Microsoft Corporation)
Task: {514220A1-6F43-40BA-9500-AB978835B84B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {57EF1251-51D3-4FAC-B7D3-7BB16EBB80E6} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {7BF056B8-5AC6-4D25-9549-D5295C1073F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {7E894182-6E0B-4C9B-BED8-F4A8AC6CD500} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {899EB394-466A-44F3-B39D-0B9AA054E998} - System32\Tasks\GoogleUpdateTaskMachineUA1d047dd6e88209 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {8F7D41E8-5BDC-42D3-A8E7-F1A5BCFDA0E9} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {93291B6B-73B2-4B5E-BF7F-A2CF636E5E66} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-01-23] (Realtek Semiconductor)
Task: {9938F355-5FE4-45AE-B2EA-879A445E0E4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {A37DB465-52DA-40AC-A19F-68293E35D89F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {B1086301-D814-452E-A37E-D645B1D70AEC} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-06] ()
Task: {B582BC8D-E485-4E04-ADA1-5AC1D83EF775} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-01-20] (Realtek Semiconductor)
Task: {B99B036D-7D9E-42D9-B7BF-3CD4FFD70298} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {C7E9F371-21FE-44CF-9A16-3A60028E1816} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-01-16] (ASUSTek Computer Inc.)
Task: {C8CD3E64-AA1B-4791-BE51-0F47F9150165} - System32\Tasks\Malware Cleaner => C:\Users\Henrik\AppData\Roaming\9E4F.tmp.exe <==== ATTENTION
Task: {C9385D58-549F-43F5-833C-805D7E33B906} - System32\Tasks\ASUS GPUTweak => C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe [2014-01-27] (ASUS)
Task: {CD5F7335-C44C-4CEC-8B1C-241DA2C4C5ED} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
Task: {D6D1852C-7890-4352-A6D7-78F073642DD7} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {ED6B8297-0E17-46A1-A0DF-ED52E25FB42F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {F09FEE42-5944-45F7-B318-1EB7BFE0AA10} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F1BFCA4A-4D08-4652-8D60-87A87281A27C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {FCAC0DE3-C35B-4728-960C-32FF12E057C4} - System32\Tasks\SmartComp Safe Network Schedualer => C:\Program Files (x86)\SmartComp Safe Network\msnworker.exe [2015-05-28] (SecureSoft)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d047dd6e88209.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-29 17:41 - 2014-12-13 10:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-25 14:05 - 2013-10-25 14:05 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-08-29 18:01 - 2013-08-29 18:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-03-29 17:52 - 2013-05-15 16:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-01-27 18:41 - 2014-01-27 18:41 - 00011264 _____ () C:\Program Files\ASUS\ASUS GPU Tweak\WMIProc.dll
2014-01-27 18:41 - 2014-01-27 18:41 - 00320000 _____ () C:\Program Files\ASUS\ASUS GPU Tweak\NavpiWrapper.dll
2015-05-28 21:19 - 2015-05-28 21:24 - 00086528 _____ () C:\Program Files (x86)\SmartComp Safe Network\mgwz.dll
2013-10-08 22:41 - 2013-10-08 22:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 20:23 - 2013-09-09 20:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-04-04 15:51 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-02-24 18:06 - 2015-05-28 22:13 - 41287224 _____ () C:\Users\Henrik\AppData\Roaming\Spotify\libcef.dll
2015-05-28 11:39 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-28 11:39 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-02-24 18:06 - 2015-05-28 22:13 - 01488440 _____ () C:\Users\Henrik\AppData\Roaming\Spotify\libglesv2.dll
2015-02-24 18:06 - 2015-05-28 22:13 - 00079928 _____ () C:\Users\Henrik\AppData\Roaming\Spotify\libegl.dll
2015-02-24 18:06 - 2015-03-22 19:01 - 09305656 _____ () C:\Users\Henrik\AppData\Roaming\Spotify\pdf.dll
2015-05-18 15:26 - 2015-04-16 19:40 - 00776192 _____ () D:\Spel\Steam\SDL2.dll
2015-05-18 15:26 - 2015-04-23 04:16 - 04962816 _____ () D:\Spel\Steam\v8.dll
2015-06-08 11:05 - 2015-06-04 20:56 - 02407104 _____ () D:\Spel\Steam\video.dll
2015-05-18 15:26 - 2015-04-23 04:16 - 01556992 _____ () D:\Spel\Steam\icui18n.dll
2015-05-18 15:26 - 2015-04-23 04:16 - 01187840 _____ () D:\Spel\Steam\icuuc.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 02396672 _____ () D:\Spel\Steam\libavcodec-56.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 00479744 _____ () D:\Spel\Steam\libavformat-56.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 00332800 _____ () D:\Spel\Steam\libavresample-2.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 00442880 _____ () D:\Spel\Steam\libavutil-54.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 00485888 _____ () D:\Spel\Steam\libswscale-3.dll
2015-06-08 11:05 - 2015-06-04 20:56 - 00703168 _____ () D:\Spel\Steam\bin\chromehtml.DLL
2015-05-18 15:26 - 2015-05-11 21:01 - 36302728 _____ () D:\Spel\Steam\bin\libcef.dll
2014-03-29 17:37 - 2013-10-23 15:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Henrik\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2988599023-887452739-3193836158-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Henrik\Pictures\Wallpapers\47158_2_0.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5FB1B009-24C1-409C-8F36-D35D0BA1154A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0800F2D3-EE40-4F3D-9414-4E23EFF9AD36}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C2ABFF6B-4539-493F-8EA9-05CBF5FB0F53}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{13C8ED5C-C329-4F9C-9606-D1B1B337536A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D8BD43B8-F010-400A-9599-066DF20CE8CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4879E55-E21B-448B-9306-C4B3F5B39BE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CB88BCF8-0478-4D51-98DF-6303D9DC8B94}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{01E33AC3-E8AD-47D2-AD39-1439A28EC824}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F6858BC0-FBF5-49DE-BEA6-A0CAE7AEAF31}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5145CF3A-9516-448A-8B5A-46B1D689E64A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D056967E-409D-436F-9402-B8553543A120}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09AF8AD4-DD05-4AEA-BAE7-43327B7FA7CB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9A8AD63-BCD9-4B71-90C0-8CFE88AD5577}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C4B7D379-25AA-4924-935D-A3F1675F4B7D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ACA292B2-353B-4402-808B-86C509E0FEA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{5B2A0017-3FBB-462D-A60D-90CB2C942733}] => (Allow) D:\Spel\Battle.net\Battle.net.exe
FirewallRules: [{B5614F16-9B58-4F3F-A4C6-6EFCDA9807D6}] => (Allow) D:\Spel\Battle.net\Battle.net.exe
FirewallRules: [{0E3926AF-5C90-48F2-B4FE-C01E56375A3F}] => (Allow) D:\Spel\Steam\Steam.exe
FirewallRules: [{74F6D826-32B8-4C6E-83DD-99E570629387}] => (Allow) D:\Spel\Steam\Steam.exe
FirewallRules: [{4F7B787F-0281-4BF5-9201-6AAA10BB4260}] => (Allow) D:\Spel\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{D6B62ED2-D65C-4A55-8047-3EC2E0844D03}] => (Allow) D:\Spel\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{0E20D8CD-6012-4332-BE91-D5FDA07EE9D3}] => (Allow) D:\Spel\Steam\steamapps\common\pixeljunkeden\eden.exe
FirewallRules: [{F09FB1F4-9996-473F-BEB7-224285B0D146}] => (Allow) D:\Spel\Steam\steamapps\common\pixeljunkeden\eden.exe
FirewallRules: [{C900FA8D-D166-46B2-8F93-3BC6EEB34B2F}] => (Allow) D:\Spel\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{3AA2680C-771E-48E1-A83B-EE1181A866A7}] => (Allow) D:\Spel\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1A96C215-FE87-44DD-BBD5-1974B7258BC6}] => (Allow) D:\Spel\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B150C9EF-0CB7-4710-8A12-1E460B9F4D52}] => (Allow) D:\Spel\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0E819F7F-E629-4513-A0F9-6D55E298E3A5}] => (Allow) D:\Spel\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{018D1ABC-9080-4C27-8017-486474D11603}] => (Allow) D:\Spel\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{413C2B92-23A8-47B5-8558-FA497C6A9D68}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{650CEE22-F517-4C40-ACED-3C8FC31868D5}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{791DBF8C-31A8-4EA1-AB26-C7C4A56EE9EB}] => (Allow) D:\Spel\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{EB5E1058-61F9-4B38-84DC-7E1A887BEA2A}] => (Allow) D:\Spel\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{0F0C0009-C419-440C-BCA1-627A1C331780}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{D828B1EA-E969-4321-9267-B7D270796A49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{962E33BB-2ED2-4D7C-8D1E-100AA06E5EAF}] => (Allow) D:\Spel\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FB5E57A0-50A3-42BA-ACE2-FBDAED00D944}] => (Allow) D:\Spel\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{28412379-370E-42C3-9BFB-F995A554DA11}] => (Allow) D:\Spel\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{D0635CFB-A922-41E8-9224-2E0E3FDDF5DA}] => (Allow) D:\Spel\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{DEF265D5-559B-4D3F-851D-BA6CE1341CE6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{FD2737EA-2C43-471B-B5BF-C828DF1187E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{CB72AB6F-CE7F-4BFA-8661-49EF272FD5CF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{208EBCE5-A575-4BCC-A8A2-0EA91DD89C7D}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{C2411A01-9A16-47A6-99E4-68FEAEF3CBED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{7942DF93-1642-4E86-8CA2-87DED368EE8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{FF6B3CD8-86BC-4F86-802C-F336D984F673}] => (Allow) D:\Spel\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{EC90DA49-51AB-43D0-A33F-2CE5FD330627}] => (Allow) D:\Spel\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{2FB4B4DD-191D-4EDD-8AB5-D63F7AEE059F}] => (Allow) D:\Spel\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [{F335174A-2F24-4238-AEAB-959EDF437315}] => (Allow) D:\Spel\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [TCP Query User{AF36F812-2E03-4502-A765-AA61C1DF0E3E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3A90FAD9-4CA1-472F-BC9A-7627E86C0297}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A2F8C9BF-3575-4A3B-A07C-24994DB19AA1}] => (Allow) D:\Spel\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{AFEAC1AD-96DD-4EE7-92D4-9CDB01C79E6A}] => (Allow) D:\Spel\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{7A33D11B-239B-49BA-BDB4-2FC6ED872335}] => (Allow) D:\Spel\Steam.exe
FirewallRules: [{529D48AF-1C66-4C4B-9729-8C4988CE24D2}] => (Allow) D:\Spel\Steam.exe
FirewallRules: [{4AE3E8C5-A7DA-4CA0-A293-770F4B581FF2}] => (Allow) D:\Spel\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{CB3CFBF1-2CD5-4DC9-A81E-3247E7A7B810}] => (Allow) D:\Spel\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{A8E84328-D6BA-45C8-A780-D92CA6C81AC6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7BF54167-A781-423A-B066-7BB84293D58F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5E0DA890-4577-4797-94D4-20BC799397AB}] => (Allow) D:\Spel\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{DA064B3B-ABEA-4F8D-A14C-AAC49B1D2790}] => (Allow) D:\Spel\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{FFB48DC7-91CE-49A4-993A-0B16FEACECD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4D024AB7-46D1-4F97-96BD-BDB347D675AC}] => (Allow) D:\Spel\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{8667E23E-F3F9-4BCD-9913-18383D96ACF0}] => (Allow) D:\Spel\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 02:01:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 2bd4

Starttid: 01d0a1e21b2d4c4a

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 1346620b-0dd6-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 01:38:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 23d0

Starttid: 01d0a1dee7bff1c2

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: db40fd7a-0dd2-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 01:08:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 138

Starttid: 01d0a1dacdff674c

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: c19b6a8a-0dce-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 00:38:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 624

Starttid: 01d0a1d69d1c9a36

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 90a6c99d-0dca-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 00:22:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 1998

Starttid: 01d0a1d459a538f2

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 4df7a08d-0dc8-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 00:08:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: b70

Starttid: 01d0a1d26c43a821

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 5fc13a15-0dc6-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 11:38:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: bb0

Starttid: 01d0a1ce3b5900ed

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 2ee784a6-0dc2-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 11:33:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/08/2015 11:23:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 1ba8

Starttid: 01d0a1cc22e90a37

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 166ce81a-0dc0-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 11:10:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 14e0

Starttid: 01d0a1ca3ca7a00a

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 306c8c5e-0dbe-11e5-8279-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (06/08/2015 01:45:49 PM) (Source: Ntfs) (EventID: 55) (User: NT instans)
Description: En skada upptäcktes i filsystemstrukturen på volym OS.

Ett fel påträffades i en indexstruktur för filsystemet. Filens referensnummer är 0x1000000001c49. Namnet på filen är \Windows\System32. Det skadade indexattributet är :$I30:$INDEX_ALLOCATION.

Error: (06/08/2015 11:06:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Steam Client Service kunde inte startas på grund av följande fel:
%%1053

Error: (06/08/2015 11:06:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta.

Error: (06/06/2015 03:11:16 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2015 03:11:16 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2015 03:11:13 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2015 03:11:13 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2015 03:11:13 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2015 03:11:13 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/06/2015 03:11:11 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office:
=========================
Error: (06/08/2015 02:01:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208562bd401d0a1e21b2d4c4a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe1346620b-0dd6-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 01:38:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085623d001d0a1dee7bff1c24294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exedb40fd7a-0dd2-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 01:08:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085613801d0a1dacdff674c4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exec19b6a8a-0dce-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 00:38:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085662401d0a1d69d1c9a364294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe90a6c99d-0dca-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 00:22:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856199801d0a1d459a538f24294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe4df7a08d-0dc8-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 00:08:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856b7001d0a1d26c43a8214294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe5fc13a15-0dc6-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 11:38:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856bb001d0a1ce3b5900ed4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe2ee784a6-0dc2-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 11:33:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/08/2015 11:23:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208561ba801d0a1cc22e90a374294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe166ce81a-0dc0-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/08/2015 11:10:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2085614e001d0a1ca3ca7a00a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe306c8c5e-0dbe-11e5-8279-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8074.96 MB
Available physical RAM: 4949.46 MB
Total Pagefile: 9354.96 MB
Available Pagefile: 4820.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:221.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:334.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DC1887FA)

Partition: GPT Partition Type.

==================== End of log ============================
therewillbecake
Active Member
 
Posts: 9
Joined: June 8th, 2015, 6:26 am
Advertisement
Register to Remove

Re: Influx of ads: Take 2

Unread postby Firefly » June 8th, 2015, 7:37 pm

Hi therewillbecake,

My name is Firefly and I will help you with your computer. I ask you to follow a few ground rules while we are taking care of your computer:

I'm an Undergraduate trainee at MalwareRemovalUniversity (MRU), and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so or install any other software (or hardware) during the cleaning process.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean". If you are in progress at another forum, please simply let me know so I can dedicate my time to others who need help.
  7. Failure to respond for 3 days, will result in your topic being closed.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

I will be back to you shortly.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Influx of ads: Take 2

Unread postby therewillbecake » June 9th, 2015, 9:31 am

Hello Firefly!
I look forward to working together, and thanks again for helping me!
therewillbecake
Active Member
 
Posts: 9
Joined: June 8th, 2015, 6:26 am

Re: Influx of ads: Take 2

Unread postby Firefly » June 10th, 2015, 2:16 pm

therewillbecake -

My apologies for the delay in responding. I have looked at your log and see several things that suggest malware could be present on your computer. I’d like to do a little more digging, and also make sure you protect yourself with some backups. Please proceed with the following:


File Backup

For your safety and protection, I would advise backing up all your important documents, personal data files and photos as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

All of the Windows systems we support have backup capabilities. These existing programs will allow you to back up your files to an external hard drive, USB drive or CD drive.

Do not back up your files to the hard drive of the computer we will be fixing. If the computer becomes unusable, your files will still be gone forever. Every photo, every document… gone. Seriously. Do this now.

Here are links to using the backup programs in the various versions of Windows:


If you have internet connectivity, an alternative to backing your files up locally is to back your files up to the cloud, and there are a number of free and paid for services of this type available.

Below are links to a couple of articles with details for both free and paid for backup services ...

http://www.techsupportalert.com/content ... -sites.htm
http://www.pcmag.com/article2/0,2817,22 ... 745,00.asp

A word of warning - if you have a lot of data to backup, an online service can take days, weeks, or months. In this case, please consider using a local backup method (external hard drive, USB, etc.)

One way or another, it is critical that you backup your data before proceeding.


Finally, there will be several items to handle in each post (usually) so I will try to break them into easier to digest sections which will be demarked with Green Bold Lettering


System Restore & Registry Backup

  • Go to Start, Control Panel, and click the System icon in the Control Panel.
  • In the left pane click on System Protection.
  • When the Dialog comes up, click on the System protection tab.
  • Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  • Click the Create Button to create a new restore point. In the Name dialog, please name the restore point “before fix” and click Create.
  • You will get a message that the Restore Point was created successfully. Click Close.
  • Click OK and close the System window in the Control Panel.


Please also do the following:
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

Once these are done, we can move forward with repairing the issues you are having. PLEASE DO NOT PROCEED IF YOU HAVE ANY PROBLEMS WITH THESE FIRST TWO STEPS OR IF YOU RECEIVED ANY ERROR MESSAGES.


AdwCleaner Scan Only

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished click on Report.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


Revised FRST Scan


Please delete your copy of FRST64, and re-download FRST ... by Farbar, from the link below and save it to your Desktop (it gets updated very often, so a new copy is always important).

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • In addition to what is already checked, please place a check mark in the lower right hand box labeled “Addition.txt”
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • Please post the content of the Addition.txt in your next reply.


Settings & Questions

There are a couple of non-standard settings that have been set in your computer. It could have been done by you, a program you purposefully installed, or by malware. Please let me know if you are aware of the following settings:

HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ProxyEnable: [S-1-5-21-2988599023-887452739-3193836158-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2988599023-887452739-3193836158-1001] => 127.0.0.1:8118[/quote]

Also, what browser do you typically use? Do you have the same problems with all browsers?


Next Steps

1. Please confirm you were able to create the registry and restore point.
2. Post the AdwCleaner log file.
3. Post the FRST.txt log and the Addition.txt log
3. Please answer my questions regarding the policies above and your browser.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Influx of ads: Take 2

Unread postby therewillbecake » June 10th, 2015, 6:14 pm

Hello Firefly!

I was able to create the registry and restore point successfully.
I was not aware of the settings made on my computer.
I almost exlusively use chrome, but sometimes use explorer. I hadn´t used explorer since the problem appeared but checked just now and the problem doesn´t seem to infect that browser. I´m also getting ads while using the service Steam to browse their store which usually is completely ad-free.

Also my AdwCleaner log was named AdwCleaner[R0] instead of AdwCleaner[R1]
Don´t think it matters but I thought you might want to know.

AdwCleaner log

# AdwCleaner v4.206 - Logfile created 10/06/2015 at 23:47:00
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Henrik - GOFAXYOURSELF
# Running from : C:\Users\Henrik\Desktop\adwcleaner_4.206.exe
# Option : Scan

***** [ Services ] *****

Service Found : PrivoxyService
Service Found : 0221481433856716mcinstcleanup

***** [ Files / Folders ] *****

File Found : C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Found : C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Found : C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\SmartComp Safe Network
Folder Found : C:\Users\Henrik\AppData\Roaming\Updater

***** [ Scheduled tasks ] *****

Task Found : Malware Cleaner
Task Found : Security Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [1464 bytes] - [10/06/2015 23:47:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1523 bytes] ##########

FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Henrik (administrator) on GOFAXYOURSELF on 10-06-2015 23:54:49
Running from C:\Users\Henrik\Desktop
Loaded Profiles: Henrik (Available Profiles: Henrik)
Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.374.0\McCSPServiceHost.exe
() C:\Program Files (x86)\Google\Update\Install\{0CBC75A7-76E4-4090-9BD4-279C55DB733D}\43.0.2357.124_43.0.2357.81_chrome_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\setup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Henrik\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Valve Corporation) D:\Spel\Steam\Steam.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Valve Corporation) D:\Spel\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSPanel.exe
(Valve Corporation) D:\Spel\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2893576 2013-08-02] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Thunderbolt] => C:\Program Files\Intel\Thunderbolt Software\Thunderbolt.exe [767944 2013-10-25] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe [63272 2014-12-04] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [EPSON1F3465 (Epson Stylus SX440)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [Spotify Web Helper] => C:\Users\Henrik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [Spotify] => C:\Users\Henrik\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-28] (Spotify Ltd)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [Steam] => D:\Spel\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Run: [GoogleChromeAutoLaunch_DF40D8C060472F57B9CE96D22E742A9B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-03-29]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2988599023-887452739-3193836158-1001] => Internet Explorer proxy is enabled
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2988599023-887452739-3193836158-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2988599023-887452739-3193836158-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-05-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-05-25] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-05-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-05-25] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.2.5.1 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-11-27] (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-29]

Chrome:
=======
CHR Profile: C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-02]
CHR Extension: (Google Docs) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-02]
CHR Extension: (Google Drive) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Cast) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-05-18]
CHR Extension: (Adblock Plus) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-31]
CHR Extension: (Google Search) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (Netrunner Lookup) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\falbpbbdomlkdjlfippfjopgihdekanf [2015-01-02]
CHR Extension: (Google Sheets) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-02]
CHR Extension: (SiteAdvisor) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-02-08]
CHR Extension: (Bookmark Manager) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-24]
CHR Extension: (MuteTab) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkbaaijgpppbokgnhhoakihofedkgcc [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]
CHR Extension: (Gmail) - C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0221481433856716mcinstcleanup; C:\Windows\TEMP\022148~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-08-02] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-05-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
R2 PrivoxyService; C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe [371200 2015-05-28] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S3 Origin Client Service; "D:\Spel\Origin\OriginClientService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-03-29] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
S3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-28] (Todos Data System AB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 23:54 - 2015-06-10 23:55 - 00025846 _____ C:\Users\Henrik\Desktop\FRST.txt
2015-06-10 23:54 - 2015-06-10 23:54 - 02108928 _____ (Farbar) C:\Users\Henrik\Desktop\FRST64.exe
2015-06-10 23:53 - 2015-06-10 23:54 - 02108928 _____ (Farbar) C:\Users\Henrik\Downloads\FRST64.exe
2015-06-10 23:50 - 2015-06-10 23:50 - 00001602 _____ C:\Users\Henrik\Desktop\AdwCleaner[R0].txt
2015-06-10 23:46 - 2015-06-10 23:47 - 00000000 ____D C:\AdwCleaner
2015-06-10 23:45 - 2015-06-10 23:45 - 02231296 _____ C:\Users\Henrik\Downloads\adwcleaner_4.206.exe
2015-06-10 23:45 - 2015-06-10 23:45 - 02231296 _____ C:\Users\Henrik\Desktop\adwcleaner_4.206.exe
2015-06-10 23:44 - 2015-06-10 23:44 - 00000207 _____ C:\Windows\tweaking.com-regbackup-GOFAXYOURSELF-Windows-8.1-(64-bit).dat
2015-06-10 23:43 - 2015-06-10 23:43 - 00000000 ____D C:\RegBackup
2015-06-10 23:42 - 2015-06-10 23:42 - 00002253 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-06-10 23:42 - 2015-06-10 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-06-10 23:42 - 2015-06-10 23:42 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-06-10 23:37 - 2015-06-10 23:37 - 04720448 _____ C:\Users\Henrik\Desktop\tweaking.com_registry_backup_setup.exe
2015-06-10 21:03 - 2015-06-10 21:03 - 00000000 ____D C:\Users\Henrik\AppData\Local\openvr
2015-06-10 20:02 - 2015-06-10 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-09 15:25 - 2015-06-09 15:25 - 00000000 ____D C:\Users\Henrik\AppData\Local\GWX
2015-06-09 02:06 - 2015-06-09 02:06 - 00000000 ____D C:\Users\Henrik\AppData\Local\Risk_of_Rain
2015-06-08 14:24 - 2015-06-08 14:24 - 00044226 _____ C:\Users\Henrik\Downloads\Addition.txt
2015-06-08 14:23 - 2015-06-08 14:24 - 00047399 _____ C:\Users\Henrik\Downloads\FRST.txt
2015-06-08 14:22 - 2015-06-10 23:54 - 00000000 ____D C:\FRST
2015-06-08 12:40 - 2015-06-08 12:40 - 00688992 _____ (Swearware) C:\Users\Henrik\Downloads\dds.com
2015-06-08 12:19 - 2015-06-08 12:19 - 00156782 _____ C:\Users\Henrik\Downloads\OTL.Txt
2015-06-08 12:19 - 2015-06-08 12:19 - 00085692 _____ C:\Users\Henrik\Downloads\Extras.Txt
2015-06-08 12:04 - 2015-06-08 12:04 - 00602112 _____ (OldTimer Tools) C:\Users\Henrik\Downloads\OTL.exe
2015-06-08 11:59 - 2015-06-08 11:59 - 00688992 _____ (Swearware) C:\Users\Henrik\Downloads\dds (2).scr
2015-06-05 20:09 - 2015-06-05 20:09 - 00014435 _____ C:\Users\Henrik\Downloads\h1
2015-06-05 18:30 - 2015-06-05 18:31 - 00000000 ____D C:\Users\Henrik\Downloads\DnD
2015-06-05 14:25 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 14:25 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 14:25 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-04 13:52 - 2015-06-04 13:52 - 02632228 _____ C:\Users\Henrik\Downloads\5E_CHARACTERSHEETSV3.ZIP
2015-06-04 13:52 - 2015-06-04 13:52 - 00000000 ____D C:\Users\Henrik\Downloads\5E_CHARACTERSHEETSV3
2015-05-31 23:50 - 2015-05-31 23:50 - 00688992 _____ (Swearware) C:\Users\Henrik\Downloads\dds (1).scr
2015-05-31 23:49 - 2015-05-31 23:49 - 00688992 _____ (Swearware) C:\Users\Henrik\Downloads\dds.scr
2015-05-31 23:21 - 2015-05-31 23:21 - 00018944 ___SH C:\Users\Henrik\Downloads\Thumbs.db
2015-05-30 15:51 - 2015-05-30 15:51 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\ParadoxInteractive
2015-05-29 00:02 - 2015-05-29 00:05 - 00000000 ____D C:\Users\Henrik\AppData\Local\Adobe
2015-05-29 00:02 - 2015-05-29 00:05 - 00000000 ____D C:\ProgramData\Adobe
2015-05-29 00:02 - 2015-05-29 00:02 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-29 00:02 - 2015-05-29 00:02 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-29 00:02 - 2015-05-29 00:02 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-29 00:02 - 2015-05-29 00:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-28 21:53 - 2015-06-10 22:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 21:53 - 2015-05-28 21:56 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-28 21:53 - 2015-05-28 21:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-28 21:53 - 2015-05-28 21:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-28 21:53 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-28 21:53 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-28 21:53 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-28 21:52 - 2015-05-28 21:52 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Henrik\Downloads\mbam-setup-2.0.0.1000.exe
2015-05-28 21:40 - 2015-05-28 21:41 - 62889760 _____ (MediaFire) C:\Users\Henrik\Downloads\MediaFireDesktop-1.4.29.10845-windows-PRODUCTION.exe
2015-05-28 21:19 - 2015-06-09 15:30 - 00003302 _____ C:\Windows\System32\Tasks\SmartComp Safe Network Schedualer
2015-05-28 21:19 - 2015-05-28 22:07 - 00000000 ____D C:\Program Files (x86)\SmartComp Safe Network
2015-05-28 21:19 - 2015-05-28 21:21 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Getprivate VPN
2015-05-28 21:19 - 2015-05-28 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN
2015-05-28 21:19 - 2015-05-28 21:19 - 00003346 _____ C:\Windows\System32\Tasks\Malware Cleaner
2015-05-28 21:19 - 2015-05-28 21:19 - 00000000 _____ C:\Users\Henrik\AppData\Roaming\9E4F.tmp
2015-05-28 21:18 - 2015-05-28 22:07 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Updater
2015-05-28 21:18 - 2015-05-28 21:23 - 00003284 _____ C:\Windows\System32\Tasks\Security Update
2015-05-24 15:24 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-24 15:24 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-24 15:24 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-24 15:24 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-24 15:24 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-24 15:24 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-24 15:24 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-24 15:24 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-24 15:24 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-24 15:24 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-24 15:24 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-24 15:24 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-24 15:24 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-24 15:24 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-24 15:24 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-24 15:24 - 2015-03-13 02:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-24 15:24 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-24 15:24 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-24 15:24 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-24 15:24 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-24 15:24 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-24 15:24 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-24 15:24 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-24 15:24 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-24 15:24 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-24 15:24 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-24 15:24 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-18 12:38 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 12:38 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 10:53 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-18 10:53 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-18 10:53 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-18 10:53 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-18 10:53 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-18 10:53 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-18 10:53 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-18 10:53 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-18 10:53 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-18 10:53 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-18 10:53 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-18 10:53 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-18 10:53 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-18 10:53 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-18 10:53 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-18 10:53 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-18 10:53 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-18 10:53 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-18 10:53 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-18 10:53 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-18 10:53 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-18 10:53 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-18 10:53 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-18 10:53 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-18 10:53 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-18 10:53 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-18 10:53 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-18 10:53 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-18 10:53 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-18 10:53 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-18 10:53 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-18 10:53 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-18 10:53 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-18 10:53 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-18 10:53 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-18 10:53 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-18 10:53 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-18 10:53 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-18 10:53 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-18 10:53 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-18 10:53 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-18 10:53 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-18 10:53 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-18 10:53 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-18 10:53 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-18 10:53 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-18 10:53 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-18 10:53 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-18 10:53 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-18 10:53 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-18 10:48 - 2015-06-09 15:30 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-05-18 10:48 - 2015-06-09 15:30 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-05-18 10:47 - 2015-05-18 10:47 - 00003382 _____ C:\Windows\System32\Tasks\Update Checker

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 23:48 - 2015-01-02 18:29 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2988599023-887452739-3193836158-1001
2015-06-10 23:46 - 2014-03-29 17:40 - 02043994 _____ C:\Windows\WindowsUpdate.log
2015-06-10 23:43 - 2015-02-14 00:33 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d047dd6e88209.job
2015-06-10 23:38 - 2015-01-02 18:27 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-10 23:36 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-10 23:11 - 2015-02-23 20:46 - 00000000 ____D C:\Users\Henrik\AppData\Local\Spotify
2015-06-10 23:10 - 2015-01-02 18:49 - 00000000 ____D C:\Users\Henrik\AppData\Local\Battle.net
2015-06-10 23:09 - 2015-01-02 18:41 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Skype
2015-06-10 23:03 - 2015-01-24 20:20 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Spotify
2015-06-10 23:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-10 20:47 - 2015-04-01 20:14 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-10 18:21 - 2015-01-02 20:08 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 18:17 - 2015-01-02 20:08 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 18:13 - 2015-01-02 18:25 - 00000000 ___DO C:\Users\Henrik\SkyDrive
2015-06-10 17:39 - 2015-01-02 18:27 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 16:59 - 2015-01-02 18:24 - 00000074 _____ C:\Users\Henrik\AppData\Roaming\sp_data.sys
2015-06-10 16:57 - 2015-01-02 18:27 - 00001026 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 16:48 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-09 21:51 - 2015-01-02 18:25 - 00003948 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{76DE06A4-5CD9-4049-B2EF-B1CB8465D1AF}
2015-06-09 15:31 - 2014-03-29 17:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-09 15:24 - 2015-01-02 18:23 - 00000000 ____D C:\Users\Henrik
2015-06-09 15:24 - 2013-08-22 16:46 - 00031586 _____ C:\Windows\setupact.log
2015-06-09 15:24 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 11:03 - 2013-12-13 03:29 - 00026452 _____ C:\Windows\PFRO.log
2015-06-08 11:03 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-08 11:01 - 2015-01-05 12:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-08 11:01 - 2015-01-05 12:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-05 19:29 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-02 10:10 - 2015-01-02 18:40 - 00000000 ____D C:\ProgramData\Skype
2015-05-30 15:51 - 2015-01-03 18:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-29 00:38 - 2015-01-02 18:24 - 00000000 ____D C:\Users\Henrik\AppData\Roaming\Adobe
2015-05-28 22:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\ADFS
2015-05-28 21:20 - 2015-01-02 18:24 - 00001375 _____ C:\Users\Henrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-28 21:15 - 2015-01-02 18:40 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-28 21:15 - 2013-08-22 16:44 - 00337344 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-25 00:04 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-05-24 18:14 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-24 18:02 - 2015-04-06 22:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-24 18:02 - 2015-04-06 22:33 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-18 16:38 - 2015-02-14 00:33 - 00004002 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d047dd6e88209
2015-05-18 16:38 - 2015-01-02 18:27 - 00003766 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 15:30 - 2013-12-13 10:38 - 00733830 _____ C:\Windows\system32\perfh01D.dat
2015-05-18 15:30 - 2013-12-13 10:38 - 00152166 _____ C:\Windows\system32\perfc01D.dat
2015-05-18 15:30 - 2013-12-13 03:41 - 01740478 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-18 12:38 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-18 12:37 - 2013-08-22 22:59 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-18 10:47 - 2013-12-13 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-18 10:47 - 2013-12-13 03:41 - 00000000 ____D C:\Program Files (x86)\ASUS

==================== Files in the root of some directories =======

2015-05-28 21:19 - 2015-05-28 21:19 - 0000000 _____ () C:\Users\Henrik\AppData\Roaming\9E4F.tmp
2015-01-02 18:24 - 2015-06-10 16:59 - 0000074 _____ () C:\Users\Henrik\AppData\Roaming\sp_data.sys
2014-03-29 17:44 - 2014-03-29 17:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-13 03:41 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 03:41 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 03:41 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some files in TEMP:
====================
C:\Users\Henrik\AppData\Local\Temp\COMAP.EXE
C:\Users\Henrik\AppData\Local\Temp\Gw2.exe
C:\Users\Henrik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henrik\AppData\Local\Temp\tasks.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-05 15:30

==================== End of log ============================

Addition.txt log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Henrik at 2015-06-10 23:55:27
Running from C:\Users\Henrik\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administratör (S-1-5-21-2988599023-887452739-3193836158-500 - Administrator - Disabled)
Gäst (S-1-5-21-2988599023-887452739-3193836158-501 - Limited - Disabled)
Henrik (S-1-5-21-2988599023-887452739-3193836158-1001 - Administrator - Enabled) => C:\Users\Henrik
HomeGroupUser$ (S-1-5-21-2988599023-887452739-3193836158-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Antivirus- och antispionprogram från McAfee (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Antivirus- och antispionprogram från McAfee (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.4 - ASUS)
ASUS GPU Tweak (HKLM\...\{7353D4C7-43E9-46A3-A1FF-79DD94A386F2}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.8 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5712.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.2.5.1 - Finansiell ID-Teknik BID AB)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)
Endless Space (HKLM-x32\...\Steam App 208140) (Version: - AMPLITUDE Studios)
EPSON SX440 Series Printer Uninstall (HKLM\...\EPSON SX440 Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.5.12.1_WHQL (HKLM\...\Elantech) (Version: 11.5.12.1 - ELAN Microelectronic Corp.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
Getprivate VPN version 1.0 (HKLM-x32\...\{43A12E1B-6532-4C90-90A5-60972044DFED}_is1) (Version: 1.0 - ) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Handelsbanken kortläsare (HKLM-x32\...\{D4C30AE2-EAFE-4E28-A3BA-7CF7485E23C4}) (Version: 1.00.0000 - Todos Data System AB)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HEX (HKLM-x32\...\{E31B651A-B48C-423C-8D0D-855756C8B7E8}_is1) (Version: - HEX Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Magic 2014 (HKLM-x32\...\Steam App 213850) (Version: - Stainless Games)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Magicka 2 (HKLM-x32\...\Steam App 238370) (Version: - Pieces Interactive)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.7 - Black Tree Gaming)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version: - Q-Games, Ltd.)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7164 - Realtek Semiconductor Corp.)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2988599023-887452739-3193836158-1001\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
Thunderbolt(TM) Software (HKLM\...\{A1E0CC92-937C-4D22-8F42-C5BE96F35AC0}) (Version: 1.4.0.1 - Intel(R) Corporation)
Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.458 - ASUS Cloud Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8070 - Broadcom Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.10.25 - WildTangent)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft Classic (HKLM-x32\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

24-05-2015 17:59:29 Windows Update
30-05-2015 15:50:05 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
30-05-2015 15:51:03 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
05-06-2015 15:31:21 Windows Update
10-06-2015 18:13:56 Windows Update
10-06-2015 23:34:37 before fix

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05317686-65FB-495E-83D0-5752FE4B5778} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {1ED5F1D3-2C4C-4229-A49D-C49981178F15} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {21B8A746-BCFB-4D39-976E-CAEAE95DE057} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {2787801E-B858-4952-9D70-A1F59F455F57} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {29937B70-AE90-408F-901A-21D9061AD4CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {39E6F888-00BD-459C-B502-073520E61782} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {3C4F57B6-E939-431A-9645-3E22B6496CD1} - System32\Tasks\Security Update => C:\Users\Henrik\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {4AF40016-CFEF-4DA8-B6E6-539D83441A67} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {514220A1-6F43-40BA-9500-AB978835B84B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {53266F2B-C0BD-4238-BC1D-042B4E5EF8AE} - System32\Tasks\SmartComp Safe Network Schedualer => C:\Program Files (x86)\SmartComp Safe Network\msnworker.exe [2015-05-28] (SecureSoft)
Task: {57EF1251-51D3-4FAC-B7D3-7BB16EBB80E6} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {7BF056B8-5AC6-4D25-9549-D5295C1073F4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {7ECF380D-514B-4AD9-AF91-70345FB5764E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {899EB394-466A-44F3-B39D-0B9AA054E998} - System32\Tasks\GoogleUpdateTaskMachineUA1d047dd6e88209 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {8F7D41E8-5BDC-42D3-A8E7-F1A5BCFDA0E9} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {93291B6B-73B2-4B5E-BF7F-A2CF636E5E66} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-01-23] (Realtek Semiconductor)
Task: {975AB38D-DD1B-4AAD-80B5-5941CD46F25B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {9938F355-5FE4-45AE-B2EA-879A445E0E4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-02] (Google Inc.)
Task: {A37DB465-52DA-40AC-A19F-68293E35D89F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {B1086301-D814-452E-A37E-D645B1D70AEC} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2013-08-06] ()
Task: {B582BC8D-E485-4E04-ADA1-5AC1D83EF775} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-01-20] (Realtek Semiconductor)
Task: {C7E9F371-21FE-44CF-9A16-3A60028E1816} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-01-16] (ASUSTek Computer Inc.)
Task: {C8CD3E64-AA1B-4791-BE51-0F47F9150165} - System32\Tasks\Malware Cleaner => C:\Users\Henrik\AppData\Roaming\9E4F.tmp.exe <==== ATTENTION
Task: {C9385D58-549F-43F5-833C-805D7E33B906} - System32\Tasks\ASUS GPUTweak => C:\Program Files\ASUS\ASUS GPU Tweak\GPUTweak.exe [2014-01-27] (ASUS)
Task: {CD5F7335-C44C-4CEC-8B1C-241DA2C4C5ED} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
Task: {D6D1852C-7890-4352-A6D7-78F073642DD7} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {ED6B8297-0E17-46A1-A0DF-ED52E25FB42F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {F1BFCA4A-4D08-4652-8D60-87A87281A27C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d047dd6e88209.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-25 14:05 - 2013-10-25 14:05 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-06-10 01:38 - 2015-06-10 01:38 - 02212944 _____ () C:\Program Files (x86)\Google\Update\Install\{0CBC75A7-76E4-4090-9BD4-279C55DB733D}\43.0.2357.124_43.0.2357.81_chrome_updater.exe
2014-03-29 17:41 - 2014-12-13 10:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-29 18:01 - 2013-08-29 18:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-03-29 17:52 - 2013-05-15 16:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-01-27 18:41 - 2014-01-27 18:41 - 00011264 _____ () C:\Program Files\ASUS\ASUS GPU Tweak\WMIProc.dll
2014-01-27 18:41 - 2014-01-27 18:41 - 00320000 _____ () C:\Program Files\ASUS\ASUS GPU Tweak\NavpiWrapper.dll
2015-05-28 21:19 - 2015-05-28 21:24 - 00086528 _____ () C:\Program Files (x86)\SmartComp Safe Network\mgwz.dll
2014-03-29 17:37 - 2013-10-23 15:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-04 15:51 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-10-08 22:41 - 2013-10-08 22:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 20:23 - 2013-09-09 20:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-05-28 11:39 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-28 11:39 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-05-18 15:26 - 2015-04-16 19:40 - 00776192 _____ () D:\Spel\Steam\SDL2.dll
2015-05-18 15:26 - 2015-04-23 04:16 - 04962816 _____ () D:\Spel\Steam\v8.dll
2015-06-08 11:05 - 2015-06-04 20:56 - 02407104 _____ () D:\Spel\Steam\video.dll
2015-05-18 15:26 - 2015-04-23 04:16 - 01556992 _____ () D:\Spel\Steam\icui18n.dll
2015-05-18 15:26 - 2015-04-23 04:16 - 01187840 _____ () D:\Spel\Steam\icuuc.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 02396672 _____ () D:\Spel\Steam\libavcodec-56.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 00479744 _____ () D:\Spel\Steam\libavformat-56.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 00332800 _____ () D:\Spel\Steam\libavresample-2.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 00442880 _____ () D:\Spel\Steam\libavutil-54.dll
2015-03-29 00:43 - 2014-12-01 23:31 - 00485888 _____ () D:\Spel\Steam\libswscale-3.dll
2015-06-08 11:05 - 2015-06-04 20:56 - 00703168 _____ () D:\Spel\Steam\bin\chromehtml.DLL
2015-05-18 15:26 - 2015-05-11 21:01 - 36302728 _____ () D:\Spel\Steam\bin\libcef.dll
2015-05-18 15:26 - 2015-05-11 21:01 - 08958344 _____ () D:\Spel\Steam\bin\pdf.dll
2015-03-29 00:43 - 2015-01-24 00:34 - 00109568 _____ () D:\Spel\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Henrik\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2988599023-887452739-3193836158-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Henrik\Pictures\Wallpapers\47158_2_0.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5FB1B009-24C1-409C-8F36-D35D0BA1154A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0800F2D3-EE40-4F3D-9414-4E23EFF9AD36}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C2ABFF6B-4539-493F-8EA9-05CBF5FB0F53}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{13C8ED5C-C329-4F9C-9606-D1B1B337536A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D8BD43B8-F010-400A-9599-066DF20CE8CC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4879E55-E21B-448B-9306-C4B3F5B39BE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CB88BCF8-0478-4D51-98DF-6303D9DC8B94}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{01E33AC3-E8AD-47D2-AD39-1439A28EC824}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F6858BC0-FBF5-49DE-BEA6-A0CAE7AEAF31}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5145CF3A-9516-448A-8B5A-46B1D689E64A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D056967E-409D-436F-9402-B8553543A120}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09AF8AD4-DD05-4AEA-BAE7-43327B7FA7CB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9A8AD63-BCD9-4B71-90C0-8CFE88AD5577}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C4B7D379-25AA-4924-935D-A3F1675F4B7D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{ACA292B2-353B-4402-808B-86C509E0FEA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{5B2A0017-3FBB-462D-A60D-90CB2C942733}] => (Allow) D:\Spel\Battle.net\Battle.net.exe
FirewallRules: [{B5614F16-9B58-4F3F-A4C6-6EFCDA9807D6}] => (Allow) D:\Spel\Battle.net\Battle.net.exe
FirewallRules: [{0E3926AF-5C90-48F2-B4FE-C01E56375A3F}] => (Allow) D:\Spel\Steam\Steam.exe
FirewallRules: [{74F6D826-32B8-4C6E-83DD-99E570629387}] => (Allow) D:\Spel\Steam\Steam.exe
FirewallRules: [{4F7B787F-0281-4BF5-9201-6AAA10BB4260}] => (Allow) D:\Spel\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{D6B62ED2-D65C-4A55-8047-3EC2E0844D03}] => (Allow) D:\Spel\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{0E20D8CD-6012-4332-BE91-D5FDA07EE9D3}] => (Allow) D:\Spel\Steam\steamapps\common\pixeljunkeden\eden.exe
FirewallRules: [{F09FB1F4-9996-473F-BEB7-224285B0D146}] => (Allow) D:\Spel\Steam\steamapps\common\pixeljunkeden\eden.exe
FirewallRules: [{C900FA8D-D166-46B2-8F93-3BC6EEB34B2F}] => (Allow) D:\Spel\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{3AA2680C-771E-48E1-A83B-EE1181A866A7}] => (Allow) D:\Spel\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{1A96C215-FE87-44DD-BBD5-1974B7258BC6}] => (Allow) D:\Spel\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B150C9EF-0CB7-4710-8A12-1E460B9F4D52}] => (Allow) D:\Spel\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0E819F7F-E629-4513-A0F9-6D55E298E3A5}] => (Allow) D:\Spel\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{018D1ABC-9080-4C27-8017-486474D11603}] => (Allow) D:\Spel\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{413C2B92-23A8-47B5-8558-FA497C6A9D68}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{650CEE22-F517-4C40-ACED-3C8FC31868D5}] => (Allow) D:\Program Files (x86)\Origin Games\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{791DBF8C-31A8-4EA1-AB26-C7C4A56EE9EB}] => (Allow) D:\Spel\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{EB5E1058-61F9-4B38-84DC-7E1A887BEA2A}] => (Allow) D:\Spel\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{0F0C0009-C419-440C-BCA1-627A1C331780}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{D828B1EA-E969-4321-9267-B7D270796A49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{962E33BB-2ED2-4D7C-8D1E-100AA06E5EAF}] => (Allow) D:\Spel\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FB5E57A0-50A3-42BA-ACE2-FBDAED00D944}] => (Allow) D:\Spel\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{28412379-370E-42C3-9BFB-F995A554DA11}] => (Allow) D:\Spel\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{D0635CFB-A922-41E8-9224-2E0E3FDDF5DA}] => (Allow) D:\Spel\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{DEF265D5-559B-4D3F-851D-BA6CE1341CE6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{FD2737EA-2C43-471B-B5BF-C828DF1187E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{CB72AB6F-CE7F-4BFA-8661-49EF272FD5CF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{208EBCE5-A575-4BCC-A8A2-0EA91DD89C7D}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{C2411A01-9A16-47A6-99E4-68FEAEF3CBED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{7942DF93-1642-4E86-8CA2-87DED368EE8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{FF6B3CD8-86BC-4F86-802C-F336D984F673}] => (Allow) D:\Spel\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{EC90DA49-51AB-43D0-A33F-2CE5FD330627}] => (Allow) D:\Spel\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{2FB4B4DD-191D-4EDD-8AB5-D63F7AEE059F}] => (Allow) D:\Spel\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [{F335174A-2F24-4238-AEAB-959EDF437315}] => (Allow) D:\Spel\Steam\steamapps\common\SS2\Shock2.exe
FirewallRules: [TCP Query User{AF36F812-2E03-4502-A765-AA61C1DF0E3E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3A90FAD9-4CA1-472F-BC9A-7627E86C0297}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A2F8C9BF-3575-4A3B-A07C-24994DB19AA1}] => (Allow) D:\Spel\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{AFEAC1AD-96DD-4EE7-92D4-9CDB01C79E6A}] => (Allow) D:\Spel\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{7A33D11B-239B-49BA-BDB4-2FC6ED872335}] => (Allow) D:\Spel\Steam.exe
FirewallRules: [{529D48AF-1C66-4C4B-9729-8C4988CE24D2}] => (Allow) D:\Spel\Steam.exe
FirewallRules: [{4AE3E8C5-A7DA-4CA0-A293-770F4B581FF2}] => (Allow) D:\Spel\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{CB3CFBF1-2CD5-4DC9-A81E-3247E7A7B810}] => (Allow) D:\Spel\Steam\steamapps\common\Magic 2014\DotP_D14.exe
FirewallRules: [{A8E84328-D6BA-45C8-A780-D92CA6C81AC6}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7BF54167-A781-423A-B066-7BB84293D58F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5E0DA890-4577-4797-94D4-20BC799397AB}] => (Allow) D:\Spel\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{DA064B3B-ABEA-4F8D-A14C-AAC49B1D2790}] => (Allow) D:\Spel\Steam\steamapps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{68A574B6-CB52-4506-833E-D896F0374EA1}] => (Allow) D:\Spel\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{1A7D8D29-1EF3-43C3-BC2D-BA52D334D647}] => (Allow) D:\Spel\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{3A0AAD52-BF6E-4270-B981-8E8062BC948A}] => (Allow) D:\Spel\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{7842BF2C-B28C-48D2-9628-AB91D0C05157}] => (Allow) D:\Spel\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{831A324A-5804-4904-8D4D-3EFEAC10F2F2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/10/2015 11:40:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 1168

Starttid: 01d0a3c56936d59f

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 5cd02213-0fb9-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 11:11:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet mbam.exe, version 1.0.2.929, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 155c

Starttid: 01d0a38dcd62cd12

Avslutningstid: 4294967295

Programsökväg: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Rapport-ID: 3f7b9b66-0fb5-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket:

Program-ID relativt till felaktigt paket:

Error: (06/10/2015 11:11:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet Skype.exe, version 7.5.0.101, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 1e58

Starttid: 01d0a38dd680f32d

Avslutningstid: 4294967295

Programsökväg: C:\Program Files (x86)\Skype\Phone\Skype.exe

Rapport-ID: 35c0bcf8-0fb5-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket:

Program-ID relativt till felaktigt paket:

Error: (06/10/2015 11:09:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 251c

Starttid: 01d0a3c0fa9d569e

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: ee53406d-0fb4-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 10:34:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: d78

Starttid: 01d0a3bc1a2084d1

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 0d972de4-0fb0-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 10:10:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 2b68

Starttid: 01d0a3b8d697a029

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: ca2d8c7d-0fac-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 09:40:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 2988

Starttid: 01d0a3b4a5d0ee15

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 99589c49-0fa8-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 09:10:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 1d8

Starttid: 01d0a3b074d68c14

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 68e43da2-0fa4-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 08:32:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 1b2c

Starttid: 01d0a3aab2afba68

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: ffa1ee1b-0f9e-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 08:11:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet LiveComm.exe, version 17.5.9600.20856, avslutades eftersom det slutade samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 1c94

Starttid: 01d0a3a81308f62a

Avslutningstid: 4294967295

Programsökväg: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Rapport-ID: 068e461e-0f9c-11e5-827a-54271e918043

Fullständigt namn på felaktigt paket: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Program-ID relativt till felaktigt paket: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (06/10/2015 11:45:49 PM) (Source: DCOM) (EventID: 10016) (User: NT instans)
Description: programspecifikLokalAktivering{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT instansSYSTEMS-1-5-18LocalHost (med LRPC)Inte tillgängligInte tillgänglig

Error: (06/10/2015 02:21:01 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/10/2015 02:21:01 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/10/2015 02:21:01 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/10/2015 02:21:01 AM) (Source: DCOM) (EventID: 10010) (User: GOFAXYOURSELF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/10/2015 01:36:57 AM) (Source: Schannel) (EventID: 4120) (User: NT instans)
Description: Ett allvarligt fel uppstod och skickades till fjärrslutpunkten. Det kan leda till att anslutningen bryts. Koden för det allvarliga felet som definieras i TLS-protokollet är 10. Feltillståndet i Windows SChannel är 10.

Error: (06/10/2015 01:36:57 AM) (Source: Schannel) (EventID: 4120) (User: NT instans)
Description: Ett allvarligt fel uppstod och skickades till fjärrslutpunkten. Det kan leda till att anslutningen bryts. Koden för det allvarliga felet som definieras i TLS-protokollet är 10. Feltillståndet i Windows SChannel är 10.

Error: (06/09/2015 04:48:31 PM) (Source: Ntfs) (EventID: 55) (User: NT instans)
Description: En skada upptäcktes i filsystemstrukturen på volym OS.

Ett fel påträffades i en indexstruktur för filsystemet. Filens referensnummer är 0x1000000001c49. Namnet på filen är \Windows\System32. Det skadade indexattributet är :$I30:$INDEX_ALLOCATION.

Error: (06/09/2015 03:24:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Den senaste avstängningen av datorn vid 02:13:13 den ‎2015-‎06-‎09 skedde oväntat.

Error: (06/09/2015 03:23:44 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT instans)
Description: 32212256841174208


Microsoft Office:
=========================
Error: (06/10/2015 11:40:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856116801d0a3c56936d59f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe5cd02213-0fb9-11e5-827a-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 11:11:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.2.929155c01d0a38dcd62cd124294967295C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe3f7b9b66-0fb5-11e5-827a-54271e918043

Error: (06/10/2015 11:11:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe7.5.0.1011e5801d0a38dd680f32d4294967295C:\Program Files (x86)\Skype\Phone\Skype.exe35c0bcf8-0fb5-11e5-827a-54271e918043

Error: (06/10/2015 11:09:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856251c01d0a3c0fa9d569e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exeee53406d-0fb4-11e5-827a-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 10:34:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856d7801d0a3bc1a2084d14294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe0d972de4-0fb0-11e5-827a-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 10:10:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208562b6801d0a3b8d697a0294294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.execa2d8c7d-0fac-11e5-827a-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 09:40:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20856298801d0a3b4a5d0ee154294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe99589c49-0fa8-11e5-827a-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 09:10:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208561d801d0a3b074d68c144294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe68e43da2-0fa4-11e5-827a-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 08:32:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208561b2c01d0a3aab2afba684294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exeffa1ee1b-0f9e-11e5-827a-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/10/2015 08:11:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.208561c9401d0a3a81308f62a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe068e461e-0f9c-11e5-827a-54271e918043microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 8074.96 MB
Available physical RAM: 4820.14 MB
Total Pagefile: 11729.25 MB
Available Pagefile: 7884.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:215.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:318.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: DC1887FA)

Partition: GPT Partition Type.

==================== End of log ============================
therewillbecake
Active Member
 
Posts: 9
Joined: June 8th, 2015, 6:26 am

Re: Influx of ads: Take 2

Unread postby Firefly » June 12th, 2015, 10:50 am

therewillbecake –

Great job running and posting those scans.

There are a few things going on with your computer that we should be able to deal with relatively easily. I see evidence of a few viruses, but my theory is that the pop-ups and ads are actually being caused by your free VPN. These types of “free” products actually make a TON of money by selling ads that they can force onto your computer. In general, be skeptical.

We are going to remove Privoxy, then make sure all of the hidden pieces of it are gone using AdwCleaner and FRST (the included uninstaller is unreliable.) Your Chrome browser has become very infected internally. To be safe, the surest way to clean it is to simply remove it and reinstall. In a typical setup, Google stores your bookmarks in the cloud, so they should repopulate when we reinstall Chrome. If you are not set up that way, you may want to back up your bookmarks and any other personal information (ie passwords.) Please do the following:


UNINSTALL PROBLEM PROGRAMS

Next, lets remove the programs that are causing some of your issues. These will be simple deletes using window's program uninstaller:

1. Click Start ------> click Control Panel -----> click Programs and Feature.
2. In the Currently installed programs box, click the program that you want to remove, and then click Uninstall. The programs I want to have you remove (please let me know if they are NOT listed in your list of programs) is:
Getprivate VPN version 1.0
Google Chrome
Google Update Helper


If you are prompted to confirm the removal of a program, click Yes. If you're asked if you would like to keep any personalized settings or folders, say NO.

Reboot your computer


AdwCleaner

  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe (it should still be on your desktop) and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck the following entries which are connected to some of your games (they are located under the “files” tab at the top of the results window):

    • C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
    • C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
    • C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
    • C:\Users\Henrik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

    If you don’t recognize these as being related to games you play, go ahead and leave them checked.
  • click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


FRST Fix

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    (The Privoxy team - www.privoxy.org ) C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    ProxyEnable: [S-1-5-21-2988599023-887452739-3193836158-1001] => Internet Explorer proxy is enabled
    SearchScopes: HKU\S-1-5-21-2988599023-887452739-3193836158-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-2988599023-887452739-3193836158-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    R2 PrivoxyService; C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe [371200 2015-05-28] (The Privoxy team - www.privoxy.org ) [File not signed] <==== ATTENTION
    S3 Origin Client Service; "D:\Spel\Origin\OriginClientService.exe" [X]
    C:\Windows\System32\Tasks\SmartComp Safe Network Schedualer
    C:\Program Files (x86)\SmartComp Safe Network
    C:\Users\Henrik\AppData\Roaming\Getprivate VPN
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN
    C:\Users\Henrik\AppData\Roaming\9E4F.tmp
    C:\ProgramData\SetStretch.cmd
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS
    C:\Users\Henrik\AppData\Local\Temp\COMAP.EXE
    C:\Users\Henrik\AppData\Local\Temp\Gw2.exe
    C:\Users\Henrik\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Henrik\AppData\Local\Temp\tasks.dll
    Task: {3C4F57B6-E939-431A-9645-3E22B6496CD1} - System32\Tasks\Security Update => C:\Users\Henrik\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
    Task: {C8CD3E64-AA1B-4791-BE51-0F47F9150165} - System32\Tasks\Malware Cleaner => C:\Users\Henrik\AppData\Roaming\9E4F.tmp.exe <==== ATTENTION
    C:\Program Files (x86)\SmartComp Safe Network
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
    

  • Save it next to FRST.exe as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.


Chrome Reinstall

You can now reinstall Chrome. The link to do so is HERE


Next Steps

1. Let me know any issues uninstalling GetPrivate and Chrome.
2. Post AdwCleaner Log
3. Post Fixlog.txt log
4. Confirm Chrome reinstall

Once these are done, please try to browse the web in general, and with the VPN gone, let me know if you are still having issues. There will still be some malware to remove, but I think you should see it reduced or gone completely.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Influx of ads: Take 2

Unread postby therewillbecake » June 13th, 2015, 11:02 am

Hello Firefly!

I could not find the Google Update Helper in my list of installed programs.
I successfully reinstalled Chrome.
I will be out of town untill tuesday so if you´re quick to respond to this post I may not have time to respond whithin the 3 day time span. If that is the case, I thank you for your service so far.

AdwCleaner log

# AdwCleaner v4.206 - Logfile created 13/06/2015 at 16:37:33
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Henrik - GOFAXYOURSELF
# Running from : C:\Users\Henrik\Desktop\adwcleaner_4.206.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : PrivoxyService

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SmartComp Safe Network
Folder Deleted : C:\Users\Henrik\AppData\Roaming\Updater

***** [ Scheduled tasks ] *****

Task Deleted : Malware Cleaner
Task Deleted : Security Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


*************************

AdwCleaner[R0].txt - [1602 bytes] - [10/06/2015 23:47:00]
AdwCleaner[R1].txt - [1384 bytes] - [13/06/2015 16:35:23]
AdwCleaner[S0].txt - [1117 bytes] - [13/06/2015 16:37:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1176 bytes] ##########


Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Henrik at 2015-06-13 16:45:42 Run:1
Running from C:\Users\Henrik\Desktop
Loaded Profiles: Henrik (Available Profiles: Henrik)
Boot Mode: Normal
==============================================

fixlist content:
*****************
(The Privoxy team - www.privoxy.org ) C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ProxyEnable: [S-1-5-21-2988599023-887452739-3193836158-1001] => Internet Explorer proxy is enabled
SearchScopes: HKU\S-1-5-21-2988599023-887452739-3193836158-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2988599023-887452739-3193836158-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 PrivoxyService; C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe [371200 2015-05-28] (The Privoxy team - www.privoxy.org ) [File not signed] <==== ATTENTION
S3 Origin Client Service; "D:\Spel\Origin\OriginClientService.exe" [X]
C:\Windows\System32\Tasks\SmartComp Safe Network Schedualer
C:\Program Files (x86)\SmartComp Safe Network
C:\Users\Henrik\AppData\Roaming\Getprivate VPN
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN
C:\Users\Henrik\AppData\Roaming\9E4F.tmp
C:\ProgramData\SetStretch.cmd
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Henrik\AppData\Local\Temp\COMAP.EXE
C:\Users\Henrik\AppData\Local\Temp\Gw2.exe
C:\Users\Henrik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henrik\AppData\Local\Temp\tasks.dll
Task: {3C4F57B6-E939-431A-9645-3E22B6496CD1} - System32\Tasks\Security Update => C:\Users\Henrik\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {C8CD3E64-AA1B-4791-BE51-0F47F9150165} - System32\Tasks\Malware Cleaner => C:\Users\Henrik\AppData\Roaming\9E4F.tmp.exe <==== ATTENTION
C:\Program Files (x86)\SmartComp Safe Network
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns

*****************

C:\Program Files (x86)\SmartComp Safe Network\privoxy.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-2988599023-887452739-3193836158-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2988599023-887452739-3193836158-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
PrivoxyService => Service not found.
Origin Client Service => Service removed successfully
C:\Windows\System32\Tasks\SmartComp Safe Network Schedualer => moved successfully.
"C:\Program Files (x86)\SmartComp Safe Network" => File/Folder not found.
"C:\Users\Henrik\AppData\Roaming\Getprivate VPN" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Getprivate VPN" => File/Folder not found.
C:\Users\Henrik\AppData\Roaming\9E4F.tmp => moved successfully.
C:\ProgramData\SetStretch.cmd => moved successfully.
C:\ProgramData\SetStretch.exe => moved successfully.
C:\ProgramData\SetStretch.VBS => moved successfully.
C:\Users\Henrik\AppData\Local\Temp\COMAP.EXE => moved successfully.
C:\Users\Henrik\AppData\Local\Temp\Gw2.exe => moved successfully.
C:\Users\Henrik\AppData\Local\Temp\SkypeSetup.exe => moved successfully.
C:\Users\Henrik\AppData\Local\Temp\tasks.dll => moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C4F57B6-E939-431A-9645-3E22B6496CD1} => key not found.
C:\Windows\System32\Tasks\Security Update not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8CD3E64-AA1B-4791-BE51-0F47F9150165} => key not found.
C:\Windows\System32\Tasks\Malware Cleaner not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner => key not found.
"C:\Program Files (x86)\SmartComp Safe Network" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 16:46:42 ====
therewillbecake
Active Member
 
Posts: 9
Joined: June 8th, 2015, 6:26 am

Re: Influx of ads: Take 2

Unread postby Firefly » June 13th, 2015, 11:08 am

Thanks for letting me know about the delay. We can continue to work on it.

Try using chrome and ie. How are they responding?
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Influx of ads: Take 2

Unread postby Firefly » June 16th, 2015, 5:00 pm

therewillbecake -

Please let me know if you still need help. I know you were away, so I have given an extra grace period for responding.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Influx of ads: Take 2

Unread postby therewillbecake » June 16th, 2015, 5:29 pm

Dear Firefly

Thank you so much for your time and hard work!
I´ve been surfing around for an hour or so and the issue seems to be gone now.
And even though it seems not to be necessary, I am very grateful for the given grace period. It was comforting to know that when I got home, if the problem remained, I could reach out to you. :)

Once more, thanks a lot!
Hope I won´t need your help again!

Yours sincerely
therewillbecake
therewillbecake
Active Member
 
Posts: 9
Joined: June 8th, 2015, 6:26 am

Re: Influx of ads: Take 2

Unread postby Firefly » June 17th, 2015, 10:42 am

therewillbecake -

Glad to here things are working well. There is still a little bit of work to do to make sure everything is clean and safe. Please do the following:


ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Influx of ads: Take 2

Unread postby therewillbecake » June 18th, 2015, 7:13 am

Firefly

I successfully disabled my antivirus.

When i click on run ESET Online Scanner i get a popup with the EULA where i elect YES then press the start button.
Then I get a prompt that the webpage wants to install the following program: Onlinescanner.cab from ESET, spol. s r.o..

When I press install i get a new popup stating: If you want to view the webpage again the browser must sent the previously available information once more.
I press Try Again.
I get another popup from User Acount Control asking me about the previously mentioned program, I press yes and get the prompt that tells me An addon for the webpage could not be run. After this nothing happened.

PS. My OS is in Swedish so this might not be exactly what it says in English, just my translation of it. DS.
therewillbecake
Active Member
 
Posts: 9
Joined: June 8th, 2015, 6:26 am

Re: Influx of ads: Take 2

Unread postby Firefly » June 18th, 2015, 7:17 am

therewillbecake -

That sounds like a Chrome error. Please note at the top of my previous post:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.


Are you using Chrome to try to run the scan or IE?
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm

Re: Influx of ads: Take 2

Unread postby therewillbecake » June 18th, 2015, 7:20 am

No, i was using explorer
therewillbecake
Active Member
 
Posts: 9
Joined: June 8th, 2015, 6:26 am

Re: Influx of ads: Take 2

Unread postby Firefly » June 18th, 2015, 7:22 am

I'll get back to you. May have you run something different based on compatability.
User avatar
Firefly
Regular Member
 
Posts: 949
Joined: March 5th, 2014, 4:33 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware