Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Eraem Vire Studaa 2012 & updateflashplayer_***.exe


  • This topic is locked This topic is locked
32 replies to this topic

#1 Ioshik

Ioshik

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 05:33 AM

Like so many others, I've been infected by the Eraem Vire Studaa 2012, which I suspect is also related to the updateflashplayer_***.exe

 

I have the same symptoms as described in othe posts on this forum:

http://www.bleepingcomputer.com/forums/t/562385/unknown-process-running-continues-to-open-by-itself/

 
PC is laging and I get the Eraem Vire Studaa 2012 process runing, when I terminate the process it keep poping back up.
I have tried varius malware removal tools like malwarebytes antimalware, but it won't erase this bug. My Mcaffie seams to be completly helpless agains it as well.
 
Rather than go things ahead and run any desinfection programs I patiently await your respons to this post and humbly ask you to save me from this malware
 
Regards
 
//Ioshik
 
 PS:  I'm runing win7 HomePremium SP1 (64bit) on a Samsung Laptop with an Intel i3-2310M cpu and 8GB RAM

Edited by Ioshik, 12 January 2015 - 05:43 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 06:37 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 06:47 AM

While I run FRST & Gmer, pls look in to this issue regarding the dl of TDSSKiller http://prntscr.com/5riu1g



#4 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 08:03 AM

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015

Ran by user (administrator) on USER-DATOR on 12-01-2015 13:59:14
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Eraem Corniratu) C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtcmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Microsoft) C:\Program Files (x86)\Spotflux\services\SpotfluxConnectionManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
(Microsoft) C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Telia\Supportassistenten\bin\tgsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Telia] => C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtcmd.exe [206120 2010-11-11] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-06-21] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [73728 2011-11-03] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [896912 2011-03-17] (Samsung)
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373456 2011-03-17] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-03-17] ()
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-25] (Google Inc.)
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [LightShot] => C:\Users\user\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [Ilwsoft] => regsvr32.exe C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll <===== ATTENTION
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [Idbsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\user\AppData\Local\ITsoft\Inengine.dll
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [Ihvoiwvogya] => C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe [506012 2015-01-10] (Eraem Corniratu)
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Run: [DelayShred] => C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe [506012 2015-01-10] (Eraem Corniratu)
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\RunOnce: [Adobe Speed Launcher] => !d!
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk
ShortcutTarget: Skärmurklipp och start för OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2666454066-465502622-1009703566-1000] => http=104.131.234.108:3128
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2666454066-465502622-1009703566-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/SE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1zmd8jlb.default
FF Homepage: file:///c:/users/user/documents/evony/safe%20bot%20acc/ioshik/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/smithy/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/fjutt/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/warboy/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/wagner/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/pluns98/autoevony2.html|file:///C:/Users/user/Documents/Evony/Safe%20BOT%20acc/SirAries/AutoEvony2.html
FF NetworkProxy: "socks_version", 4
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandasecurity.com/activescan -> C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2666454066-465502622-1009703566-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2666454066-465502622-1009703566-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
FF Extension: Microsoft RDP Client Control - version 6 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1zmd8jlb.default\Extensions\{4EADCDA6-6762-E449-44F8-C3010B4AC0C7} [2015-01-02]
FF Extension: Proxy Selector - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1zmd8jlb.default\Extensions\proxyselector@mozilla.org.xpi [2014-09-22]
FF Extension: Mask My IP - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1zmd8jlb.default\Extensions\support@mask-myip.com.xpi [2014-02-20]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-12-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-01]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-01-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-12-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-12-19]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.se/
CHR StartupUrls: Default -> "hxxp://www.google.se/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-12-20]
CHR Extension: (TLRemove) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hneieddeibpcngeljjkdpcajfcgelalk [2013-03-28]
CHR Extension: (Norton Identity Safe) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-28]
CHR Extension: (Proxy List - Free SSL Web Proxies) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldikpbpacmiafmhiifihmicokeallbim [2014-10-30]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-12-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-04]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-12-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2015-01-10] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [184168 2014-05-06] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
R2 SpotfluxConnectionManager; C:\Program Files (x86)\Spotflux\services\SpotfluxConnectionManager.exe [74752 2014-04-05] (Microsoft) [File not signed]
R2 SpotfluxUpdateService; C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe [20992 2014-04-05] (Microsoft) [File not signed]
R2 sprtsvc_teliada; C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtsvc.exe [206120 2010-11-11] (SupportSoft, Inc.)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe [382320 2010-11-11] (SupportSoft, Inc.)
R2 tgsrvc_teliada; C:\Program Files (x86)\Telia\Supportassistenten\bin\tgsrvc.exe [185640 2010-11-11] (SupportSoft, Inc.)
S2 c2cautoupdatesvc; No ImagePath
S2 c2cpnrsvc; No ImagePath
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-10] (REALiX™)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [67808 2014-05-06] (Mozy, Inc.)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-07-22] (Windows ® 2003 DDK 3790 provider)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-01-20] (Spotflux, Inc.)
S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-12 13:56 - 2015-01-12 13:59 - 00029579 _____ () C:\Users\user\Desktop\FRST.txt
2015-01-12 13:56 - 2015-01-12 13:59 - 00000000 ____D () C:\FRST
2015-01-12 13:47 - 2015-01-12 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-01-12 13:07 - 2015-01-12 13:07 - 04166770 _____ () C:\Users\user\Desktop\tdsskiller.zip
2015-01-12 12:41 - 2015-01-12 12:41 - 00380416 _____ () C:\Users\user\Desktop\q1yuxexr.exe
2015-01-12 12:40 - 2015-01-12 12:40 - 00000000 ____D () C:\Users\user\AppData\Local\{CA2612B0-4326-4974-A39C-E32585ABBE2E}
2015-01-12 12:26 - 2015-01-12 13:11 - 00000000 ____D () C:\AdwCleaner
2015-01-12 12:24 - 2015-01-12 12:24 - 02191360 _____ () C:\Users\user\Desktop\AdwCleaner.exe
2015-01-12 11:46 - 2015-01-12 11:46 - 02124288 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-01-11 16:04 - 2015-01-11 16:04 - 00441560 _____ (PureVPN ) C:\Users\user\Downloads\purevpn_windows.exe
2015-01-10 22:55 - 2015-01-12 13:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2015-01-10 22:32 - 2015-01-10 22:32 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-10 22:32 - 2015-01-10 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-10 22:08 - 2015-01-10 22:31 - 00002852 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (user)
2015-01-10 22:08 - 2015-01-10 22:08 - 00026528 _____ (REALiX™) C:\windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-01-10 22:08 - 2015-01-10 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-01-10 22:07 - 2015-01-12 13:15 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-10 22:07 - 2015-01-10 22:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\IObit
2015-01-10 22:07 - 2015-01-10 22:08 - 00000000 ____D () C:\ProgramData\IObit
2015-01-10 22:07 - 2015-01-10 22:08 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-10 22:07 - 2015-01-10 22:07 - 00001212 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-10 22:07 - 2015-01-10 22:07 - 00001188 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-10 22:07 - 2015-01-10 22:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\ProductData
2015-01-10 22:07 - 2015-01-10 22:07 - 00000000 ____D () C:\Users\user\AppData\IObit
2015-01-10 18:40 - 2015-01-12 13:10 - 00000798 _____ () C:\windows\Tasks\Security Center Update - 1041816424.job
2015-01-10 18:40 - 2015-01-10 20:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\Xoulaqe
2015-01-10 18:40 - 2015-01-10 18:40 - 00003804 _____ () C:\windows\System32\Tasks\Security Center Update - 1041816424
2015-01-08 14:57 - 2015-01-08 14:57 - 00000000 ____D () C:\Users\user\AppData\Local\{7876CB30-E982-4449-AF5F-4AE6936DE583}
2015-01-07 15:59 - 2015-01-07 15:59 - 00044311 _____ () C:\Users\user\Documents\WiZipMalwhere_log.xml
2015-01-07 13:11 - 2015-01-07 17:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Nico Mak Computing
2015-01-07 13:11 - 2015-01-07 17:18 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-06 23:59 - 2015-01-07 00:00 - 17528608 _____ (IObit) C:\Users\user\Downloads\iobituninstaller.exe
2015-01-06 18:25 - 2015-01-07 17:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Zaasben
2015-01-06 17:15 - 2015-01-06 17:15 - 00000165 ____H () C:\Users\user\Desktop\~$Draft Worksheet - ali edit.xlsx
2015-01-04 14:43 - 2015-01-06 16:01 - 00001714 _____ () C:\Users\user\Desktop\Computer.lnk
2015-01-04 14:43 - 2015-01-06 16:00 - 00000288 _____ () C:\Users\user\AppData\Roaming\BBD6007.reg
2015-01-02 18:09 - 2015-01-03 18:25 - 00000000 ____D () C:\Users\user\AppData\Roaming\Agqobu
2015-01-02 14:44 - 2015-01-02 14:45 - 01548384 _____ (Skype Technologies S.A.) C:\Users\user\Downloads\SkypeSetup (Old versoin 6.0).exe
2015-01-02 13:59 - 2015-01-02 13:59 - 00000000 ____D () C:\Users\user\AppData\Local\Ilwsoft
2015-01-02 13:58 - 2015-01-04 05:55 - 00000000 ____D () C:\Users\user\AppData\Local\ITsoft
2015-01-02 13:58 - 2015-01-02 13:58 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList
2014-12-22 17:10 - 2014-12-22 17:10 - 00000000 ____D () C:\Users\user\AppData\Local\{7C87FC4B-BEED-4D2F-AFDA-8596B5B8C13F}
2014-12-22 13:11 - 2014-12-22 23:17 - 00019284 _____ () C:\Users\user\Documents\Pirates Battlecalc.xlsx
2014-12-20 01:21 - 2014-12-20 01:21 - 00000000 ____D () C:\windows\System32\Tasks\Norton Identity Safe
2014-12-19 21:44 - 2015-01-12 13:47 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-12-19 21:44 - 2014-12-19 21:44 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
2014-12-19 21:44 - 2014-12-19 21:44 - 00000000 ____D () C:\Program Files (x86)\McAfeeMOBK
2014-12-19 21:44 - 2014-12-19 21:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Online Backup
2014-12-19 21:44 - 2014-05-06 20:11 - 00067808 _____ (Mozy, Inc.) C:\windows\system32\Drivers\MOBK.sys
2014-12-19 21:43 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2014-12-19 21:42 - 2014-12-19 21:44 - 00000000 ____D () C:\Program Files\McAfee
2014-12-19 21:42 - 2014-12-19 21:42 - 00000000 ____D () C:\Program Files\McAfee.com
2014-12-19 21:42 - 2014-12-19 21:42 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-12-19 21:41 - 2015-01-07 12:06 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-19 21:35 - 2014-06-20 10:30 - 00189912 _____ (McAfee, Inc.) C:\windows\system32\mfevtps.exe
2014-12-19 21:20 - 2014-12-19 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-12-19 21:20 - 2014-12-19 21:20 - 00000000 ____D () C:\windows\system32\Drivers\NSTx64
2014-12-19 21:20 - 2014-12-19 21:20 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-12-19 21:15 - 2015-01-07 06:44 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-12-19 21:14 - 2014-12-19 21:14 - 05160608 _____ (McAfee, Inc.) C:\Users\user\Downloads\Setup_serial_09ahclMs7gJz5IgSxPBmxQ2_key.exe
2014-12-17 22:06 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-17 22:06 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-17 09:30 - 2014-12-17 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-12 13:55 - 2014-06-22 18:25 - 00000438 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2015-01-12 13:55 - 2011-05-05 20:29 - 01081137 _____ () C:\windows\WindowsUpdate.log
2015-01-12 13:51 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 13:51 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 13:48 - 2012-04-19 10:50 - 00001000 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2666454066-465502622-1009703566-1000UA.job
2015-01-12 13:48 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-12 13:39 - 2012-12-04 07:07 - 00000990 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 13:39 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-12 13:39 - 2009-07-14 05:51 - 00099855 _____ () C:\windows\setupact.log
2015-01-12 13:35 - 2012-04-02 20:11 - 00000868 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-12 13:13 - 2010-11-21 04:47 - 01656826 _____ () C:\windows\PFRO.log
2015-01-12 13:11 - 2014-12-01 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-12 12:48 - 2012-11-05 13:02 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-12 07:35 - 2011-10-07 22:02 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2015-01-11 00:13 - 2013-07-22 17:24 - 00196158 _____ () C:\Users\user\Desktop\Draft Worksheet - ali edit.xlsx
2015-01-10 22:32 - 2012-01-10 10:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-10 22:32 - 2011-09-26 09:19 - 00000000 ____D () C:\ProgramData\Skype
2015-01-10 14:05 - 2012-03-02 19:59 - 00000000 ____D () C:\Users\user\Documents\Evony
2015-01-10 00:47 - 2011-10-18 12:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2015-01-08 11:19 - 2012-03-07 08:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\SlimBrowser
2015-01-07 17:01 - 2011-06-29 20:20 - 00664068 _____ () C:\windows\system32\perfh01D.dat
2015-01-07 17:01 - 2011-06-29 20:20 - 00142836 _____ () C:\windows\system32\perfc01D.dat
2015-01-07 17:01 - 2009-07-14 06:13 - 01580554 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-07 16:08 - 2014-08-16 09:44 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 17:05 - 2014-08-16 09:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-06 15:33 - 2014-08-16 09:43 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 15:33 - 2014-08-16 09:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-01 09:10 - 2011-10-28 10:29 - 00000434 _____ () C:\windows\Tasks\DriverNavigator Scheduled Scan.job
2014-12-26 15:07 - 2011-10-06 16:56 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-12-23 02:38 - 2012-10-01 12:50 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-19 21:31 - 2011-05-05 05:02 - 00000000 ____D () C:\ProgramData\Norton
2014-12-18 12:31 - 2014-11-04 12:28 - 00003836 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1415100504
2014-12-18 12:31 - 2014-11-04 12:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-17 09:30 - 2013-10-24 20:39 - 00000425 _____ () C:\Users\user\AppData\Local\UserProducts.xml
2014-12-16 10:32 - 2014-03-25 09:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
 
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\APNSetup.exe
C:\Users\user\AppData\Local\Temp\install_flashplayer13x32au_mssa_aaa_aih.exe
C:\Users\user\AppData\Local\Temp\jna9166475009351205918.dll
C:\Users\user\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\NSISUtils.dll
C:\Users\user\AppData\Local\Temp\ose00000.exe
C:\Users\user\AppData\Local\Temp\PCloudCleanerUpdater.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\SHSetup.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\UpdateFlashPlayer_28e97185.exe
C:\Users\user\AppData\Local\Temp\UpdateFlashPlayer_8c7b3b61.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 09:28
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015
Ran by user at 2015-01-12 14:00:04
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Antivirus och antispionprogram (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Antivirus och antispionprogram (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis (HKLM-x32\...\{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}) (Version: 15.4.5722.2 - Microsoft Corporation)
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Any Video Converter 3.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Auto Macro Recorder V5.83 (Pro V5.2) Trial Version (HKLM-x32\...\AutoMacroRecorder_is1) (Version:  - )
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.1.3.2 - Finansiell ID-Teknik BID AB)
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bullzip PDF Printer 7.2.0.1319 (HKLM\...\Bullzip PDF Printer_is1) (Version: 7.2.0.1319 - Bullzip)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2200 series användarregistrering (HKLM-x32\...\Canon MG2200 series användarregistrering) (Version:  - Canon Inc.‎)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
ChrisPC Free Anonymous Proxy 5.50 (HKLM-x32\...\{6006089C-84B5-4F18-8113-D96792AED0DE}_is1) (Version:  - Chris P.C. srl)
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
DirectDownloader (HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\DirectDownloader) (Version:  - )
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
DriverNavigator 2.7.0 (HKLM\...\DriverNavigator_is1) (Version: 2.7.0.0 - Easeware)
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{16880765-677F-440B-B16A-BFD9B9C00012}) (Version: 1.0.12 - Samsung)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
FastStone Image Viewer 4.6 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
FlashPeak SlimBrowser (HKLM-x32\...\SlimBrowser) (Version: 7.00.110 - FlashPeak Inc.)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKU\S-1-5-21-2666454066-465502622-1009703566-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.1 - goldensoft.org)
Handelsbankens kortläsare (HKLM-x32\...\{35C938B6-F72A-4D92-B8B5-A1F0F9B1DC76}) (Version: 1.00.0000 - Todos Data System AB)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.30 - IObit)
J2SE Runtime Environment 5.0 Update 21 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150210}) (Version: 1.5.0.210 - Sun Microsystems, Inc.)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
JPEXS Free Flash Decompiler version 2.1.4 (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 2.1.4 - JPEXS)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrola Windows Live Mesh ActiveX za daljinske veze (HKLM-x32\...\{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}) (Version: 15.4.5722.2 - Microsoft Corporation)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mask My IP (HKLM-x32\...\MaskMyIP) (Version: 2.4.3.6 - )
McAfee Online Backup (Version: 2.26.1.386 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7359 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Uppdatering (KB963678) (HKLM-x32\...\{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6696EB50-EC8B-4D01-8061-04A6DE3D590C}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669) (HKLM-x32\...\{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{18E9F644-2552-4544-AABB-C1838964DDEE}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Uppdatering (KB963665) (HKLM-x32\...\{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{5DF6817C-E3C0-4226-9565-5C10A0AF4BF5}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 34.0 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 sv-SE)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Panda ActiveScan 2.0 (HKLM-x32\...\ActiveScan 2.0) (Version: 01.04.01.0014 - Panda Security)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.70 - Panda Security)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6318 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11032_12 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11032_12 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.0 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.1.17 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2250.0 - SAMSUNG Electronics Co., Ltd.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1548 - Memeo Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotflux (HKLM-x32\...\Spotflux) (Version: 2.10.5 - Spotflux) <==== ATTENTION!
SRS Premium Sound Control Panel (HKLM\...\{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}) (Version: 1.11.1300 - SRS Labs, Inc.)
Supportassistenten (HKLM-x32\...\Supportassistenten_is1) (Version: 4.1.0 - TeliaSonera Sverige AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Webinaria 2.0 (HKLM-x32\...\Webinaria_is1) (Version:  - Charlwood eMarketing)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.5 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX kontrola za daljinske veze (HKLM-x32\...\{8985AE5E-622A-4980-8BF8-0A1830643220}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem (HKLM-x32\...\{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VueScan (HKLM\...\VueScan) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) (HKLM-x32\...\{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}) (Version: 15.4.5722.2 - Microsoft Corporation)
원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤 (HKLM-x32\...\{61920449-0393-4707-B7DD-E6C0013C8B2C}) (Version: 15.4.5722.2 - Microsoft Corporation)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2666454066-465502622-1009703566-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2666454066-465502622-1009703566-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2666454066-465502622-1009703566-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2666454066-465502622-1009703566-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2666454066-465502622-1009703566-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2666454066-465502622-1009703566-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
18-12-2014 16:00:29 Windows Update
06-01-2015 21:47:09 Removed Skype™ 7.0
10-01-2015 22:08:59 IObit Uninstaller restore point
10-01-2015 22:12:39 IObit Uninstaller restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0033BE09-AC67-46BF-A7CF-0D2515AE5ED2} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {00DD357A-08B4-4CC0-8D20-9629966DA0CB} - System32\Tasks\Voting\Close SB10-12 => cmd.exe /c taskkill /f /im sbframe.exe
Task: {0811F50F-FA15-45E5-87B7-9EB4CD02C41A} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-12-20] (Samsung Electronics)
Task: {0B08793E-050F-4D3E-AA1E-134B6005F555} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {0ECA415A-0A62-431E-8D5E-78C186E9B29B} - System32\Tasks\Voting\Vote14 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\14.sgp [2014-10-07] ()
Task: {0FEED6D8-C1C0-4B74-A9BC-97795AFB0C81} - System32\Tasks\SRS Premium Sound => C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe [2011-02-24] (SRS Labs, Inc.)
Task: {16D6650D-B920-48D8-BDAA-79CD22B299CB} - System32\Tasks\{1BF98208-9538-4440-8E92-74D57FF63486} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {1A35E29E-5EC4-43B8-9CD0-9C5DCE6D06F5} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {23C913BE-2CC1-48C2-8471-26BC6410158D} - System32\Tasks\{B7EB74E9-D354-4671-AABE-69B30570024F} => pcalua.exe -a C:\Users\user\Downloads\ultravnc_tools_setup.exe -d C:\Users\user\Downloads
Task: {2BA9CB70-5BCD-412B-8A58-82B800A0102F} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {2CA50227-A4BD-40A9-B17C-DF6AFF732DA2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {30EBA192-EDF7-47E3-8B74-C057B0BA90BE} - System32\Tasks\Voting\Vote06 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\06.sgp [2015-01-04] ()
Task: {34B95C7A-FCFA-4DE8-83F8-B12FD4C83142} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)
Task: {34BD3EC7-DA22-419D-9C0C-BFC6E468670A} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {3A070093-9F80-44A6-BA6D-ACB577CC9FE1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {3C73280A-A4CC-43DE-867E-1D0E98FC2600} - System32\Tasks\Voting\Close SB13-16 => cmd.exe /c taskkill /f /im sbframe.exe
Task: {3D0B028F-00F7-4E52-B5C9-CC6D7191F5A7} - System32\Tasks\{350B3660-047C-47DB-86E6-A41EB457EE39} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2010-11-10] (CyberLink Corp.)
Task: {40956318-DAA2-4D21-A221-8D56A097D305} - System32\Tasks\{ED0B014B-A5E8-40BB-9585-BE315304FD8E} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.16.0.105&amp;LastError=12029
Task: {4528C4E0-6446-4489-B034-670E9F3D6986} - System32\Tasks\Voting\Vote04 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\04.sgp [2014-11-03] ()
Task: {47DD649B-4199-4728-829F-829548E15827} - System32\Tasks\{833165C9-3CD4-4511-951D-6B8D37DE2CB9} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/sv/abandoninstall?page=tsProgressBar
Task: {47EDA965-B010-42F7-A102-66F2A4CAAD12} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {4DAD06A8-F3DA-4EDD-B638-E7945779F33B} - System32\Tasks\Uninstaller_SkipUac_user => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-07] (IObit)
Task: {522FD8EC-5961-45F5-95EA-AD2A2B9027E8} - System32\Tasks\Voting\Vote09 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\09.sgp
Task: {5A98AD62-55D6-491E-912F-DA96A8D41AA8} - System32\Tasks\Voting\Vote01 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\01.sgp [2014-08-22] ()
Task: {635BB9D8-47D0-46CE-874C-B03A20D32D8F} - System32\Tasks\Voting\Vote07 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\07.sgp [2015-01-04] ()
Task: {6D485A2F-E5CF-4678-930A-A6A8CB31735F} - System32\Tasks\Voting\Vote08 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\08.sgp [2014-10-07] ()
Task: {6DC9782B-7B25-4AE1-8ACB-0A3DA914F0D9} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
Task: {7889053E-3E0E-4466-9747-6584DF9A1C9E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {78A74551-6BC7-48CB-97C7-02032A9D651B} - System32\Tasks\{A0A280F5-2F78-4F53-8E8E-E62EC8C413E3} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2010-11-10] (CyberLink Corp.)
Task: {79A3DC05-8CD8-4E9C-A053-C3B5AD8065FB} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {7B7C2689-54A7-4D36-96CC-EEE80ECE7CC4} - System32\Tasks\Driver Booster SkipUAC (user) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-01-07] (IObit)
Task: {7BDB6C33-E33E-4F65-A081-42FEFAB33102} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2666454066-465502622-1009703566-1000
Task: {81090F66-1338-403E-8A2F-A60636A728A5} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-02-14] (SEC)
Task: {81438FBC-5F51-4F6D-8CE5-D94F422A8B17} - System32\Tasks\Opera scheduled Autoupdate 1415100504 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {889C721A-992B-4977-9314-6013B3D07448} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2666454066-465502622-1009703566-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25] (Google Inc.)
Task: {8C9B018B-C6CC-4229-BB2D-A149B6063492} - System32\Tasks\Voting\Vote10 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\10.sgp [2014-10-07] ()
Task: {900AB6FD-440D-40CD-B2BC-4C874AD10705} - System32\Tasks\{4939F1FD-63CA-47F9-A08C-5778FE607950} => Chrome.exe 
Task: {95EDC852-FD4C-45BA-B6B3-611B779D3D8A} - System32\Tasks\{D7DC26C8-7E68-49CA-9878-4E97DCF0696E} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2010-11-10] (CyberLink Corp.)
Task: {9615997F-56B2-4B75-B9CC-D354529D60D5} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.)
Task: {9D56DE14-E6DD-4955-935B-239BF9EC7DBD} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2011-10-11] (Easeware)
Task: {9E9F8B32-C302-45F4-9BB5-71522CE76DAB} - System32\Tasks\Voting\Close SB07-09 => cmd.exe /c taskkill /f /im sbframe.exe
Task: {A1C3988C-01C3-4140-BA23-6A6EF7A7B0A2} - System32\Tasks\Voting\Vote11 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\11.sgp [2014-10-29] ()
Task: {A33E733B-15E1-4D23-A70C-4C14A3CB1CE1} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A6CB914D-88F6-4904-B6C6-02C30892BB54} - System32\Tasks\Voting\Vote03 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\03.sgp [2014-10-29] ()
Task: {C95AD505-4208-46C9-9F21-CB6F0CC816A0} - System32\Tasks\Voting\Close SB04-05 => cmd.exe /c taskkill /f /im sbframe.exe
Task: {CA9182EB-A7F3-4B16-8265-6AEC59162D4B} - System32\Tasks\Voting\Vote00 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\15.sgp [2014-08-28] ()
Task: {CFFA1CB5-4224-4840-AB09-8FEACFB488C0} - System32\Tasks\Voting\Vote05 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\05.sgp [2014-11-02] ()
Task: {D7D4F8C3-5DA1-4080-A25B-5B44EE3DC3FD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {D946DA26-260F-49F4-8667-93FD907891E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2666454066-465502622-1009703566-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25] (Google Inc.)
Task: {E1FA407B-672F-4D4F-A164-66EB8405C00D} - System32\Tasks\Voting\Stäng SlimBrowser => cmd.exe /c taskkill /f /im sbframe.exe
Task: {E416BB59-F96E-4982-84A4-C05C3EAA87F6} - System32\Tasks\Voting\Vote02 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\02.sgp [2014-09-08] ()
Task: {E63A26D0-13B2-415E-90BC-ED7DEAE39168} - System32\Tasks\Voting\Vote13 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\13.sgp [2014-10-07] ()
Task: {E87C36A7-6ECC-4C92-BC5E-8E16AB369926} - System32\Tasks\Security Center Update - 1041816424 => C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe [2015-01-10] (Eraem Corniratu) <==== ATTENTION
Task: {E8959E8C-D3E7-4844-8B40-4F6E940137C4} - System32\Tasks\Voting\Close SB03 => cmd.exe /c taskkill /f /im sbframe.exe
Task: {EA9B26AE-9F6A-4F6C-BA3B-14EC8FBEC666} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {F805E33A-0F8C-4700-BE83-3A343BDEE0C8} - System32\Tasks\Voting\Vote16 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\16.sgp [2014-10-07] ()
Task: {FA75BD1E-1BD1-4A34-BA73-935AEC83303C} - System32\Tasks\Voting\Vote12 => C:\Users\user\AppData\Roaming\SlimBrowser\Groups\Voting\12.sgp [2014-10-07] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2666454066-465502622-1009703566-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2666454066-465502622-1009703566-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Security Center Update - 1041816424.job => C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-29 19:44 - 2008-06-05 00:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2015-01-02 13:55 - 2015-01-02 13:55 - 02738176 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2015-01-02 13:56 - 2015-01-02 13:56 - 02242560 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2011-11-20 09:38 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-11-05 13:02 - 2012-03-28 13:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-06-29 19:42 - 2010-12-17 02:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-03-17 22:07 - 2011-03-17 22:07 - 00019872 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2011-05-05 04:43 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-04-05 09:30 - 2014-04-05 09:30 - 00006656 _____ () C:\Program Files (x86)\Spotflux\services\SpotfluxCore.dll
2014-04-05 09:30 - 2014-04-05 09:30 - 00009728 _____ () C:\Program Files (x86)\Spotflux\services\SFEvents.dll
2014-04-05 09:30 - 2014-04-05 09:30 - 00017408 _____ () C:\Program Files (x86)\Spotflux\services\WebServices.dll
2010-06-21 21:09 - 2010-06-21 21:09 - 00323296 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2011-06-29 19:44 - 2010-10-21 19:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2015-01-02 13:59 - 2015-01-02 13:59 - 00030720 _____ () C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll
2014-01-15 18:14 - 2014-01-15 18:14 - 00055816 _____ () C:\Users\user\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
2015-01-02 14:13 - 2015-01-02 14:13 - 00037376 _____ () C:\Users\user\AppData\Local\ITsoft\Inengine.dll
2011-05-05 04:48 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2011-11-03 19:09 - 2011-11-03 19:09 - 00102912 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-11-03 19:10 - 2011-11-03 19:10 - 00025600 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-11-03 19:10 - 2011-11-03 19:10 - 00005632 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\sv-SE\Memeo.Dashboard.SeagateSharePlusPlugin.resources.dll
2011-11-03 19:10 - 2011-11-03 19:10 - 00015360 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
2011-11-03 19:10 - 2011-11-03 19:10 - 00004096 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\sv-SE\Memeo.Dashboard.TroubleshootingPlugin.resources.dll
2011-11-03 19:10 - 2011-11-03 19:10 - 00014848 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
2011-11-03 19:10 - 2011-11-03 19:10 - 00004608 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\sv-SE\Memeo.Dashboard.VideoTutorialsPlugin.resources.dll
2011-05-05 04:51 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2010-06-21 21:10 - 2010-06-21 21:10 - 02887904 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2010-06-21 21:10 - 2010-06-21 21:10 - 00026848 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-06-21 21:15 - 2010-06-21 21:15 - 00028672 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sv-SE\InstantBackup.resources.dll
2010-03-22 23:59 - 2010-03-22 23:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2011-05-05 04:57 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2010-04-20 18:22 - 2010-04-20 18:22 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2010-04-20 18:22 - 2010-04-20 18:22 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
 
========================= Accounts: ==========================
 
Administratör (S-1-5-21-2666454066-465502622-1009703566-500 - Administrator - Disabled)
Gäst (S-1-5-21-2666454066-465502622-1009703566-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2666454066-465502622-1009703566-1002 - Limited - Enabled)
user (S-1-5-21-2666454066-465502622-1009703566-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom BCM2070 Bluetooth 3.0 +HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 +HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Anchorfree HSS VPN Adapter
Description: Anchorfree HSS VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Anchorfree HSS VPN Adapter
Service: taphss6
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Spotflux Virtual Network Device Driver
Description: Spotflux Virtual Network Device Driver
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Spotflux, Inc.
Service: tapSF0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Anchorfree HSS VPN Adapter #2
Description: Anchorfree HSS VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Anchorfree HSS VPN Adapter
Service: taphss6
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/12/2015 01:58:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet FRST64.exe, version 12.1.2015.0, avslutades eftersom det slutade att samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.
 
Process-ID: 16f4
 
Starttid: 01d02e67335f9c60
 
Avslutningstid: 0
 
Programsökväg: C:\Users\user\Desktop\FRST64.exe
 
Rapport-ID: adc4c537-9a5a-11e4-b947-e811326f35c2
 
Error: (01/12/2015 01:41:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 01:40:57 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Fjärrtjänstkonfigurationen misslyckades med undantagsfelet System.Reflection.TargetInvocationException: Ett undantagsfel har uppstått i målet för en aktivering. ---> System.Security.Principal.IdentityNotMappedException: Vissa eller alla identitetsreferenser kunde inte översättas.
   vid System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   vid System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   vid System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Slut på stackspårning för interna undantag ---
   vid System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   vid System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   vid System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   vid System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity).   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   vid System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   vid RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
 
Error: (01/12/2015 01:29:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 01:28:11 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Fjärrtjänstkonfigurationen misslyckades med undantagsfelet System.Reflection.TargetInvocationException: Ett undantagsfel har uppstått i målet för en aktivering. ---> System.Security.Principal.IdentityNotMappedException: Vissa eller alla identitetsreferenser kunde inte översättas.
   vid System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   vid System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   vid System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Slut på stackspårning för interna undantag ---
   vid System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   vid System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   vid System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   vid System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity).   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   vid System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   vid RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
 
Error: (01/12/2015 01:19:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 01:15:30 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Fjärrtjänstkonfigurationen misslyckades med undantagsfelet System.Reflection.TargetInvocationException: Ett undantagsfel har uppstått i målet för en aktivering. ---> System.Security.Principal.IdentityNotMappedException: Vissa eller alla identitetsreferenser kunde inte översättas.
   vid System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   vid System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   vid System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Slut på stackspårning för interna undantag ---
   vid System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   vid System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   vid System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   vid System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity).   vid System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   vid System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   vid RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
 
Error: (01/12/2015 07:30:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: chrome.exe, version 39.0.2171.95, tidsstämpel 0x548243f3
, felet uppstod i modulen med namn: chrome.dll, version 39.0.2171.95, tidsstämpel 0x54823ff4
Undantagskod: 0xc0000005
Felförskjutning: 0x00303ddf
Process-ID: 0x8e68
Programmets starttid: 0xchrome.exe0
Sökväg till program: chrome.exe1
Sökväg till modul: chrome.exe2
Rapport-ID: chrome.exe3
 
Error: (01/12/2015 02:36:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: uffaysv.exe, version 5.15.42710.52980, tidsstämpel 0x547dee7c
, felet uppstod i modulen med namn: Flash32_15_0_0_246.ocx, version 15.0.0.246, tidsstämpel 0x548106ae
Undantagskod: 0xc0000005
Felförskjutning: 0x0012a89e
Process-ID: 0x78fc
Programmets starttid: 0xuffaysv.exe0
Sökväg till program: uffaysv.exe1
Sökväg till modul: uffaysv.exe2
Rapport-ID: uffaysv.exe3
 
Error: (01/11/2015 08:47:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: KiesPDLR.exe, version 1.0.0.0, tidsstämpel 0x4d7efa4b
, felet uppstod i modulen med namn: CliSecureRT.dll, version 5.2.0.2, tidsstämpel 0x4c492bfd
Undantagskod: 0xc0000005
Felförskjutning: 0x00001296
Process-ID: 0xa10
Programmets starttid: 0xKiesPDLR.exe0
Sökväg till program: KiesPDLR.exe1
Sökväg till modul: KiesPDLR.exe2
Rapport-ID: KiesPDLR.exe3
 
 
System errors:
=============
Error: (01/12/2015 01:55:41 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (01/12/2015 01:55:39 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 169.254.17.31192.168.137.0255.255.255.0
 
Error: (01/12/2015 01:55:29 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (01/12/2015 01:47:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Tjänsten McAfee Home Network stannade under start.
 
Error: (01/12/2015 01:43:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start: 
HssDRV6
 
Error: (01/12/2015 01:43:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Tjänsten Spotflux Connection Manager stannade under start.
 
Error: (01/12/2015 01:39:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Skype Click to Call PNR Service kunde inte startas på grund av följande fel: 
%%3
 
Error: (01/12/2015 01:39:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten Skype Click to Call Updater kunde inte startas på grund av följande fel: 
%%3
 
Error: (01/12/2015 01:34:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Tjänsten McAfee Home Network stannade under start.
 
Error: (01/12/2015 01:30:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start: 
HssDRV6
 
 
Microsoft Office Sessions:
=========================
Error: (03/12/2014 01:23:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 32%
Total physical RAM: 8105.55 MB
Available physical RAM: 5463.86 MB
Total Pagefile: 24105.55 MB
Available Pagefile: 21162.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:178 GB) (Free:61.52 GB) NTFS
Drive d: () (Fixed) (Total:265.04 GB) (Free:139.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E9DB7C94)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=22.6 GB) - (Type=27)
 
==================== End Of Log ============================


#5 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 08:19 AM

When running the Gmer rootkit scanner I suffered the blue screen system shutdown while making sure I unchecked the boxes as per instructions. I hadn't even started teh scan. I will try it once more



#6 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 08:38 AM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-12 14:37:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1  rev. 465,76GB
Running: q1yuxexr.exe; Driver: C:\Users\user\AppData\Local\Temp\kwloauob.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [3660:2220]                                                                                                                                                  000000006efd2f08
Thread   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [3660:4116]                                                                                                                                                  000000006efd2f08
Thread   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [3660:4124]                                                                                                                                                  000000006efd2f08
Thread   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [3660:964]                                                                                                                                                   000000006efd2f08
Thread   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [8316:8532]                                                                                                                                                  000000006efd2f08
Thread   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [8316:8672]                                                                                                                                                  000000006efd2f08
Thread   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [8316:8748]                                                                                                                                                  000000006efd2f08
Thread   C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [8316:8776]                                                                                                                                                  000000006efd2f08
---- Processes - GMER 2.1 ----
 
Library  C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [1888](2015-01-02 12:56:07)                                                                              000007fee9110000
Library  C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll (*** suspicious ***) @ C:\windows\Explorer.EXE [1888] (Secure overlay library/Microsoft)(2015-01-02 12:55:58)                                        000007fef6f60000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [3076](2015-01-02 12:59:29)                                        0000000010000000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [3660](2015-01-02 12:59:29)                                                   0000000001380000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [8316](2015-01-02 12:59:29)                                                   0000000003410000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe [4780](2015-01-02 12:59:29)                                               0000000010000000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2896](2015-01-02 12:59:29)                                           0000000010000000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2492](2015-01-02 12:59:29)                                0000000000620000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2452](2015-01-02 12:59:29)                                                   0000000000850000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [5620](2015-01-02 12:59:29)                              0000000010000000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe [6404](2015-01-02 12:59:29)                          0000000000a50000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe [3812](2015-01-02 12:59:29)                                     0000000010000000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe [5900](2015-01-02 12:59:29)                                               00000000001b0000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtcmd.exe [2148](2015-01-02 12:59:29)                                         0000000010000000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe [1036](2015-01-02 12:59:29)                                                       0000000003500000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\windows\SysWOW64\regsvr32.exe [2656](2015-01-02 12:59:29)                                                                        0000000010000000
Library  C:\Users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll (*** suspicious ***) @ C:\windows\SysWOW64\RunDll32.exe [3536](2015-01-02 12:59:29)                                                                        0000000000170000
Library  C:\Users\user\AppData\Local\ITsoft\Inengine.dll (*** suspicious ***) @ C:\Windows\SysWOW64\regsvr32.exe [2648](2015-01-02 13:13:41)                                                                                0000000010000000
Library  C:\Users\user\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll (*** suspicious ***) @ C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2492](2014-01-15 17:14:46)  0000000010000000
Process  C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe [1036] (Eraem Vire Studaa 2021/Eraem Corniratu)(2013-01-13 21:27:00)                    0000000000400000
Process  C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe (*** suspicious ***) @ C:\Users\user\AppData\Roaming\Xoulaqe\uffaysv.exe [2748] (Eraem Vire Studaa 2021/Eraem Corniratu)(2013-01-13 21:27:00)                    0000000000400000
 
---- Threads - GMER 2.1 ----
 
Thread   C:\windows\Explorer.EXE [1888:3356]                                                                                                                                                                                0000000005f938b8
Thread   C:\Windows\SysWOW64\regsvr32.exe [2648:2772]                                                                                                                                                                       000000006efd9ee9
Thread   C:\windows\SysWOW64\regsvr32.exe [2656:2780]                                                                                                                                                                       000000006efd2f08
Thread   C:\windows\SysWOW64\regsvr32.exe [2656:2792]                                                                                                                                                                       000000006efd2f08
Thread   C:\windows\SysWOW64\regsvr32.exe [2656:2796]                                                                                                                                                                       000000006efd2f08
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{56B96AED-D336-43AC-A87A-C5420CC9CFB2}\Connection@Name                                                                        isatap.{93DD2CA3-E702-4D69-9368-7BEAB538D802}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                                           \Device\{86BBD77F-ECF3-4958-B095-96E56A78B3C3}?\Device\{5025280C-C7F5-4CF5-903E-25949DD0F51D}?\Device\{56B96AED-D336-43AC-A87A-C5420CC9CFB2}?\Device\{6F1ACB82-346F-4088-8B8B-D641B0D823EF}?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                                          "{86BBD77F-ECF3-4958-B095-96E56A78B3C3}"?"{5025280C-C7F5-4CF5-903E-25949DD0F51D}"?"{56B96AED-D336-43AC-A87A-C5420CC9CFB2}"?"{6F1ACB82-346F-4088-8B8B-D641B0D823EF}"?
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                                         \Device\TCPIP6TUNNEL_{86BBD77F-ECF3-4958-B095-96E56A78B3C3}?\Device\TCPIP6TUNNEL_{5025280C-C7F5-4CF5-903E-25949DD0F51D}?\Device\TCPIP6TUNNEL_{56B96AED-D336-43AC-A87A-C5420CC9CFB2}?\Device\TCPIP6TUNNEL_{6F1ACB82-346F-4088-8B8B-D641B0D823EF}?
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde6a3c77                                                                                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de68d35e                                                                                                                                        
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de68d35e@945103fa64ae                                                                                                                           0x98 0x52 0xBD 0xF3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4de68d35e@0007ab0a3eb1                                                                                                                           0x4D 0x5E 0x93 0xD0 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{56B96AED-D336-43AC-A87A-C5420CC9CFB2}@InterfaceName                                                                                             isatap.{93DD2CA3-E702-4D69-9368-7BEAB538D802}
Reg      HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{56B96AED-D336-43AC-A87A-C5420CC9CFB2}@ReusableType                                                                                              0
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde6a3c77 (not active ControlSet)                                                                                                                    
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de68d35e (not active ControlSet)                                                                                                                    
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de68d35e@945103fa64ae                                                                                                                               0x98 0x52 0xBD 0xF3 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4de68d35e@0007ab0a3eb1                                                                                                                               0x4D 0x5E 0x93 0xD0 ...
 
---- Disk sectors - GMER 2.1 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                                                                                                              unknown MBR code
 
---- EOF - GMER 2.1 ----


#7 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 08:48 AM

 ... and finally the TDSSKiller log as an attached file

Attached Files



#8 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 09:06 AM

I get this popup and when chosing "Don't Install" it still tries to run the file tmp6D84.exe 

 ... i actually doesn't matter where on the pup-up window I click ... it still tries to run that file.

Fortunately I get the "Do you want to run this file" from the User account Controll in windows that allows me to say no please, but this **** keeps poping up and stays on top when trying to use other software

Attached Files


Edited by Ioshik, 12 January 2015 - 09:09 AM.


#9 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 12 January 2015 - 06:14 PM

it is getting worse, now this thing is trying to make me install some casino software

 

Attached Files


Edited by Ioshik, 12 January 2015 - 06:18 PM.


#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 13 January 2015 - 10:18 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Spotflux


Close the window.

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 13 January 2015 - 11:35 AM

Spotflux uninstalled from controlpanel, and the files/keys shown in this screendump were also removed by "IObit Uninstaler".

will run combofix and post that log in a separat message

Attached Files



#12 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 13 January 2015 - 12:15 PM

ComboFix 15-01-08.01 - user 2015-01-13  17:41:05.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.46.1053.18.8106.3923 [GMT 1:00]
Körs från: c:\users\user\Desktop\ComboFix.exe
AV: McAfee Antivirus och antispionprogram *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Antivirus och antispionprogram *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Temp\e3c74ee6-7482-4280-b9c3-f233b390296e\CliSecureRT.dll
c:\users\user\AppData\Roaming\BBD6007.reg
c:\users\user\www.interflora.no - .pdf
c:\windows\Tasks\Security Center Update - 1041816424.job
c:\windows\Tasks\Security Center Update - 1047131588.job
.
.
((((((((((((((((((((((((   Filer skapade från 2014-12-13 till 2015-01-13  ))))))))))))))))))))))))))))))
.
.
2015-01-13 16:53 . 2015-01-13 16:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-12 17:49 . 2015-01-12 17:49	--------	d-----w-	c:\users\user\AppData\Roaming\Apoxapyz
2015-01-12 12:56 . 2015-01-12 13:01	--------	d-----w-	C:\FRST
2015-01-12 11:26 . 2015-01-12 12:11	--------	d-----w-	C:\AdwCleaner
2015-01-10 21:55 . 2015-01-13 16:31	--------	d-----w-	c:\users\user\AppData\Roaming\Skype
2015-01-10 21:32 . 2015-01-10 21:32	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2015-01-10 21:08 . 2015-01-10 21:08	26528	----a-w-	c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-01-10 21:07 . 2015-01-10 21:07	--------	d-----w-	c:\users\user\AppData\Roaming\ProductData
2015-01-10 21:07 . 2015-01-10 21:08	--------	d-----w-	c:\programdata\IObit
2015-01-10 21:07 . 2015-01-13 16:57	--------	d-----w-	c:\programdata\ProductData
2015-01-10 21:07 . 2015-01-10 21:08	--------	d-----w-	c:\program files (x86)\IObit
2015-01-10 21:07 . 2015-01-10 21:08	--------	d-----w-	c:\users\user\AppData\Roaming\IObit
2015-01-10 17:40 . 2015-01-10 19:55	--------	d-----w-	c:\users\user\AppData\Roaming\Xoulaqe
2015-01-07 12:11 . 2015-01-07 16:18	--------	d-----w-	c:\users\user\AppData\Roaming\Nico Mak Computing
2015-01-07 12:11 . 2015-01-07 16:18	--------	d-----w-	c:\programdata\Nico Mak Computing
2015-01-06 17:25 . 2015-01-07 16:32	--------	d-----w-	c:\users\user\AppData\Roaming\Zaasben
2015-01-02 17:09 . 2015-01-03 17:25	--------	d-----w-	c:\users\user\AppData\Roaming\Agqobu
2015-01-02 12:59 . 2015-01-02 12:59	--------	d-----w-	c:\users\user\AppData\Local\Ilwsoft
2015-01-02 12:58 . 2015-01-02 12:58	--------	d-sh--w-	c:\users\user\AppData\Local\EmieBrowserModeList
2015-01-02 12:58 . 2015-01-04 04:55	--------	d-----w-	c:\users\user\AppData\Local\ITsoft
2014-12-19 20:44 . 2014-12-19 20:44	--------	dc----w-	c:\windows\system32\DRVSTORE
2014-12-19 20:44 . 2014-05-06 19:11	67808	----a-w-	c:\windows\system32\drivers\MOBK.sys
2014-12-19 20:44 . 2014-12-19 20:44	--------	d-----w-	c:\program files (x86)\McAfee Online Backup
2014-12-19 20:43 . 2013-09-23 12:49	197704	----a-w-	c:\windows\system32\drivers\HipShieldK.sys
2014-12-19 20:42 . 2014-12-19 20:43	--------	d-----w-	c:\program files (x86)\Common Files\McAfee
2014-12-19 20:42 . 2014-12-19 20:44	--------	d-----w-	c:\program files\McAfee
2014-12-19 20:41 . 2015-01-07 11:06	--------	d-----w-	c:\program files (x86)\McAfee
2014-12-19 20:35 . 2014-06-20 09:30	189912	----a-w-	c:\windows\system32\mfevtps.exe
2014-12-19 20:20 . 2014-12-19 20:20	--------	d-----w-	c:\windows\system32\drivers\NSTx64
2014-12-19 20:20 . 2014-12-19 20:20	--------	d-----w-	c:\program files (x86)\Norton Identity Safe
2014-12-19 20:15 . 2015-01-07 05:44	--------	d-----w-	c:\program files\Common Files\McAfee
2014-12-17 21:06 . 2014-12-13 05:09	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-17 21:06 . 2014-12-13 03:33	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-12 13:59 . 2015-01-12 13:59	902144	----a-w-	c:\programdata\Microsoft\Secure\Icons\temp\tmp6D84.exe
2015-01-12 13:44 . 2015-01-12 13:44	159744	----a-w-	c:\programdata\Microsoft\Secure\Icons\temp\tmp979E.exe
2015-01-10 13:48 . 2015-01-10 13:48	1003008	----a-w-	c:\programdata\Microsoft\Secure\Icons\temp\tmp6A49.exe
2015-01-07 15:08 . 2014-08-16 08:44	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-06 13:17 . 2015-01-06 13:17	125632	----a-w-	c:\programdata\Microsoft\Secure\Icons\temp\tmp3AB7.exe
2015-01-02 12:56 . 2015-01-02 12:56	2242560	----a-w-	c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-12-10 15:12 . 2011-10-07 07:40	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-12-09 22:35 . 2012-04-02 19:11	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-09 22:35 . 2011-10-09 07:45	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-09 22:35 . 2014-12-09 22:35	3981488	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-04 02:50 . 2014-12-10 08:41	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 08:41	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 08:41	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 08:41	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 08:41	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 08:41	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 08:41	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 08:41	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 08:41	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 08:40	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 08:41	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 08:41	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 08:41	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 08:40	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 08:41	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 08:41	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 08:40	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 08:41	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 08:41	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 08:41	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 08:41	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 08:41	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 08:41	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 08:41	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 08:41	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 08:41	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 08:41	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 08:40	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 08:41	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 08:41	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 08:41	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 08:41	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 08:41	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 08:41	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 08:41	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 08:41	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 08:41	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 08:41	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 08:41	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 08:41	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 08:41	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 08:41	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 08:40	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 08:41	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 08:41	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 08:41	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 08:41	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 08:41	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-08-16 08:43	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-08-16 08:43	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-02-19 14:29	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-18 13:56 . 2014-11-18 13:56	1202848	----a-w-	c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 08:41	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-18 18:23	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:23	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 08:41	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-18 18:23	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:23	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 08:41	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 08:39	2048	----a-w-	c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 08:39	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-11-02 19:30 . 2014-11-02 19:30	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 02:03 . 2014-12-10 08:39	165888	----a-w-	c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 08:39	155136	----a-w-	c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 01:45	77824	----a-w-	c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 01:45	67584	----a-w-	c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 01:45	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-10 15:07	4121600	----a-w-	c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 01:45	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-10 15:07	3209728	----a-w-	c:\windows\SysWow64\mf.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-03-17 896912]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-03-17 3373456]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-03-17 19872]
"Ilwsoft"="c:\users\user\AppData\Local\Ilwsoft\ctrlnetInterval.dll" [2015-01-02 30720]
"Idbsoft"="c:\users\user\AppData\Local\ITsoft\Inengine.dll" [2015-01-02 37376]
"Ihvoiwvogya"="c:\users\user\AppData\Roaming\Xoulaqe\uffaysv.exe" [2015-01-10 506012]
"Neumuhcykimeog"="c:\users\user\AppData\Roaming\Apoxapyz\alevy.exe" [2011-10-13 506555]
"DelayShred"="c:\progra~1\mcafee\mqs\ShrCL.EXE" [2014-06-12 129088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Telia"="c:\program files (x86)\Telia\Supportassistenten\bin\sprtcmd.exe" [2010-11-11 206120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-06-21 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-11-03 73728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skärmurklipp och start för OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 c2cautoupdatesvc;Skype Click to Call Updater; [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys;c:\windows\SYSNATIVE\DRIVERS\shbecr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys;c:\windows\SYSNATIVE\drivers\pavboot64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE07080.017\ccSetx64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 MOBKbackup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 sprtsvc_teliada;SupportSoft Sprocket Service (teliada);c:\program files (x86)\Telia\Supportassistenten\bin\sprtsvc.exe;c:\program files (x86)\Telia\Supportassistenten\bin\sprtsvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 tgsrvc_teliada;SupportSoft Repair Service (teliada);c:\program files (x86)\Telia\Supportassistenten\bin\tgsrvc.exe;c:\program files (x86)\Telia\Supportassistenten\bin\tgsrvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
S3 IntcDAud;Intel(R) Bildskärmsljud;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2015-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:35]
.
2015-01-01 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
- c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2011-10-28 10:03]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 00:54]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 00:54]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2666454066-465502622-1009703566-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:12]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2666454066-465502622-1009703566-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-19 03:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-01-10 21:07	2471744	----a-w-	c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2015-01-02 12:55	2738176	----a-w-	c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2014-05-06 19:12	6486376	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2014-05-06 19:12	6486376	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2014-05-06 19:12	6486376	----a-w-	c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-02 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-02 417560]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=104.131.234.108:3128
IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Skicka bild till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Skicka sida till &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\1zmd8jlb.default\
FF - prefs.js: browser.startup.homepage - file:///c:/users/user/documents/evony/safe%20bot%20acc/ioshik/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/smithy/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/fjutt/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/warboy/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/wagner/autoevony2.html|file:///c:/users/user/documents/evony/safe%20bot%20acc/pluns98/autoevony2.html|file:///C:/Users/user/Documents/Evony/Safe%20BOT%20acc/SirAries/AutoEvony2.html
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 1970-05-30 05:08; {4EADCDA6-6762-E449-44F8-C3010B4AC0C7}; - 
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-LightShot - c:\users\user\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DirectDownloader - c:\users\user\AppData\Local\DirectDownloader\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.8.23\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Sluttid: 2015-01-13  18:09:52 - datorn startades om.
ComboFix-quarantined-files.txt  2015-01-13 17:09
.
Före genomsökningen: 68 604 530 688 byte ledigt
Efter genomsökningen: 68 907 008 000 byte ledigt
.
- - End Of File - - 9CEFF3321E24250A0B6DC94AE5D3C6F3



#13 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 13 January 2015 - 12:22 PM

Additional information:

While I was waiting for your instructions, I blocked all insatnces of Eraem .... and it's related files from conecting to internet in my firewall: McAfee Total Protection.

Just as I was starting combofix, I had 2 messages from the firewall that Eraem Vire Studaa was trying to access internet and was blocked

 

These screendumps will show what files I've blocked from internet axcess:

http://prntscr.com/5s19im


Edited by Ioshik, 13 January 2015 - 12:48 PM.


#14 Ioshik

Ioshik
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 13 January 2015 - 03:25 PM

I don't know if these screendumps from windows rescource monitor could be of any help to resolve this problem, but they do show some registry keys related to the malware files:

http://prntscr.com/5s3nrk
http://prntscr.com/5s3odk

http://prntscr.com/5s3ord
http://prntscr.com/5s3pam


Edited by Ioshik, 13 January 2015 - 03:26 PM.


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 PM

Posted 14 January 2015 - 02:54 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users