CWorker

So a few days later and it looks like it's all gone. There's still the odd "you'er now leaving a secure connection" which I haven't pinned down but I think that might have to do with resetting the browser completely and it doesn't appear to be malicious. A well earned donation should be going your way as well. Thanks for all your help!

It looks promising! I'ev been using it for about half an hour now and so far so good. The only thing I don't like is that one website was blocked by malwarebytes just as I started, and that I've had two prompts from windows saying "you're now leaving a secure internet connection" for no obvious reason. Good news however is that all the ads and pop-ups are now gone. Are you happy with me giving it a day or two just to make sure nothing else appears? I can report back on say Monday if that sounds good to you?

Still there I'm afraid.

The website scan doesn't seem to work. It works fine in chrome but in firefox it never finishes, it just keeps loading and loading. I have repaired now but ads still there I'm afraid.

I had it before and it gets rid of some but not all of it unfortunately. For example the banners on this forum are still there (with the ebay ads).

Still there I'm afraid. Here are three screenshots. This also comes with popups. Chrome seems to be working fine though.

~ ZHPCleaner v2015.4.7.160 by Nicolas Coolman (08/04/2015) ~ Run by Johan (Administrator) (08/04/2015 10:23:17) ~ Forum : http://forum.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\Johan\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Johan\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious items found. ---\\ Browser internet (0) ~ No malicious items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0) ~ No malicious items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious items found. ---\\ Registry ( Key, Value, Data) (8) FOUND data: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\\Application [bad : http://www.filefacts.net/redirect.php?ext=%s] (Hijacker.Association) FOUND key: HKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Classes\.torrent [bitLord] (Adware.WhenUSave) FOUND key: HKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Classes\Magnet [bitLord magnet URI] (Adware.WhenUSave) FOUND key: HKCU\Software\AppDataLow\Software\Smartbar [] (PUP.QuickShare) FOUND key: [X64] HKLM\SOFTWARE\Classes\.torrent [bitLord] (Adware.WhenUSave) FOUND key: [X64] HKLM\SOFTWARE\Classes\BitLord [bitLord 2] (Adware.WhenUSave) FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitLord [House of Life] (Adware.WhenUSave) FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitLord [bitLord 2.3] (Adware.WhenUSave) ---\\ Result of repair ~ Any repair made ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 77156 ~ Items found : 8 ~ Items repaired : 0 End of clean at 10:34:15 =================== ZHPCleaner--08042015-10_34_15.txt

This did find some stuff, fingers crossed it's usefull! Zoek.exe v5.0.0.0 Updated 02-April-2015Tool run by Johan on 2015-04-07 at 20:56:38,32.Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Johan\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 2015-04-07 21:00:02 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Aerosoft deleted successfullyC:\PROGRA~2\MSXML 4.0 deleted successfullyC:\PROGRA~2\Real Environment Xtreme Essential deleted successfullyC:\PROGRA~2\trivia games deleted successfullyC:\PROGRA~2\COMMON~1\Apple deleted successfullyC:\PROGRA~2\COMMON~1\ATI Technologies deleted successfullyC:\PROGRA~2\COMMON~1\SWF Studio deleted successfullyC:\Program Files\Wondershare deleted successfullyC:\PROGRA~3\Desura deleted successfullyC:\Users\Guest\AppData\Roaming\hpqLog deleted successfullyC:\Users\Johan\AppData\Roaming\.StarMade deleted successfullyC:\Users\Johan\AppData\Roaming\Dev-Cpp deleted successfullyC:\Users\Johan\AppData\Roaming\TP deleted successfullyC:\Users\Johan\AppData\Roaming\Windows Live Writer deleted successfullyC:\Users\Johan\AppData\Local\CutePDF Writer deleted successfullyC:\Users\Johan\AppData\Local\VirtualStore deleted successfullyC:\Users\Johan\AppData\Local\WarThunder deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3D16B5F4-09F2-4869-B5AC-463DBD48D455} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{185DA020-9CA2-497E-A6CF-E127352EB7E3} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2683780F-62E1-436C-BBE5-1896B4944EC3} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{308FAFB7-AA6E-4F7C-B63E-A1FB37B524E} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30E42A8D-41B5-4A21-B82C-897A491470D} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B85C2-B95B-4EA2-B593-7A99131A1E91} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39630F6F-7BD5-448D-905B-105C52CF5456} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3981B3F0-9E59-49D6-A2E7-1A5F6940BC8} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BC34252-7C6-4FEA-ADF5-7FC0B58332F} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D46ACD4-2B3A-42F9-86A6-4AD7D13AA53} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4080A7CB-609D-4637-8F17-CA7237C160EB} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48DDFD4F-463C-47F4-949F-DFC2E13D848} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B460760-5878-4D94-8432-DBFDA7F3ABA} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CBDD894-65FB-4D6B-85EA-9575327B2DE8} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D9975-DE9A-4E78-BCAD-C0931DE0CD1D} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51310DC6-A23A-420D-AAE4-4721467113E3} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5EB266B2-93B3-4CE4-932E-929350BC389D} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66B3DAAD-AF9-4C30-9D34-D5779CB45963} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B34C177-3AAA-418E-A1F7-7471E03A8DDC} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CC0A808-B717-470B-8079-A47741CFE8C3} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72760B86-9912-43FE-9D59-701476DB95C} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{794753FA-B386-4F65-B3CF-647AB6F2AA63} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7BC75690-FD67-4246-A299-61DAAAB23170} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A15E98A-4F6B-49AB-9320-829870E5A699} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C6826C0-40D5-4462-B197-4E88C77827AF} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9431F387-75F1-4C08-B3FE-1B225AFEB535} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9704A7FA-D051-43D6-ADA7-525DAD66C486} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E4319CE-2F72-45D5-88E9-8C326A15A0} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A56B620-5C8-448D-9916-8E183FD9EC2F} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABE7CC75-2458-487A-B31C-9A6513CD1551} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD6E34A7-EAC7-48C9-8674-2641C107DAB} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA2ED4E-EF18-4CC4-B038-CCA0FC974C6} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C587BD62-964B-4799-9627-C1F76E6F979C} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7B372D7-657C-4701-B91C-27BA7B8FD99} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3ADA7AA-25AC-4A2D-A23B-4DCAA92067A} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D693DDA0-A1D9-4CD1-A723-FB45C86698A5} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D6E253E3-ED2-4B5A-9233-DEC11C6770EC} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE3F2134-267C-44B5-89A9-86D9B6CCC86} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB114F71-21D8-4663-B036-DDFF8BF3D2D} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE01B156-EDE3-4BA4-837-8555F69733E5} deleted successfullyHKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC4B74EF-BB57-4600-A59E-524A13B10A4} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3D16B5F4-09F2-4869-B5AC-463DBD48D455} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D16B5F4-09F2-4869-B5AC-463DBD48D455} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zeu9pqwc.default\prefs.js: Added to C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zeu9pqwc.default\prefs.js:user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\4ri6hn6b.default-1428326554992\prefs.js: Added to C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\4ri6hn6b.default-1428326554992\prefs.js:user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\j6q9zq6u.Johan\prefs.js:user_pref("browser.startup.homepage", "about:home");user_pref("browser.search.selectedEngine", "Google"); Added to C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\j6q9zq6u.Johan\prefs.js:user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Johan\AppData\Roaming\Thunderbird\Profiles\fe78p09j.default\prefs.js: Added to C:\Users\Johan\AppData\Roaming\Thunderbird\Profiles\fe78p09j.default\prefs.js:user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Aerosoft not foundC:\PROGRA~2\Real Environment Xtreme Essential not foundC:\PROGRA~2\trivia games not foundC:\Users\Johan\AppData\Roaming\.minecraft deletedC:\Users\Johan\.android deletedC:\PROGRA~2\Paradox Interactive deletedC:\PROGRA~2\PMDG Operations Center deletedC:\PROGRA~2\Potatoshare Android Data Recovery deletedC:\PROGRA~2\ProtectDisc Driver Installer deletedC:\PROGRA~2\BitLord 2 deletedC:\PROGRA~2\Wondershare deletedC:\PROGRA~2\COMMON~1\Wondershare deletedC:\Users\Johan\AppData\Roaming\Wondershare deletedC:\Users\Johan\AppData\Roaming\bitlord_log.txt deletedC:\Users\Johan\AppData\Roaming\BitLord deletedC:\PROGRA~3\Package Cache deletedC:\Users\Johan\AppData\Local\Wondershare deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deletedC:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deletedC:\Users\Johan\Documents\BitLord deleted"C:\ProgramData\cm-lock" not deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zeu9pqwc.defaultuser_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\4ri6hn6b.default-1428326554992user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\j6q9zq6u.Johanuser_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Johan\AppData\Roaming\Thunderbird\Profiles\fe78p09j.defaultuser_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zeu9pqwc.default- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\Johan\AppData\Roaming\Thunderbird\Profiles\fe78p09j.default- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox- TrueSuite Website Logon - %AppDir%\extensions\websitelogon@truesuite.com- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}- Motive Extension - %AppDir%\browser\extensions\mcciwbch@motive.com.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\4ri6hn6b.default-1428326554992C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave FlashC62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash Profilepath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\j6q9zq6u.JohanC2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave FlashC62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash ==== Chromium Look ====================== Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsaepeildmfnnehghlknddebgjghlompfe - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[2011-02-11 11:37] Website Logon - Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfemppflflkbbafeopeoeigkbbdjdbeifni - Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main][HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Default_Page_URL"="http://www.bing.com?pc=HPNTDF""Start Page"="http://www.bing.com?pc=HPNTDF"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Default_Page_URL"="http://www.bing.com?pc=HPNTDF""Start Page"="http://www.bing.com?pc=HPNTDF" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157""Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at rebootC:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at rebootC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at rebootC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at rebootC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\4ri6hn6b.default-1428326554992\cache2 emptied successfullyC:\Users\Johan\AppData\Local\Mozilla\Firefox\Profiles\j6q9zq6u.Johan\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=12851 folders=1240 3009958043 bytes) ==== Empty Temp Folders ====================== C:\Users\Administrator\AppData\Local\temp emptied successfullyC:\Users\Default\AppData\Local\temp emptied successfullyC:\Users\Default User\AppData\Local\temp emptied successfullyC:\Users\Guest\AppData\Local\temp emptied successfullyC:\Users\Johan\AppData\Local\Temp will be emptied at rebootC:\Users\Public\AppData\Local\temp emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\temp emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\Johan\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\cm-lock" not deleted"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted"C:\Users\Johan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted ==== EOF on 2015-04-08 at 10:20:17,58 ======================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Johan at 2015-04-07 10:20:29 Running from C:\Users\Johan\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Enabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) aerosoft's - German Airports 1 - Stuttgart X (HKLM-x32\...\{E4298CF5-9C36-4519-9089-FF7A43EA5C5D}) (Version: 1.00 - aerosoft) aerosoft's - Mallorca X for FSX (HKLM-x32\...\{07CC448E-4FFC-444F-999D-10F11AE559FB}) (Version: 1.00 - aerosoft) aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.01 - aerosoft) aerosoft's - Mega Airport Madrid Barajas (HKLM-x32\...\{8233F99B-C4C2-44E9-8486-374E9B300BF2}) (Version: 1.02 - aerosoft) aerosoft's - Mega Airport Paris CDG X (HKLM-x32\...\{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}) (Version: 1.00 - aerosoft) aerosoft's - Mega Airport Stockholm Arlanda X (HKLM-x32\...\{3B6F6E35-900C-4FE3-B2F6-067443353CD1}) (Version: 1.00 - aerosoft) aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Aircraft Situation Editor (HKLM-x32\...\Aircraft Situation Editor) (Version: 1.3 - Craig Phillips) Airport Design Editor 9x Version 1.50.18.197 (HKLM-x32\...\ADE9xSetup_is1) (Version: 1.50.18.197 - Jon Masterson & The ScruffyDuck Company) AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft) Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment) AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 2 (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - ) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) Battlestations: Pacific (HKLM-x32\...\{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}) (Version: 1.00.0000 - Eidos plc) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.1-213 - House of Life) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - ) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Car Mechanic Simulator 2014 (HKLM-x32\...\Steam App 270850) (Version: - PlayWay S.A.) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Civilization.V.GOTY.incl.Gods.and.Kings (HKLM-x32\...\Civilization.V.GOTY.incl.Gods.and.Kings_is1) (Version: - ) CLOUD9 Bergen FSX 1.01 (HKLM-x32\...\{A28B5F9A-3AD0-4CB5-AB72-ADF062FD956E}) (Version: 1.01 - ) CodeBlocks (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\CodeBlocks) (Version: 10.05 - The Code::Blocks Team) Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Death to Spies (HKLM-x32\...\Steam App 9800) (Version: - Haggard Games) DelinvFile - 4.04 (HKLM-x32\...\DelinvFile_is1) (Version: 4.04 - Assistance and Resources for Computing, Inc.) Deluge 1.3.5 (HKLM-x32\...\Deluge) (Version: - ) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Direct Show Ogg Vorbis Filter (remove only) (HKLM-x32\...\OggDS) (Version: - ) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden DXGL Wrapper (HKLM-x32\...\GLWRAPPER) (Version: - ) EGSH Norwich Airport (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\EGSH Norwich Airport) (Version: - ) Eiresim Shannon Ultimate FsX (HKLM-x32\...\Eiresim Shannon Ultimate FsXV1.0) (Version: V1.0 - Eiresim) EireSim-Alicante FSX (HKLM-x32\...\{72FF9BBB-80A1-4A3C-8ABD-A6149BD884A0}) (Version: 1.00.0000 - Setup EireSim-Alicante FSX for place2use) EKCH Copenhagen Airport, Kastrup X (HKLM-x32\...\{9D5BFBF1-EB38-4AE1-A833-4F564B999CE3}) (Version: 2.0 - Scansim) Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation) Essex Controller Pack 4.3b (HKLM-x32\...\Essex Controller Pack 4.3b) (Version: - ) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.8.2.5 - SCS Software) EuroScope 3.1d (HKLM-x32\...\{93878DDD-E621-4AFF-8203-2658451A3636}) (Version: 3.1.4 - Gergely Csernak) EuroScope v3.2 (HKLM-x32\...\{643D8CF6-F80A-4686-90A2-ECC4B0D63089}) (Version: 3.2 - Gergely Csernak) Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.) Evil Genius (HKLM-x32\...\Steam App 3720) (Version: - Elixir Studios) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software) FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery) Fleet Operations version 3.2.7 (HKLM-x32\...\{F00C56DC-3121-42BC-A4CB-9233D2265EB5}_is1) (Version: 3.2.7 - ) Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - ) Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - ) Fly UK SkyTrack (HKLM-x32\...\Fly UK SkyTrack) (Version: 1.3.2 RC1 - Fly UK) Freight Tycoon (HKLM-x32\...\Freight Tycoon_is1) (Version: - GamersGate) FSDreamTeam JFK FSX 1.2.1 (HKLM-x32\...\FSDreamTeam JFK FSX_is1) (Version: - ) FSDreamTeam ZurichX 1.3.2 (HKLM-x32\...\FSDreamTeam ZurichX_is1) (Version: - ) FSFDT FSCopilot (HKLM-x32\...\FSFDT FSCopilot) (Version: - ) FSFDT FSInn (HKLM-x32\...\FSFDT FSInn) (Version: - ) FSrealWX lite version 1.07.1522 (HKLM-x32\...\FSrealWX lite_is1) (Version: 1.06.1475 - Hanse-Coders.) GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.33.000 - Runtime Software) GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GSAK 8.1.0.10 (Final) (HKLM-x32\...\GSAK_is1) (Version: - CWE computer services) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 2.02 - Creative Technology Limited) HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{5E63C0AB-19B0-47D4-842E-6B324EB0614B}) (Version: 4.1.23.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard) HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - ) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company) HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{CDEC32AA-9C84-40C8-B0CD-45F5681FFF10}) (Version: 4.5.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version: - ) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java SE Development Kit 8 Update 5 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) Jeppesen Program and Data Installation (HKLM-x32\...\{4173F0BF-2363-4DC3-92A9-446B69DBB134}) (Version: 1.0.0.0 - Jeppesen) Jeppesen Weather Service (HKLM-x32\...\{3E1D1CE6-FF37-4A5D-9714-D6F48CFD589D}) (Version: 2.4.1.1 - Jeppesen) JPEG Recovery Pro 5.0 (HKLM-x32\...\JPEG Recovery Pro5.0) (Version: 5.0 - e.World Technology Limited) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.9.5 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - ) LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden London Control (HKLM-x32\...\{B0567B61-FDBC-4978-AE39-7010072526D8}) (Version: 1.4.3.4 - DM Aviation Limited) Lunar Flight (HKLM-x32\...\Steam App 208600) (Version: - Shovsoft) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation) Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation) Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft Speech Platform SDK (x86) v10.2 (HKLM-x32\...\{A946A6CC-E9F2-44A8-9A8D-095C756AF4EB}) (Version: 10.2.7300.97 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation) Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation) Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation) Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation) MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 36.0.4 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 sv-SE)) (Version: 36.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 17.0.2 (x86 sv-SE) (HKLM-x32\...\Mozilla Thunderbird 17.0.2 (x86 sv-SE)) (Version: 17.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version: - Criterion Games) Nmap 6.45 (HKLM-x32\...\Nmap) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.2 - ) novaPDF for SDK v7 (novaPDF 7.2 printer) (HKLM\...\novaPDF for SDK v7_is1) (Version: - Softland) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) OpenOffice.org 3.3 (HKLM-x32\...\{5F51441D-48C6-4308-9824-5D34211BB715}) (Version: 3.3.9567 - OpenOffice.org) Orbiter 2010-P1 (HKLM-x32\...\{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}) (Version: 1.1.0.0 - Martin Schweiger) Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group) PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.00.5376 - PMDG Simulations, LLC.) PMDG BAe JS4100 (HKLM-x32\...\{FB647DBE-2231-405D-AC36-C73246CBE305}) (Version: 1.10.1016 - PMDG Simulations, LLC.) PMDG_MD11_FSX (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.20.0055 - Precision Manuals Development Group) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Post Master (HKLM-x32\...\Steam App 275080) (Version: - Excalibur) PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.1 - Project Reality) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.) Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform) Remove UK2000 Edinburgh Xtreme files (HKLM-x32\...\UK2000 Edinburgh Xtreme) (Version: - ) Remove UK2000 Stansted Xtreme files (HKLM-x32\...\UK2000 Stansted Xtreme) (Version: - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden Rescue: Everyday Heroes (HKLM-x32\...\Steam App 253130) (Version: - Fragment Production Ltd) SceneryConfigEditor v1.1.0 (remove only) (HKLM-x32\...\SceneryConfigEditor) (Version: - ) Sid Meier's Railroads! (HKLM-x32\...\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}) (Version: 1.10 - Firaxis Games) Sid Meier's Railroads! (x32 Version: 1.00 - Firaxis Games) Hidden Sid Meier's Railroads! Intercontinental 1.01 (HKLM-x32\...\Sid Meier's Railroads! Intercontinental) (Version: 1.01 - SMRI Team) SilkroadR (HKLM-x32\...\SilkroadR) (Version: - ) SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - ) SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts) SimSig Southampton V2.201 (HKLM-x32\...\SimSig Southampton_is1) (Version: - SimSig) SimSig V4.0.14 (HKLM-x32\...\SimSig System_is1) (Version: - SimSig) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden Spacebase DF-9 (HKLM-x32\...\Steam App 246090) (Version: - Double Fine Productions) Spotify (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB) Star Trek Armada II (HKLM-x32\...\Star Trek Armada II) (Version: - ) Star Trek Online (HKLM-x32\...\Star Trek Online) (Version: - Cryptic Studios) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC) TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.1006.0 - TDM) TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com) The Settlers 7: Paths to a Kingdom - Gold Edition (HKLM-x32\...\Steam App 48210) (Version: - Blue Byte) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.) The SW / Vilnius International (HKLM-x32\...\The SW / Vilnius International1.0) (Version: 1.0 - The SW) Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts) Toggle Downloader DAEMON Tools (HKLM-x32\...\Toggle Downloader DAEMON Tools) (Version: - ) TOPCAT 2.72 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.72 - FlightSimSoft.com Inh. Christian Grill) Tribler (HKLM-x32\...\Tribler) (Version: 6.1.0 - The Tribler Team) Tropico 4 1.00 (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Tropico 4) (Version: 1.00 - Kalypso Media) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) UK2000 Bristol Xtreme FSX (HKLM-x32\...\UK2000 Bristol Xtreme FSX) (Version: 3.02 - UK2000 Scenery) UK2000 Cardiff Xtreme FSX (HKLM-x32\...\UK2000 Cardiff Xtreme FSX) (Version: 1.02 - UK2000 Scenery) UK2000 Gatwick Xtreme FSX (HKLM-x32\...\UK2000 Gatwick Xtreme FSX) (Version: 3.00 - UK2000 Scenery) UK2000 Heathrow Xtreme FSX (HKLM-x32\...\UK2000 Heathrow Xtreme) (Version: 2.01 - UK2000 Scenery) UK2000 Leeds Xtreme FSX (HKLM-x32\...\UK2000 Leeds Xtreme FSX) (Version: 1.02 - UK2000 Scenery) UK2000 Liverpool Xtreme FSX (HKLM-x32\...\UK2000 Liverpool Xtreme FSX) (Version: 1.00 - UK2000 Scenery) UK2000 Manchester Xtreme %simname% Uninstall (HKLM-x32\...\UK2000 Manchester Xtreme %simname%) (Version: - ) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Uplink (remove only) (HKLM-x32\...\Uplink) (Version: - ) Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.) War Thunder Launcher 1.0.1.252 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation) VAT-Spy (HKLM-x32\...\VATSpy) (Version: - ) WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation) Viber (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc) WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation) WinHTTrack Website Copier 3.46-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Virtual Norwegian - ACARS (HKLM-x32\...\{AC2FC181-75EE-4734-ACAC-6A9208721C35}) (Version: 1.0.1014 - FS Products) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Vokabel 2.31 (HKLM-x32\...\Vokabel_is1) (Version: 2.31 - PEK's Productions) Wondershare Dr.Fone for Android(Build 4.5.0.105) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.5.0.105 - Wondershare Software Co.,Ltd.) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) vPilot (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\vPilot) (Version: 1.1.5365.23193 - Ross Carlson) vroute.info - 1 (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\ea913c639d7ea423) (Version: 1.1.1.3 - vroute) vroute.info (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\171a3bd25b2ddd36) (Version: 1.0.7.5 - vroute) vStrips (HKLM-x32\...\{A17321A0-2C72-4062-B4D6-5C59D9536DA4}) (Version: 0.07.0014 - vStrips) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-03-2015 12:39:43 Windows Update 01-04-2015 16:22:50 Windows Update 02-04-2015 09:21:12 Restore Operation 02-04-2015 09:45:25 Windows Update 03-04-2015 23:45:17 before delfix 05-04-2015 13:20:28 before scans 150405 05-04-2015 13:23:38 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-03 23:04 - 2015-04-05 14:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B7BD0D2-4972-4277-BC88-97C3640CB3B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {0EB82794-96E2-4599-91A8-8D7AC71F1DA4} - System32\Tasks\{D1481BB2-B7FC-4BDC-83AE-A28D72F1C398} => pcalua.exe -a C:\Users\Johan\Downloads\vcredist_x64.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {143B8F79-5BC2-41DA-A56D-AD453E835CA2} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe Task: {2A861368-8683-4F1B-898D-11BDCBC43800} - System32\Tasks\{2018A0AF-E7C1-46B9-BB7F-28D006D23818} => pcalua.exe -a H:\setup.exe -d H:\ Task: {3E67B207-71AD-451D-9088-58238C552407} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink) Task: {3F455091-F564-4870-8139-34BE8AE77E4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard) Task: {4368505C-EB5F-4EB3-BE43-08DA0F9463F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard) Task: {47882224-044F-498B-86E0-22270A458CC8} - System32\Tasks\{ADEC32F9-7F8A-4C6B-92A2-AF352E4FF480} => pcalua.exe -a "C:\Program Files (x86)\Freight Tycoon\unins000.exe" Task: {4D4319AB-1296-4AC9-B229-9DAF0290752D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {630FF6A0-E954-4665-9C25-3B262DB4F4A5} - System32\Tasks\{B3FCC6A8-5A3E-484F-9492-35BD544CDFE9} => pcalua.exe -a C:\Users\Johan\Downloads\FlyUK_B747-400F_Cargo_PMDG_Textures_FSX_v5.0.x(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {65606FFF-274B-411F-9205-413CA689CBE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {69401979-39D9-430A-9CFB-19252FB62EE5} - System32\Tasks\{383AAB70-EC58-444D-B423-5538B4708A8C} => pcalua.exe -a "C:\Program Files (x86)\uTorrent\uTorrent.exe" -c /UNINSTALL Task: {72FBB1B0-3D4F-4495-83A0-ED35A06CC573} - System32\Tasks\{F64D5307-7869-4C2D-8D25-A2CA033DE256} => pcalua.exe -a "C:\Windows\Eiresim Shannon Ultimate FsX\uninstall.exe" -c "/U:C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator XEiresim Shannon Ultimate\Uninstall\uninstall.xml" Task: {7A1961EB-1003-4CA3-BF21-B56CADDC80EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {86C7F86E-E742-4E87-B1A6-A804F812F8F9} - System32\Tasks\{879E7302-8BE9-4C18-9333-F5451B8D480D} => pcalua.exe -a "G:\FSX saker\UK2000_Scenery_-_Heathrow_Xtreme_v1.0\FSXsetup.exe" -d "G:\FSX saker\UK2000_Scenery_-_Heathrow_Xtreme_v1.0" Task: {8BDE4E7E-B118-4FB7-B504-F3F43800B5E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {BF4A0A8C-E7A2-422D-BB17-BF5635427EBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {C90EDD6A-FBB4-45D3-9B94-FD250BD39B30} - System32\Tasks\{37B5CC48-97FF-4BA6-ACFD-64D27321F699} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UninstallATR.exe" Task: {CABEFA6D-8639-4F01-AD81-D07A91CBD8EC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {D471D1D1-2E12-47A1-91B5-EDEBD4A057DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard) Task: {D7C74A60-9654-4CC6-A5DE-CBE075F1060B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard) Task: {E6DD7092-DAAA-40C2-A5A8-9F742426791C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {F50EE779-E3C0-4C48-8B08-50D45E759FBA} - System32\Tasks\{11824E8F-E4CE-4DD8-B790-65771253402F} => pcalua.exe -a "C:\Program Files (x86)\FSFDT\uninstallFSCopilot.exe" Task: {F8CB70F1-A00F-4A44-A8A1-29C65F841251} - System32\Tasks\{5E3A2638-F1E7-4F63-9465-682C5AF20A39} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstall Aerosoft Trondheim Vaernes X v1.01.exe" Task: {FCACD95E-63B0-498E-8D47-D7AB6FFE9EAD} - System32\Tasks\HPCeeScheduleForJohan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJohan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2013-06-20 19:44 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll 2014-06-04 13:07 - 2011-02-28 23:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll 2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2014-02-15 22:49 - 2014-11-26 20:23 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2011-10-13 01:50 - 2011-04-15 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node 2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node 2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node 2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node 2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node 2012-05-07 16:18 - 2012-02-23 14:42 - 00012800 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_system-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00045056 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_date_time-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00699904 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_regex-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00046592 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_thread-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00053760 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_iostreams-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00065024 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_zlib-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00130048 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_filesystem-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:47 - 00103424 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JDSNavData.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 01093632 _____ () C:\Program Files (x86)\Jeppesen\JWC\jid.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00022016 _____ () C:\Program Files (x86)\Jeppesen\JWC\jep_os.dll 2012-05-07 16:18 - 2012-02-23 14:47 - 00084480 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JVNavData.dll 2012-05-07 16:18 - 2012-02-23 14:48 - 00231936 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JWCConnect.dll 2015-03-22 10:22 - 2015-04-02 21:53 - 40506936 _____ () C:\Users\Johan\AppData\Roaming\Spotify\libcef.dll 2015-03-22 10:22 - 2015-04-02 21:53 - 01365560 _____ () C:\Users\Johan\AppData\Roaming\Spotify\libglesv2.dll 2015-03-22 10:22 - 2015-04-02 21:53 - 00219192 _____ () C:\Users\Johan\AppData\Roaming\Spotify\libegl.dll 2015-03-22 10:22 - 2015-03-22 10:22 - 09305656 _____ () C:\Users\Johan\AppData\Roaming\Spotify\pdf.dll 2015-03-22 10:22 - 2015-04-02 21:53 - 00990776 _____ () C:\Users\Johan\AppData\Roaming\Spotify\ffmpegsumo.dll 2015-02-05 18:15 - 2015-02-05 18:15 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll 2013-03-27 22:43 - 2013-03-27 22:43 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3207ec5d29347a1f980dc373d64236c9\IsdiInterop.ni.dll 2011-10-13 01:49 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2015-04-03 21:10 - 2015-03-30 22:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll 2015-04-03 21:10 - 2015-03-30 22:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll 2015-04-03 21:10 - 2015-03-30 22:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1340057660-1320988339-1514443556-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1340057660-1320988339-1514443556-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1340057660-1320988339-1514443556-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1340057660-1320988339-1514443556-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-1340057660-1320988339-1514443556-1002 - Limited - Enabled) Johan (S-1-5-21-1340057660-1320988339-1514443556-1000 - Administrator - Enabled) => C:\Users\Johan ==================== Faulty Device Manager Devices ============= Name: MpKsl478fb4f1 Description: MpKsl478fb4f1 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl478fb4f1 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (04/07/2015 10:15:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.27.25537, time stamp: 0x546de872 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id: 0x173c Faulting application start time: 0xAvira.OE.Systray.exe0 Faulting application path: Avira.OE.Systray.exe1 Faulting module path: Avira.OE.Systray.exe2 Report Id: Avira.OE.Systray.exe3 Error: (04/07/2015 10:14:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Configuration.ConfigurationErrorsException Stack: at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ConfigurationManager.get_AppSettings() at Avira.OE.WinCore.OeProductInfo.get_Culture() at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() at Avira.OE.Systray.Program.Main(System.String[]) Error: (04/07/2015 10:13:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 08:23:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 08:23:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 08:22:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.27.25537, time stamp: 0x546de872 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id: 0x17f8 Faulting application start time: 0xAvira.OE.Systray.exe0 Faulting application path: Avira.OE.Systray.exe1 Faulting module path: Avira.OE.Systray.exe2 Report Id: Avira.OE.Systray.exe3 Error: (04/06/2015 08:22:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Configuration.ConfigurationErrorsException Stack: at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ConfigurationManager.get_AppSettings() at Avira.OE.WinCore.OeProductInfo.get_Culture() at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() at Avira.OE.Systray.Program.Main(System.String[]) Error: (04/06/2015 08:20:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 08:20:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 06:59:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.27.25537, time stamp: 0x546de872 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id: 0xf28 Faulting application start time: 0xAvira.OE.Systray.exe0 Faulting application path: Avira.OE.Systray.exe1 Faulting module path: Avira.OE.Systray.exe2 Report Id: Avira.OE.Systray.exe3 System errors: ============= Error: (04/07/2015 10:15:06 AM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (04/07/2015 10:14:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/07/2015 10:14:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect. Error: (04/06/2015 08:23:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s). Error: (04/06/2015 08:23:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/06/2015 08:23:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/06/2015 08:22:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/06/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: %%1053 Error: (04/06/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Application Virtualization Client service failed to start due to the following error: %%1053 Error: (04/06/2015 08:21:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect. Microsoft Office Sessions: ========================= Error: (04/07/2015 10:15:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Avira.OE.Systray.exe1.1.27.25537546de872KERNELBASE.dll6.1.7601.176514e211319e04343520000b9bc173c01d071133ef4a9b5C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dll970eb112-dd06-11e4-afaf-2c41385f032b Error: (04/07/2015 10:14:54 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Configuration.ConfigurationErrorsException Stack: at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ConfigurationManager.get_AppSettings() at Avira.OE.WinCore.OeProductInfo.get_Culture() at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() at Avira.OE.Systray.Program.Main(System.String[]) Error: (04/07/2015 10:13:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 08:23:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 08:23:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 08:22:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Avira.OE.Systray.exe1.1.27.25537546de872KERNELBASE.dll6.1.7601.176514e211319e04343520000b9bc17f801d0709f04dfe4abC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dll539fc795-dc92-11e4-aad0-2c41385f032b Error: (04/06/2015 08:22:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Configuration.ConfigurationErrorsException Stack: at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ConfigurationManager.get_AppSettings() at Avira.OE.WinCore.OeProductInfo.get_Culture() at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() at Avira.OE.Systray.Program.Main(System.String[]) Error: (04/06/2015 08:20:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 08:20:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 06:59:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Avira.OE.Systray.exe1.1.27.25537546de872KERNELBASE.dll6.1.7601.176514e211319e04343520000b9bcf2801d07093615ebc13C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dlla0644f3d-dc86-11e4-81c8-2c41385f032b CodeIntegrity Errors: =================================== Date: 2015-04-05 13:57:13.620 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-05 13:57:13.610 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 42% Total physical RAM: 8139.86 MB Available physical RAM: 4646.63 MB Total Pagefile: 16277.91 MB Available Pagefile: 12222.52 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:910.86 GB) (Free:461.18 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:20.36 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (GARMIN) (Removable) (Total:1.82 GB) (Free:1.74 GB) FAT32 Drive h: (1417JECP) (CDROM) (Total:4.04 GB) (Free:0 GB) CDFS Drive j: (LACIE) (Fixed) (Total:0.72 GB) (Free:0 GB) NTFS Drive k: () (Fixed) (Total:930.79 GB) (Free:74.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AD6D2636) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=910.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 3.6 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: AFA5FB0F) Partition 1: (Not Active) - (Size=737 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=930.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Done, sadly it's still there. I noticed flash player crashed several times now when restarting firefox, if it's related or not I don't know. Might just be coincidence. I know you didn't ask for them but I ran a new scan to check they were gone, logs attached. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Johan (administrator) on JOHANSLAPTOP on 07-04-2015 10:17:57 Running from C:\Users\Johan\Downloads Loaded Profiles: Johan & Administrator & Guest (Available profiles: Johan & Administrator & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe (Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Jeppesen) C:\Program Files (x86)\Jeppesen\JWC\JWC.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-03-27] (IDT, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [spotify Web Helper] => C:\Users\Johan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-02] (Spotify Ltd) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [spotify] => C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-02] (Spotify Ltd) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=HPNTDF HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1340057660-1320988339-1514443556-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF HKU\S-1-5-21-1340057660-1320988339-1514443556-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF HKU\S-1-5-21-1340057660-1320988339-1514443556-501\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF HKU\S-1-5-21-1340057660-1320988339-1514443556-501\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=HPNTDF HKU\S-1-5-21-1340057660-1320988339-1514443556-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF SearchScopes: HKLM -> {3D16B5F4-09F2-4869-B5AC-463DBD48D455} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {3D16B5F4-09F2-4869-B5AC-463DBD48D455} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-1000 -> {3D16B5F4-09F2-4869-B5AC-463DBD48D455} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-500 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-500 -> {3D16B5F4-09F2-4869-B5AC-463DBD48D455} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-500 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-500 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-501 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-501 -> {3D16B5F4-09F2-4869-B5AC-463DBD48D455} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-501 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-501 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-18] (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2013-10-10] (Perfect World Entertainment Inc) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-18] (HP) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKU\S-1-5-21-1340057660-1320988339-1514443556-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-09-03] (EasyBits Software Corp.) FireFox: ======== FF ProfilePath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\j6q9zq6u.Johan FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-05-12] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent) FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2013-10-10] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-04-06] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1340057660-1320988339-1514443556-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-10-19] () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml [2014-09-13] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml [2014-09-13] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml [2014-09-13] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml [2015-01-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml [2014-09-13] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-03-24] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-24] FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-03-24] Chrome: ======= CHR Profile: C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12] CHR Extension: (Website Logon) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2015-01-12] CHR Extension: (Google Docs) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-12] CHR Extension: (Google Drive) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-12] CHR Extension: (YouTube) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-12] CHR Extension: (Google Search) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-12] CHR Extension: (Google Sheets) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12] CHR Extension: (mppflflkbbafeopeoeigkbbdjdbeifni) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2015-04-01] CHR Extension: (Google Wallet) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12] CHR Extension: (Gmail) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-12] CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-02] (Avira Operations GmbH & Co. KG) S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-15] () R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-13] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-01-27] (Creative Technology Ltd) [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-03-27] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] () S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-07] (Electronic Arts) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] S4 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-11-26] () R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-23] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-03] (Disc Soft Ltd) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-23] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation) S3 SaiH2541; C:\Windows\System32\DRIVERS\SaiH2541.sys [171144 2007-05-01] (Saitek) S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.) S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-03] (Duplex Secure Ltd.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-04-03] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed] S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation) U3 a1zropkl; C:\Windows\System32\Drivers\a1zropkl.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 MpKsl478fb4f1; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92A06310-B1C9-44D5-BB97-4BD34629736D}\MpKsl478fb4f1.sys [X] S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-07 10:14 - 2015-04-07 10:14 - 00000000 ____H () C:\ProgramData\cm-lock 2015-04-06 14:22 - 2015-04-06 14:22 - 00000000 ____D () C:\Users\Johan\Desktop\Gammal Firefox-data 2015-04-05 19:30 - 2015-04-05 19:30 - 00001075 _____ () C:\Users\Johan\Desktop\malwarebytes scan 150405.txt 2015-04-05 14:23 - 2015-04-05 14:23 - 00030184 _____ () C:\ComboFix.txt 2015-04-05 13:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-05 13:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-05 13:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-05 13:42 - 2015-04-05 14:24 - 00000000 ____D () C:\Qoobox 2015-04-05 13:42 - 2015-04-05 14:19 - 00000000 ____D () C:\Windows\erdnt 2015-04-05 13:41 - 2015-04-05 13:41 - 05617096 ____R (Swearware) C:\Users\Johan\Desktop\ComboFix.exe 2015-04-05 13:21 - 2015-04-05 13:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Johan\Desktop\tdsskiller.exe 2015-04-04 19:08 - 2015-04-04 19:08 - 02953520 _____ (AVAST Software) C:\Users\Johan\Downloads\avast-browser-cleanup.exe 2015-04-04 13:02 - 2015-04-04 13:02 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Garmin 2015-04-04 00:09 - 2015-04-04 00:09 - 00004860 _____ () C:\Users\Johan\Desktop\JRT 150403.txt 2015-04-04 00:08 - 2015-04-04 00:08 - 00448512 _____ (OldTimer Tools) C:\Users\Johan\Downloads\TFC.exe 2015-04-04 00:08 - 2015-04-04 00:08 - 00004860 _____ () C:\Users\Johan\Desktop\JRT.txt 2015-04-04 00:03 - 2015-04-04 00:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHANSLAPTOP-Windows-7-Home-Premium-(64-bit).dat 2015-04-04 00:02 - 2015-04-04 00:02 - 00000000 ____D () C:\RegBackup 2015-04-04 00:01 - 2015-04-04 00:02 - 02690981 _____ (Thisisu) C:\Users\Johan\Downloads\JRT.exe 2015-04-03 23:59 - 2015-04-03 23:59 - 00004452 _____ () C:\Users\Johan\Desktop\AdwCleaner[s0] after cleanup 150403.txt 2015-04-03 23:55 - 2015-04-03 23:55 - 00004847 _____ () C:\Users\Johan\Desktop\AdwCleaner[R0] 150403.txt 2015-04-03 23:52 - 2015-04-03 23:56 - 00000000 ____D () C:\AdwCleaner 2015-04-03 23:51 - 2015-04-03 23:51 - 02208768 _____ () C:\Users\Johan\Downloads\adwcleaner_4.200.exe 2015-04-03 23:46 - 2015-04-03 23:46 - 00781312 _____ () C:\Users\Johan\Downloads\delfix_10.9.exe 2015-04-03 23:46 - 2015-04-03 23:46 - 00000264 _____ () C:\DelFix.txt 2015-04-03 23:46 - 2015-04-03 23:46 - 00000000 ____D () C:\Windows\ERUNT 2015-04-03 13:46 - 2015-04-03 13:46 - 02095616 _____ (Farbar) C:\Users\Johan\Downloads\FRST64(1).exe 2015-04-03 12:30 - 2015-04-03 12:30 - 00007324 _____ () C:\Users\Johan\Desktop\rougekiller 150403.txt 2015-04-03 12:18 - 2015-04-03 12:18 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-04-03 12:18 - 2015-04-03 12:18 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-04-03 12:17 - 2015-04-03 12:17 - 20436568 _____ () C:\Users\Johan\Downloads\RogueKillerX64(1).exe 2015-04-03 12:09 - 2015-04-03 12:09 - 00043097 _____ () C:\Users\Johan\Desktop\malwarebytes 150403.txt 2015-04-03 11:00 - 2015-04-03 11:00 - 20436568 _____ () C:\Users\Johan\Downloads\RogueKillerX64.exe 2015-04-03 10:59 - 2015-04-03 10:59 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-03 10:59 - 2015-04-03 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-03 10:58 - 2015-04-03 10:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-03 10:58 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-03 10:58 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-03 10:56 - 2015-04-03 10:56 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Johan\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-02 22:01 - 2015-04-06 19:03 - 00075450 _____ () C:\Users\Johan\Downloads\Addition.txt 2015-04-02 21:59 - 2015-04-07 10:19 - 00030825 _____ () C:\Users\Johan\Downloads\FRST.txt 2015-04-02 21:59 - 2015-04-07 10:18 - 00000000 ____D () C:\FRST 2015-04-02 21:58 - 2015-04-02 21:59 - 02095616 _____ (Farbar) C:\Users\Johan\Downloads\FRST64.exe 2015-04-02 21:53 - 2015-04-02 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-04-02 21:53 - 2015-04-02 21:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-04-02 21:44 - 2015-04-02 21:50 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-02 21:43 - 2015-04-02 21:43 - 00000000 ____D () C:\Users\Johan\Downloads\backups 2015-04-02 21:26 - 2015-04-02 21:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\Johan\Downloads\HijackThis.exe 2015-04-02 17:44 - 2015-04-03 12:12 - 00000000 ____D () C:\Program Files (x86)\trivia games 2015-04-02 07:53 - 2015-04-02 07:53 - 00001066 _____ () C:\Users\Johan\Desktop\malware scan 150402.txt 2015-04-02 00:29 - 2015-04-02 00:29 - 00001073 _____ () C:\Users\Johan\Desktop\malware scan 150401.txt 2015-04-01 20:56 - 2015-04-07 10:16 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-31 16:58 - 2015-03-31 16:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira 2015-03-31 16:53 - 2015-04-02 09:31 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype 2015-03-31 16:53 - 2015-04-01 10:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps 2015-03-31 16:53 - 2015-03-31 17:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2015-03-31 16:53 - 2015-03-31 16:53 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype 2015-03-28 13:07 - 2015-03-28 13:07 - 01381532 _____ () C:\Users\Johan\Downloads\ESAA_FIR_1503.rar 2015-03-28 11:45 - 2015-03-28 11:45 - 10016878 _____ () C:\Users\Johan\Downloads\scottish_controller_pack_3_1_3_1.zip 2015-03-27 06:28 - 2015-03-27 06:28 - 00001809 _____ () C:\Users\Johan\Desktop\Spotify.lnk 2015-03-24 12:17 - 2015-03-24 12:32 - 00000000 ____D () C:\Users\Johan\Documents\vStrips 2015-03-24 12:17 - 2015-03-24 12:17 - 00001865 _____ () C:\Users\Public\Desktop\vStrips.lnk 2015-03-24 12:17 - 2015-03-24 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vStrips 2015-03-24 12:17 - 2015-03-24 12:17 - 00000000 ____D () C:\Program Files (x86)\vStrips 2015-03-24 12:16 - 2015-03-24 12:17 - 61000904 _____ () C:\Users\Johan\Downloads\vStrips 0.7.14.0 Installer - Current.exe 2015-03-24 10:12 - 2015-04-02 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-23 17:10 - 2015-03-23 17:15 - 159635186 _____ () C:\Users\Johan\Downloads\GCLP FSX Setup(2).zip 2015-03-09 11:07 - 2015-03-09 11:07 - 00001470 _____ () C:\Users\Public\Desktop\BT Desktop Help.lnk 2015-03-09 11:07 - 2015-03-09 11:07 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Motive 2015-03-09 11:07 - 2015-03-09 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Desktop Help 2015-03-09 11:06 - 2015-03-09 11:13 - 00000000 ____D () C:\ProgramData\Motive 2015-03-09 11:06 - 2015-03-09 11:06 - 00000000 ____D () C:\Program Files\Common Files\Motive 2015-03-09 11:06 - 2015-03-09 11:06 - 00000000 ____D () C:\Program Files\BT Broadband Desktop Help 2015-03-09 11:06 - 2015-03-09 11:06 - 00000000 ____D () C:\Program Files (x86)\BT Broadband Desktop Help 2015-03-09 11:05 - 2015-03-09 11:05 - 00361888 _____ (Motive, Inc.) C:\Users\Johan\Downloads\FlDesktopHelpInstall.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-07 10:20 - 2012-04-05 20:23 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Spotify 2015-04-07 10:18 - 2011-10-13 01:46 - 01792597 _____ () C:\Windows\WindowsUpdate.log 2015-04-07 10:15 - 2012-04-07 09:12 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps 2015-04-07 10:15 - 2012-04-06 11:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-07 10:15 - 2012-04-05 22:16 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype 2015-04-07 10:14 - 2012-09-11 15:51 - 00000000 ____D () C:\Users\Johan\AppData\Local\LogMeIn Hamachi 2015-04-07 10:14 - 2012-07-16 18:35 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-07 10:14 - 2012-04-05 20:23 - 00000000 ____D () C:\Users\Johan\AppData\Local\Spotify 2015-04-07 10:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-07 10:13 - 2009-07-14 05:51 - 00221301 _____ () C:\Windows\setupact.log 2015-04-06 21:08 - 2012-07-16 18:35 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-06 20:29 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-06 20:29 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-06 14:21 - 2012-04-05 20:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B5C0207-93E5-4127-9CF8-100C3AE6649B} 2015-04-05 14:24 - 2012-04-08 15:56 - 00000000 ____D () C:\Users\Johan\AppData\Local\Apps\2.0 2015-04-05 14:24 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-04-05 14:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-05 14:01 - 2010-11-21 04:47 - 00798278 _____ () C:\Windows\PFRO.log 2015-04-04 21:08 - 2012-04-06 14:47 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc 2015-04-04 12:56 - 2009-07-14 06:13 - 00786084 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-03 23:57 - 2015-02-23 21:07 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForJohan.job 2015-04-03 21:10 - 2015-01-12 16:56 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-03 20:30 - 2015-02-23 21:07 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohan 2015-04-03 20:30 - 2012-04-06 08:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-04-02 09:32 - 2012-04-05 20:03 - 00000000 ____D () C:\Users\Johan 2015-04-02 09:31 - 2014-10-26 21:29 - 00000000 ____D () C:\Users\Guest\AppData\Local\LogMeIn Hamachi 2015-04-02 09:31 - 2014-10-26 21:28 - 00000000 ____D () C:\Users\Guest 2015-04-02 09:31 - 2012-09-03 11:42 - 00000000 ____D () C:\Users\Administrator 2015-04-02 09:31 - 2012-07-03 21:43 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Malwarebytes 2015-04-02 09:31 - 2012-07-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2015-04-02 09:31 - 2012-07-03 21:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-02 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-04-02 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-02 09:30 - 2014-07-07 21:27 - 00000000 ____D () C:\Program Files (x86)\Potatoshare Android Data Recovery 2015-03-30 15:25 - 2014-07-21 20:25 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-03-29 00:47 - 2013-06-20 19:45 - 00000000 ____D () C:\Users\Johan\AppData\Local\CutePDF Writer 2015-03-28 14:26 - 2012-04-05 20:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client 2015-03-28 13:10 - 2012-04-06 11:56 - 00000000 ____D () C:\Users\Johan\Documents\EuroScope 2015-03-27 06:28 - 2012-04-05 20:23 - 00001795 _____ () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-03-26 05:31 - 2012-05-03 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-24 12:17 - 2012-12-24 20:48 - 00000000 ____D () C:\Users\Johan\AppData\Local\Downloaded Installations 2015-03-23 17:13 - 2012-04-08 15:56 - 00000000 ____D () C:\Users\Johan\AppData\Local\Deployment 2015-03-23 14:38 - 2013-06-11 12:45 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Avira 2015-03-23 14:37 - 2013-06-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-23 14:37 - 2013-06-11 12:38 - 00000000 ____D () C:\ProgramData\Avira 2015-03-17 06:15 - 2012-07-03 21:43 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-12 08:54 - 2013-10-29 23:12 - 00000332 _____ () C:\Users\Johan\Desktop\packlista.txt 2015-03-10 10:33 - 2013-06-11 12:39 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-10 10:33 - 2013-06-11 12:39 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-10 10:33 - 2013-06-11 12:39 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-08 02:14 - 2012-06-24 16:43 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\SoftGrid Client ==================== Files in the root of some directories ======= 2012-05-01 20:57 - 2014-07-07 22:20 - 0000000 _____ () C:\Users\Johan\AppData\Roaming\bitlord_log.txt 2013-06-10 22:57 - 2013-06-10 22:57 - 0000218 _____ () C:\Users\Johan\AppData\Local\recently-used.xbel 2015-04-07 10:14 - 2015-04-07 10:14 - 0000000 ____H () C:\ProgramData\cm-lock Some content of TEMP: ==================== C:\Users\Johan\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-05 14:55 ==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Johan at 2015-04-06 19:02:35 Running from C:\Users\Johan\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Disabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Disabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) aerosoft's - German Airports 1 - Stuttgart X (HKLM-x32\...\{E4298CF5-9C36-4519-9089-FF7A43EA5C5D}) (Version: 1.00 - aerosoft) aerosoft's - Mallorca X for FSX (HKLM-x32\...\{07CC448E-4FFC-444F-999D-10F11AE559FB}) (Version: 1.00 - aerosoft) aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.01 - aerosoft) aerosoft's - Mega Airport Madrid Barajas (HKLM-x32\...\{8233F99B-C4C2-44E9-8486-374E9B300BF2}) (Version: 1.02 - aerosoft) aerosoft's - Mega Airport Paris CDG X (HKLM-x32\...\{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}) (Version: 1.00 - aerosoft) aerosoft's - Mega Airport Stockholm Arlanda X (HKLM-x32\...\{3B6F6E35-900C-4FE3-B2F6-067443353CD1}) (Version: 1.00 - aerosoft) aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Aircraft Situation Editor (HKLM-x32\...\Aircraft Situation Editor) (Version: 1.3 - Craig Phillips) Airport Design Editor 9x Version 1.50.18.197 (HKLM-x32\...\ADE9xSetup_is1) (Version: 1.50.18.197 - Jon Masterson & The ScruffyDuck Company) AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.03.0000 - Ubisoft) Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment) AuthenTec TrueAPI (Version: 1.2.1.33 - AuthenTec, Inc.) Hidden Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG) BankID säkerhetsprogram (HKLM-x32\...\{4B2557F9-8C03-4BE7-9984-4DE525076580}) (Version: 6.0.1.5 - Finansiell ID-Teknik BID AB) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 2 (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - ) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) Battlestations: Pacific (HKLM-x32\...\{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}) (Version: 1.00.0000 - Eidos plc) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.1-213 - House of Life) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - ) Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Car Mechanic Simulator 2014 (HKLM-x32\...\Steam App 270850) (Version: - PlayWay S.A.) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Civilization.V.GOTY.incl.Gods.and.Kings (HKLM-x32\...\Civilization.V.GOTY.incl.Gods.and.Kings_is1) (Version: - ) CLOUD9 Bergen FSX 1.01 (HKLM-x32\...\{A28B5F9A-3AD0-4CB5-AB72-ADF062FD956E}) (Version: 1.01 - ) CodeBlocks (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\CodeBlocks) (Version: 10.05 - The Code::Blocks Team) Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Death to Spies (HKLM-x32\...\Steam App 9800) (Version: - Haggard Games) DelinvFile - 4.04 (HKLM-x32\...\DelinvFile_is1) (Version: 4.04 - Assistance and Resources for Computing, Inc.) Deluge 1.3.5 (HKLM-x32\...\Deluge) (Version: - ) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden Direct Show Ogg Vorbis Filter (remove only) (HKLM-x32\...\OggDS) (Version: - ) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden DXGL Wrapper (HKLM-x32\...\GLWRAPPER) (Version: - ) EGSH Norwich Airport (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\EGSH Norwich Airport) (Version: - ) Eiresim Shannon Ultimate FsX (HKLM-x32\...\Eiresim Shannon Ultimate FsXV1.0) (Version: V1.0 - Eiresim) EireSim-Alicante FSX (HKLM-x32\...\{72FF9BBB-80A1-4A3C-8ABD-A6149BD884A0}) (Version: 1.00.0000 - Setup EireSim-Alicante FSX for place2use) EKCH Copenhagen Airport, Kastrup X (HKLM-x32\...\{9D5BFBF1-EB38-4AE1-A833-4F564B999CE3}) (Version: 2.0 - Scansim) Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation) Essex Controller Pack 4.3b (HKLM-x32\...\Essex Controller Pack 4.3b) (Version: - ) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.8.2.5 - SCS Software) EuroScope 3.1d (HKLM-x32\...\{93878DDD-E621-4AFF-8203-2658451A3636}) (Version: 3.1.4 - Gergely Csernak) EuroScope v3.2 (HKLM-x32\...\{643D8CF6-F80A-4686-90A2-ECC4B0D63089}) (Version: 3.2 - Gergely Csernak) Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.) Evil Genius (HKLM-x32\...\Steam App 3720) (Version: - Elixir Studios) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden Farming Simulator 2013 (HKLM-x32\...\FarmingSimulator2013INT_is1) (Version: 1.0 - GIANTS Software) FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Find and Mount 2.32 (HKLM\...\Find and Mount_is1) (Version: 2.32 - A-FF Data Recovery) Fleet Operations version 3.2.7 (HKLM-x32\...\{F00C56DC-3121-42BC-A4CB-9233D2265EB5}_is1) (Version: 3.2.7 - ) Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - ) Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - ) Fly UK SkyTrack (HKLM-x32\...\Fly UK SkyTrack) (Version: 1.3.2 RC1 - Fly UK) Freight Tycoon (HKLM-x32\...\Freight Tycoon_is1) (Version: - GamersGate) FSDreamTeam JFK FSX 1.2.1 (HKLM-x32\...\FSDreamTeam JFK FSX_is1) (Version: - ) FSDreamTeam ZurichX 1.3.2 (HKLM-x32\...\FSDreamTeam ZurichX_is1) (Version: - ) FSFDT FSCopilot (HKLM-x32\...\FSFDT FSCopilot) (Version: - ) FSFDT FSInn (HKLM-x32\...\FSFDT FSInn) (Version: - ) FSrealWX lite version 1.07.1522 (HKLM-x32\...\FSrealWX lite_is1) (Version: 1.06.1475 - Hanse-Coders.) GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.33.000 - Runtime Software) GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GSAK 8.1.0.10 (Final) (HKLM-x32\...\GSAK_is1) (Version: - CWE computer services) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 2.02 - Creative Technology Limited) HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{5E63C0AB-19B0-47D4-842E-6B324EB0614B}) (Version: 4.1.23.1 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard) HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - ) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company) HP SimplePass 2011 (HKLM-x32\...\{BCFAA37D-A6DB-43BF-A351-43F183E52D07}) (Version: 5.1.0.495 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{CDEC32AA-9C84-40C8-B0CD-45F5681FFF10}) (Version: 4.5.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version: - ) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation) Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation) IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java SE Development Kit 8 Update 5 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) Jeppesen Program and Data Installation (HKLM-x32\...\{4173F0BF-2363-4DC3-92A9-446B69DBB134}) (Version: 1.0.0.0 - Jeppesen) Jeppesen Weather Service (HKLM-x32\...\{3E1D1CE6-FF37-4A5D-9714-D6F48CFD589D}) (Version: 2.4.1.1 - Jeppesen) JPEG Recovery Pro 5.0 (HKLM-x32\...\JPEG Recovery Pro5.0) (Version: 5.0 - e.World Technology Limited) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.9.5 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - ) LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden London Control (HKLM-x32\...\{B0567B61-FDBC-4978-AE39-7010072526D8}) (Version: 1.4.3.4 - DM Aviation Limited) Lunar Flight (HKLM-x32\...\Steam App 208600) (Version: - Shovsoft) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation) Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation) Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft Speech Platform SDK (x86) v10.2 (HKLM-x32\...\{A946A6CC-E9F2-44A8-9A8D-095C756AF4EB}) (Version: 10.2.7300.97 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation) Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation) Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation) Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation) MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.) Mozilla Firefox 36.0.4 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 sv-SE)) (Version: 36.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 17.0.2 (x86 sv-SE) (HKLM-x32\...\Mozilla Thunderbird 17.0.2 (x86 sv-SE)) (Version: 17.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels) Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version: - Criterion Games) Nmap 6.45 (HKLM-x32\...\Nmap) (Version: - ) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.2 - ) novaPDF for SDK v7 (novaPDF 7.2 printer) (HKLM\...\novaPDF for SDK v7_is1) (Version: - Softland) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) OpenOffice.org 3.3 (HKLM-x32\...\{5F51441D-48C6-4308-9824-5D34211BB715}) (Version: 3.3.9567 - OpenOffice.org) Orbiter 2010-P1 (HKLM-x32\...\{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}) (Version: 1.1.0.0 - Martin Schweiger) Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group) PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.00.5376 - PMDG Simulations, LLC.) PMDG BAe JS4100 (HKLM-x32\...\{FB647DBE-2231-405D-AC36-C73246CBE305}) (Version: 1.10.1016 - PMDG Simulations, LLC.) PMDG_MD11_FSX (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.20.0055 - Precision Manuals Development Group) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Post Master (HKLM-x32\...\Steam App 275080) (Version: - Excalibur) PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Project Reality: BF2 (HKLM\...\Project Reality: BF2 (pr)_is1) (Version: v1.1 - Project Reality) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.) Recover My Files (HKLM-x32\...\Recover My Files v5_is1) (Version: 5.2.1.1964 - GetData Pty Ltd) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform) Remove UK2000 Edinburgh Xtreme files (HKLM-x32\...\UK2000 Edinburgh Xtreme) (Version: - ) Remove UK2000 Stansted Xtreme files (HKLM-x32\...\UK2000 Stansted Xtreme) (Version: - ) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden Rescue: Everyday Heroes (HKLM-x32\...\Steam App 253130) (Version: - Fragment Production Ltd) SceneryConfigEditor v1.1.0 (remove only) (HKLM-x32\...\SceneryConfigEditor) (Version: - ) Sid Meier's Railroads! (HKLM-x32\...\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}) (Version: 1.10 - Firaxis Games) Sid Meier's Railroads! (x32 Version: 1.00 - Firaxis Games) Hidden Sid Meier's Railroads! Intercontinental 1.01 (HKLM-x32\...\Sid Meier's Railroads! Intercontinental) (Version: 1.01 - SMRI Team) SilkroadR (HKLM-x32\...\SilkroadR) (Version: - ) SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - ) SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts) SimSig Southampton V2.201 (HKLM-x32\...\SimSig Southampton_is1) (Version: - SimSig) SimSig V4.0.14 (HKLM-x32\...\SimSig System_is1) (Version: - SimSig) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden Spacebase DF-9 (HKLM-x32\...\Steam App 246090) (Version: - Double Fine Productions) Spotify (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB) Star Trek Armada II (HKLM-x32\...\Star Trek Armada II) (Version: - ) Star Trek Online (HKLM-x32\...\Star Trek Online) (Version: - Cryptic Studios) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC) TDM-GCC (HKLM-x32\...\TDM-GCC) (Version: 1.1006.0 - TDM) TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com) The Settlers 7: Paths to a Kingdom - Gold Edition (HKLM-x32\...\Steam App 48210) (Version: - Blue Byte) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.) The SW / Vilnius International (HKLM-x32\...\The SW / Vilnius International1.0) (Version: 1.0 - The SW) Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts) Toggle Downloader DAEMON Tools (HKLM-x32\...\Toggle Downloader DAEMON Tools) (Version: - ) TOPCAT 2.72 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.72 - FlightSimSoft.com Inh. Christian Grill) Tribler (HKLM-x32\...\Tribler) (Version: 6.1.0 - The Tribler Team) Tropico 4 1.00 (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Tropico 4) (Version: 1.00 - Kalypso Media) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) UK2000 Bristol Xtreme FSX (HKLM-x32\...\UK2000 Bristol Xtreme FSX) (Version: 3.02 - UK2000 Scenery) UK2000 Cardiff Xtreme FSX (HKLM-x32\...\UK2000 Cardiff Xtreme FSX) (Version: 1.02 - UK2000 Scenery) UK2000 Gatwick Xtreme FSX (HKLM-x32\...\UK2000 Gatwick Xtreme FSX) (Version: 3.00 - UK2000 Scenery) UK2000 Heathrow Xtreme FSX (HKLM-x32\...\UK2000 Heathrow Xtreme) (Version: 2.01 - UK2000 Scenery) UK2000 Leeds Xtreme FSX (HKLM-x32\...\UK2000 Leeds Xtreme FSX) (Version: 1.02 - UK2000 Scenery) UK2000 Liverpool Xtreme FSX (HKLM-x32\...\UK2000 Liverpool Xtreme FSX) (Version: 1.00 - UK2000 Scenery) UK2000 Manchester Xtreme %simname% Uninstall (HKLM-x32\...\UK2000 Manchester Xtreme %simname%) (Version: - ) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Uplink (remove only) (HKLM-x32\...\Uplink) (Version: - ) Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.) War Thunder Launcher 1.0.1.252 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2013 Gaijin Entertainment Corporation) VAT-Spy (HKLM-x32\...\VATSpy) (Version: - ) WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation) Viber (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc) WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation) WinHTTrack Website Copier 3.46-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Virtual Norwegian - ACARS (HKLM-x32\...\{AC2FC181-75EE-4734-ACAC-6A9208721C35}) (Version: 1.0.1014 - FS Products) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Vokabel 2.31 (HKLM-x32\...\Vokabel_is1) (Version: 2.31 - PEK's Productions) Wondershare Dr.Fone for Android(Build 4.5.0.105) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 4.5.0.105 - Wondershare Software Co.,Ltd.) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) vPilot (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\vPilot) (Version: 1.1.5365.23193 - Ross Carlson) vroute.info - 1 (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\ea913c639d7ea423) (Version: 1.1.1.3 - vroute) vroute.info (HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\171a3bd25b2ddd36) (Version: 1.0.7.5 - vroute) vStrips (HKLM-x32\...\{A17321A0-2C72-4062-B4D6-5C59D9536DA4}) (Version: 0.07.0014 - vStrips) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-03-2015 12:39:43 Windows Update 01-04-2015 16:22:50 Windows Update 02-04-2015 09:21:12 Restore Operation 02-04-2015 09:45:25 Windows Update 03-04-2015 23:45:17 before delfix 05-04-2015 13:20:28 before scans 150405 05-04-2015 13:23:38 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-03 23:04 - 2015-04-05 14:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0B7BD0D2-4972-4277-BC88-97C3640CB3B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {0EB82794-96E2-4599-91A8-8D7AC71F1DA4} - System32\Tasks\{D1481BB2-B7FC-4BDC-83AE-A28D72F1C398} => pcalua.exe -a C:\Users\Johan\Downloads\vcredist_x64.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {143B8F79-5BC2-41DA-A56D-AD453E835CA2} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe Task: {2A861368-8683-4F1B-898D-11BDCBC43800} - System32\Tasks\{2018A0AF-E7C1-46B9-BB7F-28D006D23818} => pcalua.exe -a H:\setup.exe -d H:\ Task: {3E67B207-71AD-451D-9088-58238C552407} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink) Task: {3F455091-F564-4870-8139-34BE8AE77E4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard) Task: {4368505C-EB5F-4EB3-BE43-08DA0F9463F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard) Task: {47882224-044F-498B-86E0-22270A458CC8} - System32\Tasks\{ADEC32F9-7F8A-4C6B-92A2-AF352E4FF480} => pcalua.exe -a "C:\Program Files (x86)\Freight Tycoon\unins000.exe" Task: {4D4319AB-1296-4AC9-B229-9DAF0290752D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {630FF6A0-E954-4665-9C25-3B262DB4F4A5} - System32\Tasks\{B3FCC6A8-5A3E-484F-9492-35BD544CDFE9} => pcalua.exe -a C:\Users\Johan\Downloads\FlyUK_B747-400F_Cargo_PMDG_Textures_FSX_v5.0.x(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {65606FFF-274B-411F-9205-413CA689CBE6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {69401979-39D9-430A-9CFB-19252FB62EE5} - System32\Tasks\{383AAB70-EC58-444D-B423-5538B4708A8C} => pcalua.exe -a "C:\Program Files (x86)\uTorrent\uTorrent.exe" -c /UNINSTALL Task: {72FBB1B0-3D4F-4495-83A0-ED35A06CC573} - System32\Tasks\{F64D5307-7869-4C2D-8D25-A2CA033DE256} => pcalua.exe -a "C:\Windows\Eiresim Shannon Ultimate FsX\uninstall.exe" -c "/U:C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator XEiresim Shannon Ultimate\Uninstall\uninstall.xml" Task: {7A1961EB-1003-4CA3-BF21-B56CADDC80EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {86C7F86E-E742-4E87-B1A6-A804F812F8F9} - System32\Tasks\{879E7302-8BE9-4C18-9333-F5451B8D480D} => pcalua.exe -a "G:\FSX saker\UK2000_Scenery_-_Heathrow_Xtreme_v1.0\FSXsetup.exe" -d "G:\FSX saker\UK2000_Scenery_-_Heathrow_Xtreme_v1.0" Task: {8BDE4E7E-B118-4FB7-B504-F3F43800B5E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {BF4A0A8C-E7A2-422D-BB17-BF5635427EBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {C90EDD6A-FBB4-45D3-9B94-FD250BD39B30} - System32\Tasks\{37B5CC48-97FF-4BA6-ACFD-64D27321F699} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UninstallATR.exe" Task: {CABEFA6D-8639-4F01-AD81-D07A91CBD8EC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {D471D1D1-2E12-47A1-91B5-EDEBD4A057DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard) Task: {D7C74A60-9654-4CC6-A5DE-CBE075F1060B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard) Task: {E6DD7092-DAAA-40C2-A5A8-9F742426791C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {F50EE779-E3C0-4C48-8B08-50D45E759FBA} - System32\Tasks\{11824E8F-E4CE-4DD8-B790-65771253402F} => pcalua.exe -a "C:\Program Files (x86)\FSFDT\uninstallFSCopilot.exe" Task: {F8CB70F1-A00F-4A44-A8A1-29C65F841251} - System32\Tasks\{5E3A2638-F1E7-4F63-9465-682C5AF20A39} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstall Aerosoft Trondheim Vaernes X v1.01.exe" Task: {FCACD95E-63B0-498E-8D47-D7AB6FFE9EAD} - System32\Tasks\HPCeeScheduleForJohan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJohan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2013-06-20 19:44 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll 2014-06-04 13:07 - 2011-02-28 23:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll 2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2014-02-15 22:49 - 2014-11-26 20:23 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-04-05 22:03 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2011-07-18 22:04 - 2011-07-18 22:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll 2011-10-13 01:50 - 2011-04-15 04:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node 2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node 2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node 2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node 2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node 2012-05-07 16:18 - 2012-02-23 14:42 - 00012800 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_system-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00045056 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_date_time-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00699904 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_regex-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00046592 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_thread-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00053760 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_iostreams-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00065024 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_zlib-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00130048 _____ () C:\Program Files (x86)\Jeppesen\JWC\boost_filesystem-vc90-mt-1_46_1.dll 2012-05-07 16:18 - 2012-02-23 14:47 - 00103424 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JDSNavData.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 01093632 _____ () C:\Program Files (x86)\Jeppesen\JWC\jid.dll 2012-05-07 16:18 - 2012-02-23 14:42 - 00022016 _____ () C:\Program Files (x86)\Jeppesen\JWC\jep_os.dll 2012-05-07 16:18 - 2012-02-23 14:47 - 00084480 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JVNavData.dll 2012-05-07 16:18 - 2012-02-23 14:48 - 00231936 _____ () C:\Program Files (x86)\Jeppesen\JWC\plugins\JWCConnect.dll 2013-03-27 22:43 - 2013-03-27 22:43 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3207ec5d29347a1f980dc373d64236c9\IsdiInterop.ni.dll 2011-10-13 01:49 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2015-03-22 10:22 - 2015-04-02 21:53 - 40506936 _____ () C:\Users\Johan\AppData\Roaming\Spotify\libcef.dll 2015-03-22 10:22 - 2015-04-02 21:53 - 01365560 _____ () C:\Users\Johan\AppData\Roaming\Spotify\libglesv2.dll 2015-03-22 10:22 - 2015-04-02 21:53 - 00219192 _____ () C:\Users\Johan\AppData\Roaming\Spotify\libegl.dll 2015-03-22 10:22 - 2015-03-22 10:22 - 09305656 _____ () C:\Users\Johan\AppData\Roaming\Spotify\pdf.dll 2015-03-22 10:22 - 2015-04-02 21:53 - 00990776 _____ () C:\Users\Johan\AppData\Roaming\Spotify\ffmpegsumo.dll 2015-02-05 18:15 - 2015-02-05 18:15 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-1340057660-1320988339-1514443556-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1340057660-1320988339-1514443556-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-1340057660-1320988339-1514443556-1002 - Limited - Enabled) Johan (S-1-5-21-1340057660-1320988339-1514443556-1000 - Administrator - Enabled) => C:\Users\Johan ==================== Faulty Device Manager Devices ============= Name: MpKsl478fb4f1 Description: MpKsl478fb4f1 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl478fb4f1 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (04/06/2015 06:59:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.27.25537, time stamp: 0x546de872 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id: 0xf28 Faulting application start time: 0xAvira.OE.Systray.exe0 Faulting application path: Avira.OE.Systray.exe1 Faulting module path: Avira.OE.Systray.exe2 Report Id: Avira.OE.Systray.exe3 Error: (04/06/2015 06:59:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Configuration.ConfigurationErrorsException Stack: at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ConfigurationManager.get_AppSettings() at Avira.OE.WinCore.OeProductInfo.get_Culture() at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() at Avira.OE.Systray.Program.Main(System.String[]) Error: (04/06/2015 06:50:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 06:49:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 06:48:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 06:47:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 02:19:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 02:19:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 02:19:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Avira.OE.Systray.exe, version: 1.1.27.25537, time stamp: 0x546de872 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe0434352 Fault offset: 0x0000b9bc Faulting process id: 0x132c Faulting application start time: 0xAvira.OE.Systray.exe0 Faulting application path: Avira.OE.Systray.exe1 Faulting module path: Avira.OE.Systray.exe2 Report Id: Avira.OE.Systray.exe3 Error: (04/06/2015 02:19:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Configuration.ConfigurationErrorsException Stack: at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ConfigurationManager.get_AppSettings() at Avira.OE.WinCore.OeProductInfo.get_Culture() at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() at Avira.OE.Systray.Program.Main(System.String[]) System errors: ============= Error: (04/06/2015 06:50:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/06/2015 06:50:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s). Error: (04/06/2015 06:49:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/06/2015 06:49:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/06/2015 06:48:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: %%1053 Error: (04/06/2015 06:48:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect. Error: (04/06/2015 02:19:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 3 time(s). Error: (04/06/2015 02:19:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Avira Service Host service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/06/2015 02:19:36 PM) (Source: iaStor) (EventID: 9) (User: ) Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (04/06/2015 02:19:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions: ========================= Error: (04/06/2015 06:59:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Avira.OE.Systray.exe1.1.27.25537546de872KERNELBASE.dll6.1.7601.176514e211319e04343520000b9bcf2801d07093615ebc13C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dlla0644f3d-dc86-11e4-81c8-2c41385f032b Error: (04/06/2015 06:59:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Configuration.ConfigurationErrorsException Stack: at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ConfigurationManager.get_AppSettings() at Avira.OE.WinCore.OeProductInfo.get_Culture() at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() at Avira.OE.Systray.Program.Main(System.String[]) Error: (04/06/2015 06:50:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 06:49:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 06:48:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 06:47:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/06/2015 02:19:52 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 02:19:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.ServiceHost.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.TypeInitializationException Stack: at NLog.Common.InternalLogger.Debug(System.String, System.Object[]) at NLog.LogFactory.get_Configuration() at NLog.LogFactory.GetLogger(LoggerCacheKey) at NLog.LogFactory.GetLogger(System.String) at NLog.LogManager.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) at Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() at Avira.OE.WinCore.Lazy`1[[system.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() at Avira.OE.ServiceHost.ServiceHost.SetDefaultCulture() at Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (04/06/2015 02:19:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Avira.OE.Systray.exe1.1.27.25537546de872KERNELBASE.dll6.1.7601.176514e211319e04343520000b9bc132c01d0706c43081c9bC:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exeC:\Windows\syswow64\KERNELBASE.dll904a80ef-dc5f-11e4-a771-2c41385f032b Error: (04/06/2015 02:19:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: Avira.OE.Systray.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Configuration.ConfigurationErrorsException Stack: at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ConfigurationManager.get_AppSettings() at Avira.OE.WinCore.OeProductInfo.get_Culture() at Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings() at Avira.OE.Systray.Program.Main(System.String[]) CodeIntegrity Errors: =================================== Date: 2015-04-05 13:57:13.620 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-04-05 13:57:13.610 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 39% Total physical RAM: 8139.86 MB Available physical RAM: 4899.08 MB Total Pagefile: 16277.91 MB Available Pagefile: 12542.77 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:910.86 GB) (Free:461.35 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:20.36 GB) (Free:2.13 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (GARMIN) (Removable) (Total:1.82 GB) (Free:1.74 GB) FAT32 Drive h: (1417JECP) (CDROM) (Total:4.04 GB) (Free:0 GB) CDFS Drive j: (LACIE) (Fixed) (Total:0.72 GB) (Free:0 GB) NTFS Drive k: () (Fixed) (Total:930.79 GB) (Free:74.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AD6D2636) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=910.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20.4 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 3.6 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: AFA5FB0F) Partition 1: (Not Active) - (Size=737 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=930.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================

There you go! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Johan (administrator) on JOHANSLAPTOP on 06-04-2015 19:01:43 Running from C:\Users\Johan\Downloads Loaded Profiles: Johan (Available profiles: Johan & Administrator & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe (Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Jeppesen) C:\Program Files (x86)\Jeppesen\JWC\JWC.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\SpotifyCrashService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-03-27] (IDT, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [spotify Web Helper] => C:\Users\Johan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-02] (Spotify Ltd) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Run: [spotify] => C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe [7112248 2015-04-02] (Spotify Ltd) HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=HPNTDF HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1340057660-1320988339-1514443556-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {3D16B5F4-09F2-4869-B5AC-463DBD48D455} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {3D16B5F4-09F2-4869-B5AC-463DBD48D455} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1340057660-1320988339-1514443556-1000 -> {3D16B5F4-09F2-4869-B5AC-463DBD48D455} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-02-18] (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2013-10-10] (Perfect World Entertainment Inc) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-02-18] (HP) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKU\S-1-5-21-1340057660-1320988339-1514443556-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-09-03] (EasyBits Software Corp.) FireFox: ======== FF ProfilePath: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\j6q9zq6u.Johan FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.) FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [2014-05-12] (Finansiell ID-Teknik BID AB) FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent) FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2013-10-10] (Perfect World Entertainment Inc) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-04-06] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1340057660-1320988339-1514443556-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-10-19] () FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml [2014-09-13] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml [2014-09-13] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml [2014-09-13] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml [2015-01-17] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml [2014-09-13] FF Extension: disco savings - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\j6q9zq6u.Johan\Extensions\5bofV@gmail.com [2015-04-01] FF Extension: delicioustechragacom - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\j6q9zq6u.Johan\Extensions\delicious@techraga.com [2015-04-01] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-03-24] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-24] FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-03-24] Chrome: ======= CHR Profile: C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-12] CHR Extension: (Website Logon) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2015-01-12] CHR Extension: (Google Docs) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-12] CHR Extension: (Google Drive) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-12] CHR Extension: (YouTube) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-12] CHR Extension: (Google Search) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-12] CHR Extension: (Google Sheets) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12] CHR Extension: (mppflflkbbafeopeoeigkbbdjdbeifni) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2015-04-01] CHR Extension: (Google Wallet) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12] CHR Extension: (Gmail) - C:\Users\Johan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-12] CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-02] (Avira Operations GmbH & Co. KG) S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-10-10] (Perfect World Entertainment Inc) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-15] () R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed] S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-13] (Creative Labs) [File not signed] R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-01-27] (Creative Technology Ltd) [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-03-27] (Realsil Microelectronics Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 JWC; C:\Program Files (x86)\Jeppesen\JWC\JWC.exe [510512 2012-02-23] (Jeppesen) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-26] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] () S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-07] (Electronic Arts) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] S4 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-11-26] () R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-02-23] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-03] (Disc Soft Ltd) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-02-23] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation) S3 SaiH2541; C:\Windows\System32\DRIVERS\SaiH2541.sys [171144 2007-05-01] (Saitek) S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.) S3 SliceDisk5; C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [31824 2011-02-25] (Atola) [File not signed] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-09-03] (Duplex Secure Ltd.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-04-03] () S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed] S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation) U3 aawme8p6; C:\Windows\System32\Drivers\aawme8p6.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S1 MpKsl478fb4f1; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92A06310-B1C9-44D5-BB97-4BD34629736D}\MpKsl478fb4f1.sys [X] S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-06 18:48 - 2015-04-06 18:48 - 00000000 ____H () C:\ProgramData\cm-lock 2015-04-06 14:22 - 2015-04-06 14:22 - 00000000 ____D () C:\Users\Johan\Desktop\Gammal Firefox-data 2015-04-05 19:30 - 2015-04-05 19:30 - 00001075 _____ () C:\Users\Johan\Desktop\malwarebytes scan 150405.txt 2015-04-05 14:23 - 2015-04-05 14:23 - 00030184 _____ () C:\ComboFix.txt 2015-04-05 13:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-05 13:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-05 13:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-05 13:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-05 13:42 - 2015-04-05 14:24 - 00000000 ____D () C:\Qoobox 2015-04-05 13:42 - 2015-04-05 14:19 - 00000000 ____D () C:\Windows\erdnt 2015-04-05 13:41 - 2015-04-05 13:41 - 05617096 ____R (Swearware) C:\Users\Johan\Desktop\ComboFix.exe 2015-04-05 13:21 - 2015-04-05 13:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Johan\Desktop\tdsskiller.exe 2015-04-04 19:08 - 2015-04-04 19:08 - 02953520 _____ (AVAST Software) C:\Users\Johan\Downloads\avast-browser-cleanup.exe 2015-04-04 13:02 - 2015-04-04 13:02 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Garmin 2015-04-04 00:09 - 2015-04-04 00:09 - 00004860 _____ () C:\Users\Johan\Desktop\JRT 150403.txt 2015-04-04 00:08 - 2015-04-04 00:08 - 00448512 _____ (OldTimer Tools) C:\Users\Johan\Downloads\TFC.exe 2015-04-04 00:08 - 2015-04-04 00:08 - 00004860 _____ () C:\Users\Johan\Desktop\JRT.txt 2015-04-04 00:03 - 2015-04-04 00:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHANSLAPTOP-Windows-7-Home-Premium-(64-bit).dat 2015-04-04 00:02 - 2015-04-04 00:02 - 00000000 ____D () C:\RegBackup 2015-04-04 00:01 - 2015-04-04 00:02 - 02690981 _____ (Thisisu) C:\Users\Johan\Downloads\JRT.exe 2015-04-03 23:59 - 2015-04-03 23:59 - 00004452 _____ () C:\Users\Johan\Desktop\AdwCleaner[s0] after cleanup 150403.txt 2015-04-03 23:55 - 2015-04-03 23:55 - 00004847 _____ () C:\Users\Johan\Desktop\AdwCleaner[R0] 150403.txt 2015-04-03 23:52 - 2015-04-03 23:56 - 00000000 ____D () C:\AdwCleaner 2015-04-03 23:51 - 2015-04-03 23:51 - 02208768 _____ () C:\Users\Johan\Downloads\adwcleaner_4.200.exe 2015-04-03 23:46 - 2015-04-03 23:46 - 00781312 _____ () C:\Users\Johan\Downloads\delfix_10.9.exe 2015-04-03 23:46 - 2015-04-03 23:46 - 00000264 _____ () C:\DelFix.txt 2015-04-03 23:46 - 2015-04-03 23:46 - 00000000 ____D () C:\Windows\ERUNT 2015-04-03 13:46 - 2015-04-03 13:46 - 02095616 _____ (Farbar) C:\Users\Johan\Downloads\FRST64(1).exe 2015-04-03 12:30 - 2015-04-03 12:30 - 00007324 _____ () C:\Users\Johan\Desktop\rougekiller 150403.txt 2015-04-03 12:18 - 2015-04-03 12:18 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-04-03 12:18 - 2015-04-03 12:18 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-04-03 12:17 - 2015-04-03 12:17 - 20436568 _____ () C:\Users\Johan\Downloads\RogueKillerX64(1).exe 2015-04-03 12:09 - 2015-04-03 12:09 - 00043097 _____ () C:\Users\Johan\Desktop\malwarebytes 150403.txt 2015-04-03 11:00 - 2015-04-03 11:00 - 20436568 _____ () C:\Users\Johan\Downloads\RogueKillerX64.exe 2015-04-03 10:59 - 2015-04-03 10:59 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-03 10:59 - 2015-04-03 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-03 10:58 - 2015-04-03 10:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-03 10:58 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-03 10:58 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-03 10:56 - 2015-04-03 10:56 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Johan\Downloads\mbam-setup-2.1.4.1018.exe 2015-04-02 22:01 - 2015-04-04 14:12 - 00075820 _____ () C:\Users\Johan\Downloads\Addition.txt 2015-04-02 21:59 - 2015-04-06 19:02 - 00027939 _____ () C:\Users\Johan\Downloads\FRST.txt 2015-04-02 21:59 - 2015-04-06 19:01 - 00000000 ____D () C:\FRST 2015-04-02 21:58 - 2015-04-02 21:59 - 02095616 _____ (Farbar) C:\Users\Johan\Downloads\FRST64.exe 2015-04-02 21:53 - 2015-04-02 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-04-02 21:53 - 2015-04-02 21:53 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2015-04-02 21:44 - 2015-04-02 21:50 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 2015-04-02 21:43 - 2015-04-02 21:43 - 00000000 ____D () C:\Users\Johan\Downloads\backups 2015-04-02 21:26 - 2015-04-02 21:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\Johan\Downloads\HijackThis.exe 2015-04-02 17:44 - 2015-04-03 12:12 - 00000000 ____D () C:\Program Files (x86)\trivia games 2015-04-02 07:53 - 2015-04-02 07:53 - 00001066 _____ () C:\Users\Johan\Desktop\malware scan 150402.txt 2015-04-02 00:29 - 2015-04-02 00:29 - 00001073 _____ () C:\Users\Johan\Desktop\malware scan 150401.txt 2015-04-01 20:56 - 2015-04-06 18:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-31 16:58 - 2015-03-31 16:58 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Avira 2015-03-31 16:53 - 2015-04-02 09:31 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Skype 2015-03-31 16:53 - 2015-04-01 10:17 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps 2015-03-31 16:53 - 2015-03-31 17:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2015-03-31 16:53 - 2015-03-31 16:53 - 00000000 ____D () C:\Users\Guest\AppData\Local\Skype 2015-03-28 13:07 - 2015-03-28 13:07 - 01381532 _____ () C:\Users\Johan\Downloads\ESAA_FIR_1503.rar 2015-03-28 11:45 - 2015-03-28 11:45 - 10016878 _____ () C:\Users\Johan\Downloads\scottish_controller_pack_3_1_3_1.zip 2015-03-27 06:28 - 2015-03-27 06:28 - 00001809 _____ () C:\Users\Johan\Desktop\Spotify.lnk 2015-03-24 12:17 - 2015-03-24 12:32 - 00000000 ____D () C:\Users\Johan\Documents\vStrips 2015-03-24 12:17 - 2015-03-24 12:17 - 00001865 _____ () C:\Users\Public\Desktop\vStrips.lnk 2015-03-24 12:17 - 2015-03-24 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vStrips 2015-03-24 12:17 - 2015-03-24 12:17 - 00000000 ____D () C:\Program Files (x86)\vStrips 2015-03-24 12:16 - 2015-03-24 12:17 - 61000904 _____ () C:\Users\Johan\Downloads\vStrips 0.7.14.0 Installer - Current.exe 2015-03-24 10:12 - 2015-04-02 17:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-23 17:10 - 2015-03-23 17:15 - 159635186 _____ () C:\Users\Johan\Downloads\GCLP FSX Setup(2).zip 2015-03-09 11:07 - 2015-03-09 11:07 - 00001470 _____ () C:\Users\Public\Desktop\BT Desktop Help.lnk 2015-03-09 11:07 - 2015-03-09 11:07 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Motive 2015-03-09 11:07 - 2015-03-09 11:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Desktop Help 2015-03-09 11:06 - 2015-03-09 11:13 - 00000000 ____D () C:\ProgramData\Motive 2015-03-09 11:06 - 2015-03-09 11:06 - 00000000 ____D () C:\Program Files\Common Files\Motive 2015-03-09 11:06 - 2015-03-09 11:06 - 00000000 ____D () C:\Program Files\BT Broadband Desktop Help 2015-03-09 11:06 - 2015-03-09 11:06 - 00000000 ____D () C:\Program Files (x86)\BT Broadband Desktop Help 2015-03-09 11:05 - 2015-03-09 11:05 - 00361888 _____ (Motive, Inc.) C:\Users\Johan\Downloads\FlDesktopHelpInstall.exe 2015-03-07 22:18 - 2015-03-07 22:18 - 00000222 _____ () C:\Users\Johan\Desktop\Insurgency.url 2015-03-07 15:40 - 2015-03-07 15:40 - 04840689 _____ () C:\Users\Johan\Downloads\Archie2015-Southern.mov 2015-03-07 15:37 - 2015-03-07 15:37 - 06442930 _____ () C:\Users\Johan\Downloads\Archie2015-Eastern.mov 2015-03-07 15:37 - 2015-03-07 15:37 - 03282211 _____ () C:\Users\Johan\Downloads\Archie2015-NewEngland.mov ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-06 19:02 - 2012-09-11 15:51 - 00000000 ____D () C:\Users\Johan\AppData\Local\LogMeIn Hamachi 2015-04-06 18:59 - 2012-07-16 18:35 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-06 18:59 - 2012-04-07 09:12 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps 2015-04-06 18:59 - 2012-04-05 22:16 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype 2015-04-06 18:59 - 2012-04-05 20:23 - 00000000 ____D () C:\Users\Johan\AppData\Local\Spotify 2015-04-06 18:56 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-06 18:56 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-06 18:52 - 2011-10-13 01:46 - 01784019 _____ () C:\Windows\WindowsUpdate.log 2015-04-06 18:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-06 18:47 - 2009-07-14 05:51 - 00221189 _____ () C:\Windows\setupact.log 2015-04-06 14:24 - 2012-04-05 20:23 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Spotify 2015-04-06 14:21 - 2012-04-05 20:07 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B5C0207-93E5-4127-9CF8-100C3AE6649B} 2015-04-05 21:15 - 2012-04-06 11:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-05 21:08 - 2012-07-16 18:35 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-05 14:24 - 2012-04-08 15:56 - 00000000 ____D () C:\Users\Johan\AppData\Local\Apps\2.0 2015-04-05 14:24 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-04-05 14:04 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-04-05 14:01 - 2010-11-21 04:47 - 00798278 _____ () C:\Windows\PFRO.log 2015-04-04 21:08 - 2012-04-06 14:47 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc 2015-04-04 12:56 - 2009-07-14 06:13 - 00786084 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-03 23:57 - 2015-02-23 21:07 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForJohan.job 2015-04-03 21:10 - 2015-01-12 16:56 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-03 20:30 - 2015-02-23 21:07 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohan 2015-04-03 20:30 - 2012-04-06 08:19 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-04-02 09:32 - 2012-04-05 20:03 - 00000000 ____D () C:\Users\Johan 2015-04-02 09:31 - 2014-10-26 21:29 - 00000000 ____D () C:\Users\Guest\AppData\Local\LogMeIn Hamachi 2015-04-02 09:31 - 2014-10-26 21:28 - 00000000 ____D () C:\Users\Guest 2015-04-02 09:31 - 2012-09-03 11:42 - 00000000 ____D () C:\Users\Administrator 2015-04-02 09:31 - 2012-07-03 21:43 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Malwarebytes 2015-04-02 09:31 - 2012-07-03 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2015-04-02 09:31 - 2012-07-03 21:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-02 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2015-04-02 09:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-02 09:30 - 2014-07-07 21:27 - 00000000 ____D () C:\Program Files (x86)\Potatoshare Android Data Recovery 2015-03-30 15:25 - 2014-07-21 20:25 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-03-29 00:47 - 2013-06-20 19:45 - 00000000 ____D () C:\Users\Johan\AppData\Local\CutePDF Writer 2015-03-28 14:26 - 2012-04-05 20:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client 2015-03-28 13:10 - 2012-04-06 11:56 - 00000000 ____D () C:\Users\Johan\Documents\EuroScope 2015-03-27 06:28 - 2012-04-05 20:23 - 00001795 _____ () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-03-26 05:31 - 2012-05-03 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-24 12:17 - 2012-12-24 20:48 - 00000000 ____D () C:\Users\Johan\AppData\Local\Downloaded Installations 2015-03-23 17:13 - 2012-04-08 15:56 - 00000000 ____D () C:\Users\Johan\AppData\Local\Deployment 2015-03-23 14:38 - 2013-06-11 12:45 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Avira 2015-03-23 14:37 - 2013-06-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-23 14:37 - 2013-06-11 12:38 - 00000000 ____D () C:\ProgramData\Avira 2015-03-17 06:15 - 2012-07-03 21:43 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-12 08:54 - 2013-10-29 23:12 - 00000332 _____ () C:\Users\Johan\Desktop\packlista.txt 2015-03-10 10:33 - 2013-06-11 12:39 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-10 10:33 - 2013-06-11 12:39 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-10 10:33 - 2013-06-11 12:39 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-08 02:14 - 2012-06-24 16:43 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\SoftGrid Client 2015-03-07 23:11 - 2013-01-29 17:58 - 00000000 ____D () C:\Program Files (x86)\Steam ==================== Files in the root of some directories ======= 2012-05-01 20:57 - 2014-07-07 22:20 - 0000000 _____ () C:\Users\Johan\AppData\Roaming\bitlord_log.txt 2013-06-10 22:57 - 2013-06-10 22:57 - 0000218 _____ () C:\Users\Johan\AppData\Local\recently-used.xbel 2015-04-06 18:48 - 2015-04-06 18:48 - 0000000 ____H () C:\ProgramData\cm-lock Some content of TEMP: ==================== C:\Users\Johan\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-05 14:55 ==================== End Of Log ============================

This is werid, I did the reset and it's still there. Do you think reinstalling it completely might help?

Hi, all of the logs attached. Initially the ads appear to still be there but I haven't rebooted after the last scan yet. ComboFix.txt TDDS log.txt malwarebytes scan 150405.txt

Done, the avast scanner found nothing at all. The false security essentials warning is still there. So are the ads on websites etc, malwarebytes also just blocked something it said (although I didn't see what and I can't seem to figure out how to find a log of what is blocked, I can only find the quarantine. In other words, seems it's still managing to elude us somehow. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Johan at 2015-04-04 19:10:00 Run:2 Running from C:\Users\Johan\Downloads Loaded Profiles: Johan (Available profiles: Johan & Administrator & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** FF NetworkProxy: "http", "83.248.10.46" FF NetworkProxy: "http_port", 8085 FF NetworkProxy: "type", 4 C:\Users\Johan\AppData\Local\Temp\avgnt.exe ***************** Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. C:\Users\Johan\AppData\Local\Temp\avgnt.exe => Moved successfully. ==== End of Fixlog 19:10:00 ====