Guide: Hur man blir av med "Polisen har blockerat din dator!"

C:\FRST\Quarantine\C\ProgramData\07260DF36.zot.xBAD a variant of Win64/Kryptik.IT trojan
C:\FRST\Quarantine\C\ProgramData\63FD06270.cpp.xBAD a variant of Win32/Kryptik.CWFA trojan
C:\Users\KB\AppData\Local\Bflix2\tbBfli.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\KB\AppData\Local\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\KB\AppData\Local\Temp\0q8H.dll a variant of Win32/Kryptik.CWFA trojan
C:\Users\KB\Downloads\ManyCam.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows\Installer\443a4.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by KB at 2015-01-26 17:45:21 Run:2
Running from C:\Users\KB\Desktop
Loaded Profiles: KB (Available profiles: KB)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {BB493553-B303-4275-9208-1D2C81CCD864} - System32\Tasks\4322 => Wscript.exe C:\Users\KB\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {EF3B5183-9F0B-43C4-BB0C-406ADB9BA594} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://swedish.toggle.com/sv/index.php?rvs=google
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://swedish.toggle.com/sv/index.php?rvs=google
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {45c2637f-29b4-4c20-80d9-095d8eeeb2a7} - No File
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - No File
URLSearchHook: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=c1baea6e-1611-11e1-8331-...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=c1baea6e-1611-11e1-8331-...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {28258BFA-EB24-4B68-A390-C73ABA0B5E01} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {4672EAA0-A9C7-446E-B7F3-A1BF5D141BA8} URL = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=10286...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {8BAE83CA-DF5E-423A-A3FB-E3907D5A603C} URL =
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
BHO-x32: No Name -> {1185823F-F22F-4027-80E5-4F68ACD5DE5E} -> No File
BHO-x32: Yontoo Layers -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {45C2637F-29B4-4C20-80D9-095D8EEEB2A7} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\...\Firefox\Extensions: [shabtay@gmail.com] - C:\Program Files (x86)\2YourFace\2YourFace.xpi
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=crb&gct=ds&appid=115&sys...
CHR DefaultSuggestURL: Default ->
CHR HKLM-x32\...\Chrome\Extension: [lmblfngognklgemafekefcdjcnkdhmdm] - C:\Program Files (x86)\2YourFace\2YourFace.crx [Not Found]
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB493553-B303-4275-9208-1D2C81CCD864}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB493553-B303-4275-9208-1D2C81CCD864}" => Key deleted successfully.
C:\Windows\System32\Tasks\4322 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4322" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF3B5183-9F0B-43C4-BB0C-406ADB9BA594}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF3B5183-9F0B-43C4-BB0C-406ADB9BA594}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{45c2637f-29b4-4c20-80d9-095d8eeeb2a7} => value deleted successfully.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6dabbda0-1da5-4a2f-bc89-2ae084c572fa} => value deleted successfully.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => value deleted successfully.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{28258BFA-EB24-4B68-A390-C73ABA0B5E01}" => Key deleted successfully.
HKCR\CLSID\{28258BFA-EB24-4B68-A390-C73ABA0B5E01} => Key not found.
"HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4672EAA0-A9C7-446E-B7F3-A1BF5D141BA8}" => Key deleted successfully.
HKCR\CLSID\{4672EAA0-A9C7-446E-B7F3-A1BF5D141BA8} => Key not found.
"HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8BAE83CA-DF5E-423A-A3FB-E3907D5A603C}" => Key deleted successfully.
HKCR\CLSID\{8BAE83CA-DF5E-423A-A3FB-E3907D5A603C} => Key not found.
"HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E} => Key not found.
HKCR\Wow6432Node\CLSID\{1185823F-F22F-4027-80E5-4F68ACD5DE5E} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}" => Key deleted successfully.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{45C2637F-29B4-4C20-80D9-095D8EEEB2A7} => value deleted successfully.
HKCR\CLSID\{45C2637F-29B4-4C20-80D9-095D8EEEB2A7} => Key not found.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} => value deleted successfully.
HKCR\CLSID\{6DABBDA0-1DA5-4A2F-BC89-2AE084C572FA} => Key not found.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => value deleted successfully.
HKCR\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} => Key not found.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} => value deleted successfully.
HKCR\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Mozilla\Firefox\Extensions\\shabtay@gmail.com => value deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lmblfngognklgemafekefcdjcnkdhmdm" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog 17:46:22 ====

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by KB at 2015-01-26 18:32:00 Run:3
Running from C:\Users\KB\Desktop
Loaded Profiles: KB (Available profiles: KB)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\KB\AppData\Local\Bflix2\tbBfli.dll
C:\Users\KB\AppData\Local\ConduitEngine
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\KB\AppData\Local\Bflix2\tbBfli.dll => Moved successfully.
C:\Users\KB\AppData\Local\ConduitEngine => Moved successfully.
EmptyTemp: => Removed 30 MB temporary data.

The system needed a reboot.

==== End of Fixlog 18:34:05 ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by KB (administrator) on KB-DATOR on 26-01-2015 18:39:47
Running from C:\Users\KB\Desktop
Loaded Profiles: KB (Available profiles: KB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [263936 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAP...
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAP...
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {28258BFA-EB24-4B68-A390-C73ABA0B5E01} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKLM-x32 -> {8BAE83CA-DF5E-423A-A3FB-E3907D5A603C} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
SearchScopes: HKLM-x32 -> {FAE51769-12DC-404A-8814-E1C0B3D52F35} URL = http://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAP...
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {747C55D2-DF96-4904-85C0-61C0C7BE276A} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1714336835-4238330309-3966115506-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={EEED32FC-E7BA-48FC-AECB-... 17:15:09&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw...
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 195.67.199.33 195.67.199.34

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=5.1.3.2 -> C:\Program Files (x86)\BankID\npBispBrowser.dll (Finansiell ID-Teknik BID AB)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1714336835-4238330309-3966115506-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - c:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (vshare plugin) - C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-12-03]
CHR Extension: (Skype Click to Call) - C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-08] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-08] (AVG Technologies)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
S3 TdsNordecr; C:\Windows\System32\DRIVERS\nordecr.sys [28672 2007-10-30] (Todos Data System AB)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 17:51 - 2015-01-26 18:36 - 00000112 _____ () C:\Windows\setupact.log
2015-01-26 17:51 - 2015-01-26 17:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-26 04:08 - 2015-01-26 18:39 - 00000000 ____D () C:\FRST
2015-01-25 21:32 - 2015-01-25 21:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-25 21:28 - 2015-01-26 17:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 21:27 - 2015-01-25 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-25 21:27 - 2015-01-25 21:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-25 21:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 21:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 21:15 - 2015-01-26 18:41 - 00016642 _____ () C:\Users\KB\Desktop\FRST.txt
2015-01-25 21:14 - 2015-01-25 19:07 - 02129920 _____ (Farbar) C:\Users\KB\Desktop\FRST64.exe
2015-01-14 13:26 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 13:26 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 13:26 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 13:26 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 13:26 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 13:26 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 13:26 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 13:26 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 13:26 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 13:26 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 13:26 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 13:26 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 13:26 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 18:37 - 2011-04-26 17:22 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 18:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 18:34 - 2014-08-12 11:34 - 01244675 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 18:32 - 2011-02-02 17:10 - 00000000 ____D () C:\Users\KB\AppData\Local\Bflix2
2015-01-26 18:28 - 2012-12-03 18:38 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-26 18:17 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 18:17 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 17:53 - 2013-08-12 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2015-01-26 17:36 - 2011-04-26 17:22 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 17:35 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-26 17:26 - 2010-08-27 08:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-26 17:20 - 2014-06-15 15:27 - 00003912 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FD231F50-5376-4DD8-A4BA-14BAA10EF0BB}
2015-01-26 17:18 - 2013-08-12 21:33 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-26 05:33 - 2014-11-08 17:15 - 00190690 _____ () C:\Windows\SysWOW64\debug.log
2015-01-26 00:47 - 2012-12-03 18:39 - 00002151 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 21:28 - 2012-12-03 18:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 21:28 - 2012-12-03 18:38 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 21:28 - 2011-11-08 17:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 21:27 - 2013-08-12 21:59 - 00000000 ____D () C:\Users\KB\AppData\Roaming\Malwarebytes
2015-01-25 21:27 - 2013-08-12 21:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 21:27 - 2013-08-12 21:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-25 21:16 - 2010-10-24 04:49 - 00668266 _____ () C:\Windows\system32\perfh01D.dat
2015-01-25 21:16 - 2010-10-24 04:49 - 00145158 _____ () C:\Windows\system32\perfc01D.dat
2015-01-25 21:16 - 2009-07-14 06:13 - 01594346 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 12:18 - 2013-08-14 14:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 11:53 - 2010-12-24 19:43 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 19:06 - 2010-12-24 19:56 - 00000000 ____D () C:\Users\KB\AppData\Roaming\Spotify
2015-01-13 16:12 - 2010-12-24 19:56 - 00000000 ____D () C:\Users\KB\AppData\Local\Spotify

==================== Files in the root of some directories =======

2014-02-11 20:35 - 2014-02-11 20:35 - 49940480 _____ () C:\Program Files (x86)\GUT9716.tmp
2014-02-11 21:16 - 2014-02-11 21:16 - 0000048 _____ () C:\Users\KB\AppData\Roaming\mbam.context.scan
2011-06-27 19:24 - 2011-06-27 19:24 - 0000000 _____ () C:\Users\KB\AppData\Local\{770D77C2-D384-46AA-879C-FE7BCC4EB99F}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-24 02:29

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by KB at 2015-01-26 18:43:08
Running from C:\Users\KB\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AA1000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4257 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
BankID säkerhetsprogram (HKLM-x32\...\{2D6973ED-BBF2-434E-993C-37E05087B8C8}) (Version: 5.1.3.2 - Finansiell ID-Teknik BID AB)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow [rev 3154] [2009-12-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
ffdshow x64 v1.1.3631 [2010-11-15] (HKLM\...\ffdshow64_is1) (Version: 1.1.3631.0 - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free CD to MP3 Converter (HKLM-x32\...\Free CD to MP3 Converter) (Version: - )
Free YouTube to MP3 Converter version 3.10.815 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd..)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
LibreOffice 4.0.3.3 (HKLM-x32\...\{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}) (Version: 4.0.3.3 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManyCam 3.0.80 (remove only) (HKLM-x32\...\ManyCam) (Version: 3.0.80 - ManyCam LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klicka-och-kör 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - svenska (HKLM-x32\...\{90140011-0066-041D-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{9085041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Professional med FrontPage (HKLM-x32\...\{9028041D-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 6 Ultra Edition (HKLM-x32\...\Nero - Burning Rom!UninstallKey) (Version: - )
Nero 9 Essentials (HKLM-x32\...\{0e385e0a-0c88-4934-b221-c220a7adf5cc}) (Version: - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Nordea NCR1 Installationspaket (HKLM-x32\...\{CD9A35D4-8A81-4188-98AF-14D759083FB4}) (Version: 1.00.000 - Todos Data System AB)
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0806.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.0 - )
Spotify (HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\...\Spotify) (Version: 0.8.3.222.g317ab79d - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.9947 - TeamViewer GmbH)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.137.706 - Chicony Electronics Co.,Ltd.)
WildTangent Games App (Packard Bell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell) (Version: 4.0.5.36 - WildTangent)
Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1714336835-4238330309-3966115506-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Zodiac Casino (HKLM-x32\...\zodiac) (Version: 16.10.2.1587 - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

02-01-2015 13:20:52 Schemalagd kontrollpunkt
10-01-2015 11:21:35 Schemalagd kontrollpunkt
15-01-2015 11:50:51 Windows Update
24-01-2015 02:32:05 Schemalagd kontrollpunkt
26-01-2015 17:25:38 Removed League of Legends
26-01-2015 17:45:24 Restore Point Created by FRST
26-01-2015 18:32:12 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2404FC97-C2C6-4E8F-AB93-D8E4D74EAB59} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {811E5F18-A22F-46BB-86C5-4DF50C915EBF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {83D981B1-B300-4766-91DE-8F1848DDD3ED} - System32\Tasks\{3E1D9E2C-0F73-45A9-AB4B-2084030DFE7E} => pcalua.exe -a D:\INSTALL.EXE -d D:\
Task: {B5559955-4E27-42AE-94FD-AFF5A4FCA1F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {BA6D9D6B-9EA2-4B67-8F06-234C5F683A0D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C86AAB1F-9726-4FA3-94FF-7602E6F96D95} - System32\Tasks\{9153C277-6881-426B-8455-392B5CCEF940} => pcalua.exe -a "C:\Users\KB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C97U7J89\Bflix2[1].exe" -d C:\Users\KB\Desktop
Task: {DE9DC535-1283-45D2-AD68-5C01C25ED956} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {E799B60B-0505-4B63-9FC4-65E8BA1639EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-10-24 04:16 - 2010-06-09 11:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-11-08 17:14 - 2014-11-08 17:14 - 03060248 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-11-08 17:15 - 2014-11-08 17:14 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2010-08-27 09:39 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-11-08 17:15 - 2014-11-08 17:14 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2014-10-18 05:00 - 2014-10-18 05:00 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-08-27 08:55 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files (x86)\Video Web Camera\traybar.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Program Files (x86)\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe"

========================= Accounts: ==========================

Administratör (S-1-5-21-1714336835-4238330309-3966115506-500 - Administrator - Disabled)
Gäst (S-1-5-21-1714336835-4238330309-3966115506-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1714336835-4238330309-3966115506-1002 - Limited - Enabled)
KB (S-1-5-21-1714336835-4238330309-3966115506-1001 - Administrator - Enabled) => C:\Users\KB

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2015 06:32:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fel i tjänsten Volume Shadow Copy: Oväntat fel när gränssnittet IVssWriterCallback skulle erhållas. hr = 0x80070005, Åtkomst nekad.
.
Det orsakas ofta av inkorrekta säkerhetsinställningar i processen för antingen skrivaren eller beställaren.

Åtgärd:
Samlar in skrivardata

Kontext:
Skrivarklass-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Skrivarnamn: System Writer
Skrivarinstans-ID: {f43ac633-c1f9-459a-bc2d-342547906a25}

Error: (01/26/2015 05:51:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1656) WebCacheLocal: Felet -1811 inträffade när loggfilen C:\Users\KB\AppData\Local\Microsoft\Windows\WebCache\V0101330.log öppnades.

Error: (01/25/2015 06:05:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: ePowerTray.exe, version 5.0.3005.0, tidsstämpel 0x4c11ccf9
, felet uppstod i modulen med namn: ePowerTray.exe, version 5.0.3005.0, tidsstämpel 0x4c11ccf9
Undantagskod: 0xc0000005
Felförskjutning: 0x0000000000001e99
Process-ID: 0xf60
Programmets starttid: 0xePowerTray.exe0
Sökväg till program: ePowerTray.exe1
Sökväg till modul: ePowerTray.exe2
Rapport-ID: ePowerTray.exe3

Error: (01/25/2015 11:11:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Felet uppstod i programmet med namn: ePowerTray.exe, version 5.0.3005.0, tidsstämpel 0x4c11ccf9
, felet uppstod i modulen med namn: ePowerTray.exe, version 5.0.3005.0, tidsstämpel 0x4c11ccf9
Undantagskod: 0xc0000005
Felförskjutning: 0x0000000000001e99
Process-ID: 0x9f8
Programmets starttid: 0xePowerTray.exe0
Sökväg till program: ePowerTray.exe1
Sökväg till modul: ePowerTray.exe2
Rapport-ID: ePowerTray.exe3

Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Det går inte att initiera indexet.

Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Det går inte att initiera programmet.

Kontext: program Windows

Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Det går inte att initiera insamlingsobjektet.

Kontext: program Windows, katalog SystemIndex

Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Det går inte att initiera plugin-programmet i <Search.TripoliIndexer>.

Kontext: program Windows, katalog SystemIndex

Information:
Det gick inte att hitta elementet. (HRESULT : 0x80070490) (0x80070490)

Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Det går inte att initiera plugin-programmet i <Search.JetPropStore>.

Kontext: program Windows, katalog SystemIndex

Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Det går inte att läsa in informationen i egenskapsarkivet.

Kontext: program Windows, katalog SystemIndex

Information:
Innehållsindexets databas är skadad. (HRESULT : 0xc0041800) (0xc0041800)

System errors:
=============
Error: (01/26/2015 06:37:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för FailureActions med följande fel:
%%5.

Error: (01/26/2015 06:34:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Anrop ScRegSetValueExW avbröts för FailureActions med följande fel:
%%5.

Error: (01/26/2015 06:33:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tjänsthanteraren försökte utföra en korrigeringsåtgärd (Starta om tjänsten) efter att tjänsten Windows Search avslutats oväntat, men denna åtgärd misslyckades med följande fel:
%%1056

Error: (01/26/2015 06:33:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Application Virtualization Client avslutades oväntat. Detta har skett 1 gånger.

Error: (01/26/2015 06:33:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten Windows Search avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 30000 millisekunder: Starta om tjänsten.

Error: (01/26/2015 06:33:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Client Virtualization Handler avslutades oväntat. Detta har skett 1 gånger.

Error: (01/26/2015 06:33:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Tjänsten TeamViewer 6 avslutades oväntat. Den har gjort detta 1 gång(er). Följande åtgärd kommer att utföras om 60000 millisekunder: Starta om tjänsten.

Error: (01/26/2015 06:33:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Intel(R) Rapid Storage Technology avslutades oväntat. Detta har skett 1 gånger.

Error: (01/26/2015 06:33:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten Updater Service avslutades oväntat. Detta har skett 1 gånger.

Error: (01/26/2015 06:33:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjänsten NTI IScheduleSvc avslutades oväntat. Detta har skett 1 gånger.

Microsoft Office Sessions:
=========================
Error: (01/26/2015 06:32:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Åtkomst nekad.

Åtgärd:
Samlar in skrivardata

Kontext:
Skrivarklass-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Skrivarnamn: System Writer
Skrivarinstans-ID: {f43ac633-c1f9-459a-bc2d-342547906a25}

Error: (01/26/2015 05:51:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost1656WebCacheLocal: C:\Users\KB\AppData\Local\Microsoft\Windows\WebCache\V0101330.log-1811

Error: (01/25/2015 06:05:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe5.0.3005.04c11ccf9ePowerTray.exe5.0.3005.04c11ccf9c00000050000000000001e99f6001d038c07e01c113C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe5eef6d13-a4b4-11e4-b495-1c75081facdb

Error: (01/25/2015 11:11:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ePowerTray.exe5.0.3005.04c11ccf9ePowerTray.exe5.0.3005.04c11ccf9c00000050000000000001e999f801d03886ab2e7a5bC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exeC:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe847cf7ff-a47a-11e4-8259-1c75081facdb

Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: program Windows

Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: program Windows, katalog SystemIndex

Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/25/2015 11:08:16 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: program Windows, katalog SystemIndex

Information:
Det gick inte att hitta elementet. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: program Windows, katalog SystemIndex

Information:
Innehållsindexets katalog är skadad. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/25/2015 11:08:12 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: program Windows, katalog SystemIndex

Information:
Innehållsindexets databas är skadad. (HRESULT : 0xc0041800) (0xc0041800)

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 1977.98 MB
Available physical RAM: 926.45 MB
Total Pagefile: 3955.96 MB
Available Pagefile: 2594.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:219.79 GB) (Free:122.35 GB) NTFS
Drive e: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: FD0A3FD2)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=219.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Malwarebytes Anti-Malware
www.malwarebytes.org

Skanningsdatum: 2015-01-26
Skanningstid: 19:06:57
Loggfil: MBAMLog.txt
Administratör: Ja

Version: 2.00.4.1028
Databas med skadliga progarm: v2015.01.26.06
Databas med rootkit: v2015.01.14.01
Licens: Gratis
Skydd mot skadliga program: Inaktiverat
Skydd mot skadliga webbplatser: Inaktiverat
Självförsvar: Inaktiverat

OS: Windows 7 Service Pack 1
CPU: x64
Filsystem: NTFS
Användare: KB

Skanningstyp: Hotskanning
Resultat: Slutförd
Skannade objekt: 342660
Förfluten tid: 31 min, 2 sek

Minne: Aktiverat
Autostart: Aktiverat
Filsystem: Aktiverat
Arkivfiler: Aktiverat
Rootkits: Inaktiverat
Heuristik: Aktiverat
PUP: Varna
PUM: Aktiverat

Processer: 0
(Inga illasinnade poster hittades)

Moduler: 0
(Inga illasinnade poster hittades)

Registernycklar: 28
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, , [00feda21f4957bbb29458f10986b7d83],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, , [ef0f83786920a5916c02ffa0b94a33cd],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kpionmjnkbpcdpcflammlgllecmejgjj, , [ed1128d3bbced363df3eb1d2be45d62a],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1714336835-4238330309-3966115506-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [f10df00b32571a1cd8e11c645ea5758b],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1714336835-4238330309-3966115506-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [12eccd2e5e2be4520e644440b94a47b9],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{82443621-A29A-473E-8335-F5C958A7A4CA}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{82443621-A29A-473E-8335-F5C958A7A4CA}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\IEhelperActiveX.IEhelperLabel.1, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\IEhelperActiveX.IEhelperLabel, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IEhelperActiveX.IEhelperLabel, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IEhelperActiveX.IEhelperLabel.1, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKU\S-1-5-21-1714336835-4238330309-3966115506-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1B48071-416D-474E-A13B-BE5456E7FC31}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A1B48071-416D-474E-A13B-BE5456E7FC31}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\MyNewsBar.IE5Bar.1, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\MyNewsBar.IE5Bar, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyNewsBar.IE5Bar, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MyNewsBar.IE5Bar.1, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C876A2AD-D4BA-11D3-9D38-D0D087C500CC}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C876A2AD-D4BA-11D3-9D38-D0D087C500CC}, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}, , [9d616596454455e172e2214f996aaf51],

Registervärden: 0
(Inga illasinnade poster hittades)

Registerdata: 1
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://start.facemoods.com/?a=bf&s={searchTerms}&f=4, Bra: (www.google.com), Dåliga: (http://start.facemoods.com/?a=bf&s={searchTerms}&f=4),,[09f58a718900e6507d444b5b26df718f]

Mappar: 6
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.Datamngr.A, C:\Users\KB\AppData\LocalLow\DataMngr, , [3cc22dcea1e8e2543940eb5c90730ff1],
PUP.Optional.vShare.A, C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj, , [76888477e3a659ddd26949274fb4e41c],
PUP.Optional.vShare.A, C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0, , [76888477e3a659ddd26949274fb4e41c],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin, , [9d616596454455e172e2214f996aaf51],

Filer: 34
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\1.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\a.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\b.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\c.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\d.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\e.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\f.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\g.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\h.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\i.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\J.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\k.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\l.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\m.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\mru.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\n.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\o.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\p.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\q.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\r.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\s.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\t.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\u.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\v.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\w.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\x.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\y.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.PriceGong.A, C:\Users\KB\AppData\LocalLow\PriceGong\Data\z.xml, , [d8268279bbceff37e3c38cb804ff4bb5],
PUP.Optional.Datamngr.A, C:\Users\KB\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [3cc22dcea1e8e2543940eb5c90730ff1],
PUP.Optional.vShare.A, C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll, , [76888477e3a659ddd26949274fb4e41c],
PUP.Optional.vShare.A, C:\Users\KB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\manifest.json, , [76888477e3a659ddd26949274fb4e41c],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll, , [9d616596454455e172e2214f996aaf51],
PUP.Optional.vShare.A, C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx, , [9d616596454455e172e2214f996aaf51],

Fysiska sektorer: 0
(Inga illasinnade poster hittades)

(end)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by KB at 2015-01-26 20:48:15 Run:4
Running from C:\Users\KB\Desktop
Loaded Profiles: KB (Available profiles: KB)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {28258BFA-EB24-4B68-A390-C73ABA0B5E01} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKLM-x32 -> {8BAE83CA-DF5E-423A-A3FB-E3907D5A603C} URL = http://swedish.toggle.com/sv/index.php?rvs=google
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&Sea...
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{28258BFA-EB24-4B68-A390-C73ABA0B5E01}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{28258BFA-EB24-4B68-A390-C73ABA0B5E01} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8BAE83CA-DF5E-423A-A3FB-E3907D5A603C}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8BAE83CA-DF5E-423A-A3FB-E3907D5A603C} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.

The system needed a reboot.

==== End of Fixlog 20:48:56 ====

C:\FRST\Quarantine\C\ProgramData\07260DF36.zot.xBAD a variant of Win64/Kryptik.IT trojan
C:\FRST\Quarantine\C\ProgramData\63FD06270.cpp.xBAD Win32/Reveton.AL trojan
C:\FRST\Quarantine\C\Users\KB\AppData\Local\Bflix2\tbBfli.dll.xBAD a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\FRST\Quarantine\C\Users\KB\AppData\Local\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\KB\Downloads\ManyCam.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows\Installer\443a4.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application