Tagara

Oops, I managed to post my comment before fully uploading the .txt file.FRST.txt

I could not fit the FRST.txt file in the post. I will have to send it over.

AdwCleaner did not give me any log at all. I've used this once before (when helping a friend with some computer issues.) AdwCleaner did not find anything either so I guess it is okay. If you would like me to scan once more and see if I can get a log I'll do that for you. I also forgot to get a log from Eset's online scanner. Do I have to get a new one of that? It did not detect anything with the right setings. Farbar Recover Scan Tool logs: Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-12-2013 03Ran by magnus at 2013-12-18 21:46:03Running from D:\MIDLERTIDIG\FRSTBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 3.2.0.2070)Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)Adobe Reader X (10.1.7) - Norsk (x32 Version: 10.1.7)Age of Empires II: HD Edition (x32)AMD Catalyst Install Manager (Version: 8.0.903.0)APB Reloaded (x32)Apple Mobile Device Support (Version: 7.0.0.117)Apple Software Update (x32 Version: 2.1.3.127)Apple-programsupport (x32 Version: 2.3.6)Application Profiles (x32 Version: 2.0.4719.35969)Arma 3 Alpha (x32)ASIO4ALL (x32 Version: 2.11 Beta1)Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0)avast! Free Antivirus (x32 Version: 9.0.2006)Battle.net (x32)Battlefield 3™ (x32 Version: 1.4.0.0)Battlelog Web Plugins (x32 Version: 2.3.2)Blacklight: Retribution (x32)Bonjour (Version: 3.0.0.10)Borderlands 2 (x32)Burnout Paradise: The Ultimate Box (x32)Call of Duty: Black Ops II - Multiplayer (x32)Call of Duty: Black Ops II - Zombies (x32)Call of Duty: Black Ops II (x32)Call of Duty: Modern Warfare 2 - Multiplayer (x32)Call of Duty: Modern Warfare 2 (x32)Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)CCleaner (Version: 3.25)Comodo Dragon (x32 Version: 30.0.0.0)Dead Island (x32)Diablo III (x32)Don't Starve (x32)Dota 2 (x32)Dropbox (HKCU Version: 2.0.26)ERUNT 1.1j (x32)ESN Sonar (x32 Version: 0.70.4)Fallout: New Vegas (x32)Far Cry® 3 Blood Dragon (x32)Firefall (x32)FTL: Faster Than Light (x32)Futuremark SystemInfo (x32 Version: 4.9.0)Garry's Mod (x32)GeForce Experience NvStream Client Components (Version: 1.6.28)Grand Theft Auto IV (x32)Grand Theft Auto: Episodes from Liberty City (x32)Guild Wars 2 (x32)Gyazo 2.0.1 (x32)Hearthstone (x32)ImgBurn (x32 Version: 2.5.7.0)Intel® Management Engine Components (x32 Version: 8.0.2.1410)Intel® Network Connections 17.1.55.0 (Version: 17.1.55.0)Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006)Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)Intel® Trusted Connect Service Client (Version: 1.23.605.1)iTunes (Version: 11.1.3.8)Java 7 Update 45 (64-bit) (Version: 7.0.450)Java 7 Update 45 (x32 Version: 7.0.450)Java Auto Updater (x32 Version: 2.1.9.8)JavaFX 2.1.0 (x32 Version: 2.1.0)Kerbal Space Program (x32)League of Legends (x32 Version: 3.0.1)Left 4 Dead 2 (x32)Malwarebytes Anti-Malware versjon 1.75.0.1300 (x32 Version: 1.75.0.1300)Media Player Classic - Home Cinema 1.6.2.4360 (x32 Version: 1.6.2.4360)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Client Profile NOR Language Pack (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft .NET Framework 4 Extended NOR Language Pack (Version: 4.0.30319)Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610)Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610)Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)MSXML4 Parser (x32 Version: 1.0.0)Need for Speed™ Most Wanted (x32 Version: 1.5.0.0)Need for Speed™ Most Wanted (x32)Need for Speed™ The Run (x32 Version: 1.1.0.0)No More Room in Hell (x32)NVIDIA 3D Vision-driver 331.58 (Version: 331.58)NVIDIA Driver for HD-lyd 1.3.26.4 (Version: 1.3.26.4)NVIDIA Driver til 3D Vision-kontroller 331.58 (Version: 331.58)NVIDIA GeForce Experience 1.7 (Version: 1.7)NVIDIA Grafikkdriver 331.58 (Version: 331.58)NVIDIA Install Application (Version: 2.1002.140.952)NVIDIA kontrollpanel 331.58 (Version: 331.58)NVIDIA LED Visualizer 1.0 (Version: 1.0)NVIDIA oppdateringer 9.3.16 (Version: 9.3.16)NVIDIA PhysX (x32 Version: 9.13.0725)NVIDIA PhysX systemprogramvare 9.13.0725 (Version: 9.13.0725)NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3158)NVIDIA Update Components (Version: 9.3.16)NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)OpenOffice.org 3.3 (x32 Version: 3.3.9567)Orcs Must Die! 2 (x32)Origin (x32 Version: 8.6.0.357)Paint.NET v3.5.11 (Version: 3.61.0)Pando Media Booster (x32 Version: 2.6.0.7)PAYDAY: The Heist (x32)PlanetSide 2 (x32)Portal 2 (x32)PunkBuster Services (x32 Version: 0.993)Razer Synapse 2.0 (x32 Version: 1.14.4)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6570)RIFT (HKCU)RollerCoaster Tycoon 3 (x32)Sanctum (x32)Sanctum 2 (x32)SHIELD Streaming (Version: 1.6.34)SimCity™ (x32 Version: 1.0.0.0)Skype™ 6.1 (x32 Version: 6.1.129)Speccy (Version: 1.22)Spotify (HKCU Version: 0.9.6.81.gd359a796)StarCraft II (x32)StarForge Alpha (x32)Steam (x32 Version: 1.0.0.0)System Requirements Lab CYRI (x32 Version: 6.0.3.0)System Requirements Lab for Intel (x32 Version: 4.5.13.0)Team Fortress 2 (x32)TeamSpeak 3 Client (HKCU Version: 3.0.11.1)Terraria (x32)The Binding of Isaac (x32)The Elder Scrolls V: Skyrim (x32)The Sims™ 3 (x32 Version: 1.55.4)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)Uplay (x32 Version: 2.1)War Thunder (x32)Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)WinRAR 5.00 (64-bit) (Version: 5.00.0)World of Warcraft (x32)WorldPainter 1.6.4 (Version: 1.6.4)Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777) ==================== Restore Points ========================= 07-12-2013 12:20:54 Installed iTunes10-12-2013 15:26:00 Windows Update11-12-2013 21:39:34 Windows Update14-12-2013 23:01:27 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2262C7BA-109C-46C4-9327-D75BE5CDB9EA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-23] (AVAST Software)Task: {780F86C9-043C-4B85-9F74-5007E7CC7A49} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)Task: {9C22EF30-18EA-4DB9-8A09-887D4EC1E550} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)Task: {F0827AA0-0B75-41BC-96A9-2A7D24057994} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-03-19 21:09 - 2012-03-19 21:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-12-18 20:31 - 2013-12-18 19:48 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\13121802\algo.dll2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-08-16 11:45 - 2013-08-16 11:45 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll2012-06-01 11:13 - 2012-02-01 15:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2012-06-01 11:21 - 2012-02-07 16:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2013-12-14 14:44 - 2013-12-12 23:19 - 00142848 _____ () D:\Steam\libavresample-1.dll2013-12-14 14:44 - 2013-11-05 02:12 - 00890592 _____ () D:\Steam\libavutil-52.dll2013-03-12 17:10 - 2013-12-12 23:04 - 00716800 _____ () D:\Steam\SDL2.dll2012-08-05 21:14 - 2013-12-17 01:08 - 01138088 _____ () D:\Steam\bin\chromehtml.DLL2012-08-05 21:14 - 2013-12-12 23:04 - 20625832 _____ () D:\Steam\bin\libcef.dll2012-08-05 21:14 - 2013-06-15 00:49 - 01100800 _____ () D:\Steam\bin\avcodec-53.dll2012-08-05 21:14 - 2013-06-15 00:49 - 00124416 _____ () D:\Steam\bin\avutil-51.dll2012-08-05 21:14 - 2013-06-15 00:49 - 00192000 _____ () D:\Steam\bin\avformat-53.dll2013-12-11 18:42 - 2013-12-11 18:42 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\magnus\AppData\Roaming\Dropbox\bin\libcef.dll2013-10-23 19:47 - 2013-10-23 19:47 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2012-12-01 14:14 - 2013-11-27 19:20 - 00064000 _____ () D:\Origin\tufao.dll2013-12-04 20:46 - 2013-12-04 20:46 - 26118656 _____ () C:\Program Files (x86)\Battle.net\Battle.net.3968\libcef.dll2013-12-04 20:46 - 2013-12-04 20:46 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.3968\libglesv2.dll2013-12-04 20:46 - 2013-12-04 20:46 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.3968\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (12/18/2013 09:43:18 PM) (Source: SideBySide) (User: )Description: Generering av aktiveringskontekst mislyktes for C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1. Feil i manifest- eller policyfilen C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 i linje C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.Komponentene i konflikt er:.Komponent 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Komponent 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/18/2013 09:35:55 PM) (Source: Application Error) (User: )Description: Programnavn med feil: FalloutNV.exe, versjon: 1.4.0.525, tidsangivelse: 0x4e0d50edModulnavn med feil: FalloutNV.exe, versjon: 1.4.0.525, tidsangivelse: 0x4e0d50edUnntakskode: 0xc0000005Feilforskyvning: 0x00ac4614Feil prosess-ID: 0x188cFeil starttid for program: 0xFalloutNV.exe0Feil programbane: FalloutNV.exe1Feil modulbane: FalloutNV.exe2Rapport-ID: FalloutNV.exe3 Error: (12/18/2013 04:36:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-MYNDIGHET)Description: Innlasting av ytelsestellerstrengene for tjenesten WmiApRpl (WmiApRpl) mislyktes. Første DWORD i datadelen inneholder feilkoden. Error: (12/18/2013 04:36:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-MYNDIGHET)Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen. Error: (12/18/2013 04:36:34 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-MYNDIGHET)Description: Ytelsesstrengene i ytelsesregisterverdien skades ved behandling av utvidelsestellertilbyder Performance. Verdien BaseIndex fra ytelsesregistret er første DWORD i datadelen, verdien LastCounter er andre DWORD i datadelen og verdien LastHelp er tredje DWORD i datadelen. Error: (12/18/2013 04:36:04 PM) (Source: SideBySide) (User: )Description: Generering av aktiveringskontekst mislyktes for C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1. Feil i manifest- eller policyfilen C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 i linje C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.En komponentversjon som kreves av programmet, er i konflikt med en annen komponentversjon som allerede er aktiv.Komponentene i konflikt er:.Komponent 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Komponent 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (12/18/2013 04:32:30 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/18/2013 04:31:02 PM) (Source: NvStreamSvc) (User: )Description: NvStreamSvcNvVAD initialization failed [6] Error: (12/18/2013 04:31:02 PM) (Source: NvStreamSvc) (User: )Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] System errors:============= Microsoft Office Sessions:=========================Error: (12/18/2013 09:43:18 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\magnus\Downloads\esetsmartinstaller_enu.exe Error: (12/18/2013 09:35:55 PM) (Source: Application Error)(User: )Description: FalloutNV.exe1.4.0.5254e0d50edFalloutNV.exe1.4.0.5254e0d50edc000000500ac4614188c01cefc30781e97b3D:\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exeD:\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exefe3146be-6823-11e3-bd97-c86000be5a61 Error: (12/18/2013 04:36:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-MYNDIGHET)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (12/18/2013 04:36:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-MYNDIGHET)Description: Performance1637070000000000000000000009030000 Error: (12/18/2013 04:36:34 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-MYNDIGHET)Description: Performance1637070000000000000000000009030000 Error: (12/18/2013 04:36:04 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\magnus\Downloads\esetsmartinstaller_enu.exe Error: (12/18/2013 04:32:30 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/18/2013 04:31:02 PM) (Source: NvStreamSvc)(User: )Description: NvStreamSvcNvVAD initialization failed [6] Error: (12/18/2013 04:31:02 PM) (Source: NvStreamSvc)(User: )Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] CodeIntegrity Errors:=================================== Date: 2013-12-18 20:01:47.581 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-17 16:43:12.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-16 16:23:10.963 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-15 14:06:21.641 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-13 18:16:31.051 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-10 16:23:15.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-09 17:40:17.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-08 15:04:06.241 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-07 13:36:33.166 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. Date: 2013-12-07 13:05:53.249 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 38%Total physical RAM: 8079.17 MBAvailable physical RAM: 4940.96 MBTotal Pagefile: 16156.52 MBAvailable Pagefile: 12396.89 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:83.75 GB) (Free:23.99 GB) NTFSDrive d: (Lagring) (Fixed) (Total:1863.01 GB) (Free:1449.9 GB) NTFSDrive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 84 GB) (Disk ID: 45A6B04F)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=84 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C5E97F4B)Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ==================== End Of Log ============================

JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by magnus on 18.12.2013 at 16:21:52,67~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 18.12.2013 at 16:25:38,41End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let's start with the MBAR log: (It did not find anything at all. Same with all of the other tools, really. I'll still post the logs though.) MBAR-LOG: Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2013.12.18.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476magnus :: MAGNUS-PC [administrator] 18.12.2013 16:14:04mbar-log-2013-12-18 (16-14-04).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 254451Time elapsed: 4 minute(s), 31 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) MBAR SYS-LOG: \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\comctl32.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa8007273060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-2\Lower Device Object: 0xfffffa8006cd5050Lower Device Driver Name: \Driver\iaStor\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007272060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8006cd7050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007272060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007272b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007272060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006ca3510, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8006cd7050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 45A6B04F Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 175626240 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 90028302336 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-175816528-175836528)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa8007273060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007273b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007273060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006ca3e40, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8006cd5050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: C5E97F4B Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...Removal finished

Okay, I have finsihed what you said. Here is the log: RogueKiller V8.7.12 _x64_ [Nov 25 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : magnus [Admin rights]Mode : Scan -- Date : 12/17/2013 17:01:13| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤

While at it. Could we run a few scans to check if there is something other than OpenCandy on my PC. (If OpenCandy even were installed.)

Hello there. I was sitting on my computer one day when my Malwarebytes popped up randomly. It told me that it had put something in quarantine, and I am not really sure how I got it or if there is more of it on my computer. Later I removed it completely from my computer. I also did a full scan with Avast. Please. Keep in mind I had just downloaded µTorrent. It is gone from my computer now, I do not pirate anything. I was only downloading it because I wanted to check out a full scale replica of World of Warcraft inside of Minecraft. (That is a really huge world. The owner him / herselft have put the world up for the public to dowload with a torrent program. Once again, I do not pirate anything, it is completely gone now. I did delete the Minecraft map aswell, just in case it was infected aswell. Here is the log: 2013/12/16 16:21:09 +0100 MAGNUS-PC (null) MESSAGE Executing scheduled update: Daily2013/12/16 16:21:10 +0100 MAGNUS-PC (null) ERROR Scheduled update failed: No address found failed with error code 02013/12/16 16:21:11 +0100 MAGNUS-PC (null) MESSAGE Starting protection2013/12/16 16:21:11 +0100 MAGNUS-PC (null) MESSAGE Protection started successfully2013/12/16 16:21:11 +0100 MAGNUS-PC (null) MESSAGE Starting IP protection2013/12/16 16:21:12 +0100 MAGNUS-PC (null) MESSAGE IP Protection started successfully2013/12/16 16:22:39 +0100 MAGNUS-PC magnus IP-BLOCK 204.45.109.226 (Type: outgoing, Port: 49565, Process: avastsvc.exe)2013/12/16 16:22:39 +0100 MAGNUS-PC magnus IP-BLOCK 204.45.109.226 (Type: outgoing, Port: 49566, Process: avastsvc.exe)2013/12/16 16:22:55 +0100 MAGNUS-PC magnus IP-BLOCK 94.102.49.205 (Type: outgoing, Port: 49574, Process: avastsvc.exe)2013/12/16 16:22:55 +0100 MAGNUS-PC magnus IP-BLOCK 94.102.49.205 (Type: outgoing, Port: 49575, Process: avastsvc.exe)2013/12/16 17:00:52 +0100 MAGNUS-PC magnus DETECTION C:\Users\magnus\AppData\Local\Temp\utt625C.tmp PUP.Optional.OpenCandy QUARANTINE2013/12/16 17:22:41 +0100 MAGNUS-PC magnus IP-BLOCK 218.8.77.7 (Type: outgoing, Port: 27847, Process: utorrent.exe)2013/12/16 17:23:05 +0100 MAGNUS-PC magnus IP-BLOCK 218.10.86.251 (Type: outgoing, Port: 27847, Process: utorrent.exe)2013/12/16 17:37:45 +0100 MAGNUS-PC magnus IP-BLOCK 80.82.64.239 (Type: outgoing, Port: 27847, Process: utorrent.exe)2013/12/16 17:51:29 +0100 MAGNUS-PC magnus IP-BLOCK 219.152.118.96 (Type: outgoing, Port: 27847, Process: utorrent.exe)2013/12/16 21:41:18 +0100 MAGNUS-PC (null) MESSAGE Starting protection2013/12/16 21:41:18 +0100 MAGNUS-PC (null) MESSAGE Protection started successfully2013/12/16 21:41:18 +0100 MAGNUS-PC (null) MESSAGE Starting IP protection2013/12/16 21:41:19 +0100 MAGNUS-PC magnus MESSAGE IP Protection started successfully

I downloaded avast! and whitelisted the Mbam Pro files in avast! and vice versa. No problems as far I can see.

I do believe that Malwarebytes PRO can stand by itself, since the Pro version of it have real time protection. I would just like to know if I could run it together with avast! for even better protection against threats.

Hello. I was just wondering if it is a wise thing to run the PRO version of Malwarebytes together with avast! (free version.) Will it cause any problems if both of them are on at the same time? If so, is there something I can do to stop them from fighting?

Everything seems to be okay now. The programs are uninstalled aswell. Thank you for replying as quickly as you have been doing the last days!

CKscanner log: CKScanner 2.4 - Additional Security Risks - These are not necessarily badscanner sequence 3.RP.11.MXNAE0 ----- EOF ----- Security Check log: Results of screen317's Security Check version 0.99.74 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Java version out of Date! Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2013 Ran by Mathias at 2013-10-20 14:00:00 Run:1 Running from C:\Users\Mathias\Desktop\stuff and poop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** DeleteJunctionsInDirectory: C:\Program Files\Windows Defender DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Administrator\...\Run: [] - [x] HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKLM-x32 - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS SearchScopes: HKCU - DefaultScope {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = SearchScopes: HKCU - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) C:\Users\Mathias\random.dat C:\Users\Mathias\systemid.dat C:\Users\Mathias\AppData\Local\temp\Quarantine.exe ***************** "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. "C:\Program Files\Microsoft Security Client" => Not Found HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key deleted successfully. HKCR\CLSID\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key deleted successfully. HKCR\CLSID\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. C:\Users\Mathias\random.dat => Moved successfully. C:\Users\Mathias\systemid.dat => Moved successfully. C:\Users\Mathias\AppData\Local\temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ====

The ESET online scanner did not find anything, neither did Malwarebytes and MBAR. I did not get any log from ESET because of that. I will not include the Malwarebytes and MBAR log since it did not find anything. Tell me if you still want to take a look at them. Junkware Removal Tool: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.7 (10.15.2013:3)OS: Windows 8 x64Ran by Mathias on 19.10.2013 at 16:16:02,35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\biSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.capSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} ~~~ Files Successfully disinfected: [shortcut] C:\Users\Mathias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnkSuccessfully disinfected: [shortcut] C:\Users\Mathias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnkSuccessfully disinfected: [shortcut] C:\Users\Mathias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnkSuccessfully disinfected: [shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnkSuccessfully disinfected: [shortcut] C:\Users\Mathias\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnkSuccessfully disinfected: [shortcut] C:\Users\Public\Desktop\Google Chrome.lnk ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon"Successfully deleted: [Folder] "C:\ProgramData\esafe"Successfully deleted: [Folder] "C:\Users\Mathias\AppData\Roaming\nosibay" ~~~ Chrome Successfully deleted: [Folder] C:\Users\Mathias\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 19.10.2013 at 16:19:41,06End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adware Cleaner log: # AdwCleaner v3.008 - Report created 19/10/2013 at 16:24:56# Updated 17/10/2013 by Xplode# Operating System : Windows 8 (64 bits)# Username : Mathias - MATHIAS# Running from : C:\Users\Mathias\Desktop\stuff and poop\AdwCleaner\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\DSearchLinkFile Deleted : C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvcKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}Key Deleted : HKCU\Software\lollipopKey Deleted : HKCU\Software\Nosibay ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [1546 octets] - [19/10/2013 16:23:13]AdwCleaner[s0].txt - [1203 octets] - [19/10/2013 16:24:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1263 octets] ########## Farbar Recovery Scan, Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2013Ran by Mathias at 2013-10-19 19:01:49Running from C:\Users\Mathias\Desktop\stuff and poop\FRSTBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Call of Duty: Modern Warfare 2 - Multiplayer (x32)Call of Duty: Modern Warfare 2 (x32)CCleaner (Version: 4.06)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)ENE CIR Receiver Driver (Version: 4.1.0.0)ERUNT 1.1j (x32)Google Chrome (x32 Version: 30.0.1599.101)Google Update Helper (x32 Version: 1.3.21.165)Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15)Intel PROSet WirelessIntel® Management Engine Components (x32 Version: 8.1.0.1252)Intel® Processor Graphics (x32 Version: 9.17.10.2828)Intel® Rapid Storage Technology (x32 Version: 11.5.2.1001)Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)Intel® WiDi (Version: 3.5.34.0)Intel® PROSet/Wireless WiFi Software (Version: 15.05.2000.1462)Intel® Trusted Connect Service Client (Version: 1.24.388.1)Java 7 Update 25 (64-bit) (Version: 7.0.250)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)Microsoft Office 2010 Service Pack 1 (SP1) (x32)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)MotioninJoy DS3 driver version 0.6.0005 (Version: 0.6.0005)Nero 12 Essentials Toshiba (x32 Version: 12.0.00600)Nero BackItUp (x32 Version: 12.0.3000)Nero BackItUp Help (CHM) (x32 Version: 12.0.3000)Nero Blu-ray Player (x32 Version: 12.0.17500)Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000)Nero BurnRights (x32 Version: 12.0.5000)Nero BurnRights Help (CHM) (x32 Version: 12.0.5000)Nero ControlCenter (x32 Version: 11.0.15300)Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000)Nero Core Components (x32 Version: 11.0.18200)Nero Express (x32 Version: 12.0.20000)Nero Express Help (CHM) (x32 Version: 12.0.5000)Nero Kwik Media (x32 Version: 1.18.18900)Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000)Nero Kwik Themes Basic (x32 Version: 12.0.11500)Nero Launcher (x32 Version: 12.2.6000)Nero RescueAgent (x32 Version: 12.0.9000)Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000)Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)Nero Update (x32 Version: 11.0.11800.31.0)NVIDIA Control Panel 305.46 (Version: 305.46)NVIDIA Graphics Driver 305.46 (Version: 305.46)NVIDIA Install Application (Version: 2.1002.82.513)NVIDIA Optimus 1.10.8 (Version: 1.10.8)NVIDIA PhysX (x32 Version: 9.12.0613)NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613)NVIDIA Update Components (Version: 1.10.8)Prerequisite installer (x32 Version: 12.0.0002)Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6738)Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029)Shared C Run-time for x64 (Version: 10.0.0)Skype™ 6.9 (x32 Version: 6.9.106)Spotify (HKCU Version: 0.9.4.178.g259772ba)SRS Premium Sound Control Panel (Version: 1.12.5000)Steam (x32 Version: 1.0.0.0)Synaptics Pointing Device Driver (Version: 16.2.12.3)Terraria (x32)TOSHIBA Desktop Assist (Version: 1.00.0007.00002)TOSHIBA eco Utility (Version: 2.0.0.6415)TOSHIBA Flash Cards Support Utility (x32 Version: 1.51.8.2C)TOSHIBA Function Key (Version: 1.00.6625.6402)TOSHIBA HDD Protection (Version: 2.5.1.1)TOSHIBA Manuals (x32 Version: 10.10)TOSHIBA Password Utility (x32 Version: 1.0.0.5C)TOSHIBA PC Health Monitor (Version: 1.8.17.640104)TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006)TOSHIBA Remote Control Manager (x32 Version: 3.0.1014.2)TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00)TOSHIBA Service Station (Version: 2.4.4)TOSHIBA System Driver (x32 Version: 1.00.0013)TOSHIBA System Settings (x32 Version: 1.00.0002.32002)Toshiba TEMPRO (x32 Version: 4.2.2)TOSHIBA VIDEO PLAYER (Version: 5.1.0.12-A)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2553065) (x32)Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2566458) (x32)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)Utility Common Driver (x32 Version: 1.0.52.6)War of the Vikings Early Access (x32)Welcome App (Start-up experience) (x32 Version: 12.0.14000)WinRAR 5.00 (64-bit) (Version: 5.00.0) ==================== Restore Points ========================= 10-10-2013 15:39:13 Windows Update14-10-2013 19:55:01 Installed DirectX16-10-2013 18:57:44 Installed SpyHunter16-10-2013 20:14:22 Restore Operation18-10-2013 11:54:46 Installed DirectX ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {1CA5718A-56D2-43C1-BFA2-ECB9A372F814} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)Task: {1F113A29-46DA-441A-8725-DCF60AF45B04} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-28] (Synaptics Incorporated)Task: {27F653B1-282F-4299-B025-D376BC2DB2CE} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)Task: {2AC40365-D9D3-4FA4-8BD6-2E87160A5595} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)Task: {3CB6D002-8A03-4430-BF76-23641C4CEC83} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {503F9B8F-4BFF-428F-93E6-DB5EC77650E0} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)Task: {9362DED2-0B8F-4720-AEC0-33D77AF78685} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)Task: {F32639BC-7CC6-48E8-86A5-1FAAA03F6978} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-06 07:36 - 2012-08-06 07:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll2012-07-18 20:38 - 2012-07-18 20:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll2012-08-13 21:13 - 2012-08-13 21:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll2013-02-17 09:37 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2013-02-17 09:38 - 2012-08-01 03:32 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2013-08-21 14:18 - 2013-10-11 04:20 - 00690176 _____ () C:\Program Files (x86)\Steam\SDL2.dll2013-08-28 13:47 - 2013-10-17 21:38 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-08-07 11:31 - 2013-10-16 03:12 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/19/2013 05:01:03 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (10/19/2013 05:01:01 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (10/19/2013 05:00:56 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (10/19/2013 05:00:56 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (10/19/2013 05:00:53 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (10/19/2013 05:00:42 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (10/19/2013 05:00:38 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (10/19/2013 05:00:36 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. System errors:=============Error: (10/19/2013 04:33:02 PM) (Source: Service Control Manager) (User: )Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (10/19/2013 04:33:02 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (10/19/2013 04:28:54 PM) (Source: BTHUSB) (User: )Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled. Error: (10/19/2013 04:27:31 PM) (Source: Service Control Manager) (User: )Description: The TPCH Service service terminated with the following error: %%2147746288 Microsoft Office Sessions:=========================Error: (10/19/2013 05:01:03 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe Error: (10/19/2013 05:01:01 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe Error: (10/19/2013 05:00:56 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe Error: (10/19/2013 05:00:56 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe Error: (10/19/2013 05:00:53 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe Error: (10/19/2013 05:00:42 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\esetsmartinstaller_enu.exe Error: (10/19/2013 05:00:38 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\esetsmartinstaller_enu.exe Error: (10/19/2013 05:00:36 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Downloads\esetsmartinstaller_enu.exe ==================== Memory info =========================== Percentage of memory in use: 16%Total physical RAM: 16273.37 MBAvailable physical RAM: 13512.79 MBTotal Pagefile: 18577.37 MBAvailable Pagefile: 15786.91 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (TI31034700A) (Fixed) (Total:920.25 GB) (Free:838.08 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 932 GB) (Disk ID: 00000000) Partition: GPT Partition Type==================== End Of Log ============================ Farbar Recovery Scan, FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013Ran by Mathias (administrator) on MATHIAS on 19-10-2013 19:00:52Running from C:\Users\Mathias\Desktop\stuff and poop\FRSTWindows 8 (X64) OS Language: Norwegian BokmalInternet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\windows\system32\WLANExt.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)HKLM\...\Run: [sRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip [215247 2012-08-19] ()HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logonHKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)HKLM\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [751528 2012-08-27] (TOSHIBA Corporation)HKLM\...\Run: [TosPU] - C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe [2374552 2012-08-27] (Copyright © TOSHIBA Corp. 2012)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1820072 2013-10-17] (Valve Corporation)HKCU\...\Run: [spotify Web Helper] - C:\Users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-04] (Spotify Ltd)HKCU\...\Run: [DS3 Tool] - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [109640 2011-11-10] (www.motioninjoy.com)HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2012-07-20] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKU\Administrator\...\Run: [] - [x]AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-08-01] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-08-01] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJSSearchScopes: HKLM-x32 - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJSSearchScopes: HKCU - DefaultScope {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = SearchScopes: HKCU - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No FileCHR Extension: (Google Drive) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Carbon Leather [aero]) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhimegnmbdenbepnnjdpgcmkicechfj\1.0_0CHR Extension: (Gmail) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-19] (Intel Corporation)S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-19 19:00 - 2013-10-19 19:00 - 00000000 ____D C:\FRST2013-10-19 17:01 - 2013-10-19 17:01 - 00000000 ____D C:\Program Files (x86)\ESET2013-10-19 16:28 - 2013-10-19 16:28 - 00002302 _____ C:\windows\PFRO.log2013-10-19 16:23 - 2013-10-19 16:25 - 00000000 ____D C:\AdwCleaner2013-10-19 16:16 - 2013-10-19 16:16 - 00000000 ____D C:\windows\ERUNT2013-10-19 15:51 - 2013-10-19 15:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-19 15:50 - 2013-10-19 15:50 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2013-10-19 01:25 - 2013-10-19 01:25 - 00000000 ____D C:\Users\Mathias\Documents\Skule2013-10-19 01:24 - 2013-10-19 01:27 - 00000000 ____D C:\Users\Mathias\Documents\Mah stuff2013-10-18 16:12 - 2013-10-18 16:18 - 00000000 ____D C:\Qoobox2013-10-18 16:12 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe2013-10-18 16:12 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe2013-10-18 16:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe2013-10-18 16:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe2013-10-18 16:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe2013-10-18 16:12 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe2013-10-18 16:12 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe2013-10-18 16:12 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe2013-10-18 16:12 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe2013-10-18 13:57 - 2013-10-18 13:57 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll2013-10-18 13:57 - 2013-10-18 13:57 - 00000000 ____D C:\windows\SysWOW64\xlive2013-10-18 13:55 - 2013-10-18 13:55 - 00017589 _____ C:\windows\DirectX.log2013-10-17 20:03 - 2013-10-19 19:00 - 00000000 ____D C:\Users\Mathias\Desktop\stuff and poop2013-10-17 17:43 - 2013-10-18 16:16 - 00000000 ____D C:\windows\ERDNT2013-10-17 17:11 - 2013-10-17 17:11 - 00003132 _____ C:\windows\System32\Tasks\{B0A723CE-C112-4345-896E-E5630BD1AD58}2013-10-17 17:11 - 2013-10-17 17:11 - 00000899 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk2013-10-17 17:11 - 2013-10-17 17:11 - 00000899 _____ C:\Users\Administrator\Desktop\NTREGOPT.lnk2013-10-17 17:11 - 2013-10-17 17:11 - 00000880 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk2013-10-17 17:11 - 2013-10-17 17:11 - 00000880 _____ C:\Users\Administrator\Desktop\ERUNT.lnk2013-10-17 17:11 - 2013-10-17 17:11 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-10-17 16:43 - 2013-10-19 18:19 - 01020600 _____ C:\windows\WindowsUpdate.log2013-10-16 21:14 - 2013-10-16 21:14 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\AVAST Software2013-10-16 21:08 - 2013-10-16 21:08 - 00000000 ____D C:\ProgramData\AVAST Software2013-10-16 21:08 - 2013-10-16 21:08 - 00000000 ____D C:\Program Files\AVAST Software2013-10-16 21:06 - 2013-10-16 22:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-10-16 21:06 - 2013-10-16 21:06 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\SUPERAntiSpyware.com2013-10-16 21:06 - 2013-10-16 21:06 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-10-16 20:58 - 2013-10-16 20:58 - 00000000 ____D C:\Program Files\Enigma Software Group2013-10-16 20:58 - 2013-10-16 20:58 - 00000000 _____ C:\autoexec.bat2013-10-14 21:58 - 2013-10-14 21:58 - 00000000 ____D C:\Users\Mathias\AppData\Local\Rockstar Games2013-10-14 21:57 - 2013-10-14 21:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2013-10-12 21:41 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll2013-10-12 21:41 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll2013-10-12 21:41 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll2013-10-12 21:41 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll2013-10-12 21:41 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll2013-10-12 21:41 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx2013-10-12 21:41 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx2013-10-12 21:41 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll2013-10-12 21:41 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll2013-10-12 21:41 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll2013-10-12 21:41 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll2013-10-12 21:41 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll2013-10-12 21:41 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll2013-10-12 21:41 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll2013-10-12 21:41 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll2013-10-12 21:41 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll2013-10-12 21:41 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll2013-10-12 21:41 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys2013-10-12 21:41 - 2013-07-31 01:30 - 00386923 _____ C:\windows\system32\ApnDatabase.xml2013-10-12 21:41 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll2013-10-12 21:41 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll2013-10-12 21:41 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll2013-10-12 21:41 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll2013-10-12 11:52 - 2013-10-12 11:52 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-10-12 11:52 - 2013-10-12 11:52 - 00000000 ____D C:\Program Files\CCleaner2013-10-11 23:46 - 2013-10-11 23:46 - 00356288 _____ C:\windows\system32\FNTCACHE.DAT2013-10-11 23:38 - 2013-10-11 23:38 - 00003100 _____ C:\windows\System32\Tasks\{8518106E-34ED-46EF-A6E1-64757473979C}2013-10-11 15:18 - 2013-10-11 15:18 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA2013-10-10 18:55 - 2013-10-10 19:20 - 00015008 _____ C:\Users\Mathias\AppData\Roaming\Bubble Dock.installation.log2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 __RHD C:\Users\Mathias\AppData\Roaming\SecuROM2013-10-10 18:53 - 2013-10-10 18:57 - 00001266 _____ C:\Users\Mathias\AppData\Roaming\Bubble Dock.boostrap.log2013-10-10 18:53 - 2013-10-10 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-10-09 22:14 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2013-10-09 22:14 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2013-10-09 22:14 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2013-10-09 22:14 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2013-10-09 22:14 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2013-10-09 22:14 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2013-10-09 22:14 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2013-10-09 22:14 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2013-10-09 22:14 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2013-10-09 22:14 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2013-10-09 22:14 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2013-10-09 22:14 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2013-10-09 22:14 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2013-10-09 22:14 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2013-10-09 22:14 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2013-10-09 22:14 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2013-10-09 22:14 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2013-10-09 22:14 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll2013-10-09 22:14 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll2013-10-09 22:14 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll2013-10-09 22:14 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll2013-10-09 22:14 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2013-10-09 22:14 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2013-10-09 22:14 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll2013-10-09 22:14 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll2013-10-09 22:14 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2013-10-09 22:14 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2013-10-09 22:14 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2013-10-09 22:14 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll2013-10-09 22:14 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2013-10-09 22:14 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll2013-10-09 22:14 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2013-10-09 22:14 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2013-10-09 22:13 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2013-10-09 22:13 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-09 22:13 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2013-10-09 22:13 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys2013-10-09 22:13 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys2013-10-09 22:13 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS2013-10-09 22:13 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS2013-10-09 22:13 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS2013-10-09 22:13 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys2013-10-09 22:13 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys2013-10-09 22:13 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys2013-10-09 22:13 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys2013-10-09 22:13 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys2013-10-09 22:13 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys2013-10-09 22:13 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys2013-10-09 22:13 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys2013-10-09 22:13 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys2013-10-09 22:13 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys2013-10-09 22:13 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys2013-10-09 22:13 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2013-10-09 22:13 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2013-10-09 22:13 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2013-10-09 22:13 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2013-10-04 16:49 - 2013-10-04 16:49 - 00675988 _____ C:\Users\Mathias\Downloads\Minecraft.exe2013-10-03 18:47 - 2013-10-03 18:47 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help2013-10-03 18:47 - 2013-10-03 18:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help2013-10-02 17:47 - 2013-10-02 17:47 - 00000000 ____D C:\windows\PCHEALTH2013-10-02 17:45 - 2013-10-02 17:45 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform2013-10-02 17:45 - 2013-10-02 17:45 - 00000000 ____D C:\Program Files\Microsoft Office2013-10-02 17:44 - 2013-10-10 17:50 - 00000000 ____D C:\ProgramData\Microsoft Help2013-10-02 17:44 - 2013-10-02 17:44 - 00000000 ____D C:\Users\Mathias\AppData\Local\Microsoft Help2013-10-02 17:44 - 2013-10-02 17:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Fatshark2013-09-19 14:59 - 2013-10-19 18:49 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Skype2013-09-19 14:59 - 2013-10-13 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype2013-09-19 14:59 - 2013-10-13 14:38 - 00000000 ____D C:\ProgramData\Skype2013-09-19 14:59 - 2013-09-19 14:59 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk ==================== One Month Modified Files and Folders ======= 2013-10-19 19:00 - 2013-10-19 19:00 - 00000000 ____D C:\FRST2013-10-19 19:00 - 2013-10-17 20:03 - 00000000 ____D C:\Users\Mathias\Desktop\stuff and poop2013-10-19 19:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru2013-10-19 18:56 - 2013-09-06 17:46 - 00001010 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2013-10-19 18:49 - 2013-09-19 14:59 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Skype2013-10-19 18:19 - 2013-10-17 16:43 - 01020600 _____ C:\windows\WindowsUpdate.log2013-10-19 18:13 - 2013-09-06 17:49 - 00000000 ____D C:\Program Files (x86)\Steam2013-10-19 17:01 - 2013-10-19 17:01 - 00000000 ____D C:\Program Files (x86)\ESET2013-10-19 16:29 - 2013-09-06 17:46 - 00001006 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2013-10-19 16:29 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT2013-10-19 16:28 - 2013-10-19 16:28 - 00002302 _____ C:\windows\PFRO.log2013-10-19 16:27 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI2013-10-19 16:25 - 2013-10-19 16:23 - 00000000 ____D C:\AdwCleaner2013-10-19 16:20 - 2013-09-06 18:40 - 00000000 ____D C:\Users\Mathias\AppData\Local\Spotify2013-10-19 16:20 - 2013-09-06 18:39 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Spotify2013-10-19 16:19 - 2013-09-06 17:48 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk2013-10-19 16:19 - 2013-09-06 17:32 - 00001445 _____ C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-10-19 16:16 - 2013-10-19 16:16 - 00000000 ____D C:\windows\ERUNT2013-10-19 16:16 - 2013-09-14 17:48 - 00002030 _____ C:\Users\Public\Desktop\Malwarebyte.lnk2013-10-19 15:53 - 2013-10-19 15:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-10-19 15:50 - 2013-10-19 15:50 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2013-10-19 01:27 - 2013-10-19 01:24 - 00000000 ____D C:\Users\Mathias\Documents\Mah stuff2013-10-19 01:27 - 2012-08-02 01:55 - 00449912 _____ C:\windows\system32\perfh014.dat2013-10-19 01:27 - 2012-08-02 01:55 - 00077052 _____ C:\windows\system32\perfc014.dat2013-10-19 01:27 - 2012-07-26 09:28 - 01362464 _____ C:\windows\system32\PerfStringBackup.INI2013-10-19 01:26 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF2013-10-19 01:25 - 2013-10-19 01:25 - 00000000 ____D C:\Users\Mathias\Documents\Skule2013-10-19 01:25 - 2013-07-13 11:48 - 00000000 ____D C:\Users\Mathias\Documents\Rockstar Games2013-10-19 01:25 - 2013-06-27 04:42 - 00000000 ____D C:\Users\Mathias\Documents\My Games2013-10-18 19:39 - 2013-09-06 17:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4163163250-1276266440-2742575193-10022013-10-18 16:18 - 2013-10-18 16:12 - 00000000 ____D C:\Qoobox2013-10-18 16:17 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default2013-10-18 16:16 - 2013-10-17 17:43 - 00000000 ____D C:\windows\ERDNT2013-10-18 16:16 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini2013-10-18 13:57 - 2013-10-18 13:57 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll2013-10-18 13:57 - 2013-10-18 13:57 - 00000000 ____D C:\windows\SysWOW64\xlive2013-10-18 13:55 - 2013-10-18 13:55 - 00017589 _____ C:\windows\DirectX.log2013-10-17 17:11 - 2013-10-17 17:11 - 00003132 _____ C:\windows\System32\Tasks\{B0A723CE-C112-4345-896E-E5630BD1AD58}2013-10-17 17:11 - 2013-10-17 17:11 - 00000899 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk2013-10-17 17:11 - 2013-10-17 17:11 - 00000899 _____ C:\Users\Administrator\Desktop\NTREGOPT.lnk2013-10-17 17:11 - 2013-10-17 17:11 - 00000880 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk2013-10-17 17:11 - 2013-10-17 17:11 - 00000880 _____ C:\Users\Administrator\Desktop\ERUNT.lnk2013-10-17 17:11 - 2013-10-17 17:11 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-10-17 17:10 - 2013-09-06 17:32 - 00000000 ___RD C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2013-10-17 16:35 - 2013-09-06 17:44 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\uTorrent2013-10-16 23:46 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent2013-10-16 22:34 - 2013-09-06 17:22 - 00000000 ____D C:\Users\Mathias2013-10-16 22:33 - 2012-07-26 10:12 - 00000000 ____D C:\windows\SysWOW64\en-GB2013-10-16 22:33 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\en-GB2013-10-16 22:32 - 2013-10-16 21:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-10-16 22:32 - 2012-12-11 00:07 - 00000000 ____D C:\Users\Administrator2013-10-16 22:31 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2013-10-16 22:31 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2013-10-16 22:31 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender2013-10-16 22:29 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Sysprep2013-10-16 22:23 - 2012-07-26 10:12 - 00000000 ____D C:\windows\registration2013-10-16 22:18 - 2013-09-07 16:39 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\.minecraft2013-10-16 21:14 - 2013-10-16 21:14 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\AVAST Software2013-10-16 21:08 - 2013-10-16 21:08 - 00000000 ____D C:\ProgramData\AVAST Software2013-10-16 21:08 - 2013-10-16 21:08 - 00000000 ____D C:\Program Files\AVAST Software2013-10-16 21:06 - 2013-10-16 21:06 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\SUPERAntiSpyware.com2013-10-16 21:06 - 2013-10-16 21:06 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-10-16 20:58 - 2013-10-16 20:58 - 00000000 ____D C:\Program Files\Enigma Software Group2013-10-16 20:58 - 2013-10-16 20:58 - 00000000 _____ C:\autoexec.bat2013-10-14 21:58 - 2013-10-14 21:58 - 00000000 ____D C:\Users\Mathias\AppData\Local\Rockstar Games2013-10-14 21:57 - 2013-10-14 21:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2013-10-13 22:04 - 2013-09-06 17:32 - 00000000 ___RD C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2013-10-13 22:01 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData2013-10-13 14:38 - 2013-09-19 14:59 - 00000000 ___RD C:\Program Files (x86)\Skype2013-10-13 14:38 - 2013-09-19 14:59 - 00000000 ____D C:\ProgramData\Skype2013-10-12 11:55 - 2012-12-12 00:40 - 00000000 ____D C:\windows\Panther2013-10-12 11:52 - 2013-10-12 11:52 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk2013-10-12 11:52 - 2013-10-12 11:52 - 00000000 ____D C:\Program Files\CCleaner2013-10-11 23:46 - 2013-10-11 23:46 - 00356288 _____ C:\windows\system32\FNTCACHE.DAT2013-10-11 23:38 - 2013-10-11 23:38 - 00003100 _____ C:\windows\System32\Tasks\{8518106E-34ED-46EF-A6E1-64757473979C}2013-10-11 15:18 - 2013-10-11 15:18 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA2013-10-10 19:20 - 2013-10-10 18:55 - 00015008 _____ C:\Users\Mathias\AppData\Roaming\Bubble Dock.installation.log2013-10-10 18:57 - 2013-10-10 18:53 - 00001266 _____ C:\Users\Mathias\AppData\Roaming\Bubble Dock.boostrap.log2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 __RHD C:\Users\Mathias\AppData\Roaming\SecuROM2013-10-10 18:53 - 2013-10-10 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-10-10 17:50 - 2013-10-02 17:44 - 00000000 ____D C:\ProgramData\Microsoft Help2013-10-10 17:49 - 2013-09-08 00:18 - 00000000 ____D C:\windows\system32\MRT2013-10-10 17:48 - 2013-09-08 00:18 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2013-10-08 22:51 - 2013-09-06 17:46 - 00003982 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2013-10-08 22:51 - 2013-09-06 17:46 - 00003746 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2013-10-04 16:49 - 2013-10-04 16:49 - 00675988 _____ C:\Users\Mathias\Downloads\Minecraft.exe2013-10-03 18:47 - 2013-10-03 18:47 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help2013-10-03 18:47 - 2013-10-03 18:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help2013-10-02 17:56 - 2012-12-11 00:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office2013-10-02 17:47 - 2013-10-02 17:47 - 00000000 ____D C:\windows\PCHEALTH2013-10-02 17:45 - 2013-10-02 17:45 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform2013-10-02 17:45 - 2013-10-02 17:45 - 00000000 ____D C:\Program Files\Microsoft Office2013-10-02 17:45 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2013-10-02 17:44 - 2013-10-02 17:44 - 00000000 ____D C:\Users\Mathias\AppData\Local\Microsoft Help2013-10-02 17:44 - 2013-10-02 17:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services2013-10-02 17:44 - 2012-07-26 11:45 - 00000000 ____D C:\windows\ShellNew2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Fatshark2013-10-02 03:38 - 2013-09-13 22:56 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2013-10-02 03:38 - 2013-09-13 22:56 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2013-09-28 12:10 - 2013-09-06 21:43 - 00000000 ____D C:\Program Files\MotioninJoy2013-09-25 00:18 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache2013-09-25 00:14 - 2012-12-11 00:52 - 00000000 ____D C:\ProgramData\McAfee2013-09-23 01:28 - 2013-10-09 22:14 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2013-09-23 01:28 - 2013-10-09 22:14 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2013-09-23 01:27 - 2013-10-09 22:14 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2013-09-23 01:27 - 2013-10-09 22:14 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2013-09-23 01:27 - 2013-10-09 22:14 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2013-09-23 01:27 - 2013-10-09 22:14 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2013-09-23 01:27 - 2013-10-09 22:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2013-09-23 01:27 - 2013-10-09 22:14 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2013-09-23 00:55 - 2013-10-09 22:14 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2013-09-23 00:55 - 2013-10-09 22:14 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2013-09-23 00:55 - 2013-10-09 22:14 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2013-09-23 00:54 - 2013-10-09 22:14 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2013-09-23 00:54 - 2013-10-09 22:14 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2013-09-23 00:54 - 2013-10-09 22:14 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2013-09-23 00:54 - 2013-10-09 22:14 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2013-09-23 00:54 - 2013-10-09 22:14 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2013-09-23 00:54 - 2013-10-09 22:14 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2013-09-19 16:13 - 2013-04-17 22:11 - 00000000 ____D C:\Users\Mathias\Documents\Sports Interactive2013-09-19 14:59 - 2013-09-19 14:59 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk Files to move or delete:====================C:\Users\Mathias\random.datC:\Users\Mathias\systemid.dat Some content of TEMP:====================C:\Users\Mathias\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-09 14:58 ==================== End Of Log ============================

All of the logs will be in the next post. Saw that one of the tools deleted Lollipop, one of the things that I spotted earlier before these scans. The browser hijacker is not there anymore. (You'll have the chack the logs, as it might be some traces of it left.) I'll leave it to you, since you know how to handle this Thank you for all the help - so far.

Okay, the Combofix log is down below. I was wondering about a few things though: Are SpyHunter 4 a bad anti-malware, or is it in fact a rogue. SpyHunter 4 is still on a restore point, so I would like to know if possible. Also, how come the PRO version of Malwarebytes did not pick up this browser hijacker, is it a new one? Once last thing, I think I noticed something called Lollipop on the comptuer. (Where you select programs for deletion over at the Control Panel.) I did some search, and I do believe this is a malicious program aswell. File: ComboFix 13-10-16.02 - Mathias 18.10.2013 16:13:29.1.8 - x64Microsoft Windows 8 6.2.9200.0.1252.47.1044.18.16273.13645 [GMT 2:00]Kjører fra: c:\users\Mathias\Desktop\stuff and poop\ComboFix.exeAV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roaming..((((((((((((((((((((((((((( Filer Opprettet Fra 2013-09-18 til 2013-10-18 )))))))))))))))))))))))))))))))))..2013-10-18 14:16 . 2013-10-18 14:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-10-18 12:19 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8649827A-3964-4DD7-8029-EDF8B6B7F911}\mpengine.dll2013-10-18 11:57 . 2013-10-18 11:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll2013-10-18 11:57 . 2013-10-18 11:57 -------- d-----w- c:\windows\SysWow64\xlive2013-10-17 15:11 . 2013-10-17 15:11 -------- d-----w- c:\program files (x86)\ERUNT2013-10-16 21:53 . 2013-10-16 21:53 290992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10221.bin2013-10-16 19:43 . 2013-10-16 19:43 -------- d-----w- c:\users\Mathias\AppData\Local\ElevatedDiagnostics2013-10-16 19:14 . 2013-10-16 19:14 -------- d-----w- c:\users\Mathias\AppData\Roaming\AVAST Software2013-10-16 19:08 . 2013-10-16 19:08 -------- d-----w- c:\program files\AVAST Software2013-10-16 19:08 . 2013-10-16 19:08 -------- d-----w- c:\programdata\AVAST Software2013-10-16 19:06 . 2013-10-16 19:06 -------- d-----w- c:\users\Mathias\AppData\Roaming\SUPERAntiSpyware.com2013-10-16 19:06 . 2013-10-16 20:32 -------- d-----w- c:\program files\SUPERAntiSpyware2013-10-16 19:06 . 2013-10-16 19:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2013-10-16 18:58 . 2013-10-16 18:58 -------- d-----w- c:\program files\Enigma Software Group2013-10-14 19:58 . 2013-10-14 19:58 -------- d-----w- c:\users\Mathias\AppData\Local\Rockstar Games2013-10-14 19:57 . 2013-10-14 19:57 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE2013-10-12 09:52 . 2013-10-12 09:52 -------- d-----w- c:\program files\CCleaner2013-10-11 13:18 . 2013-10-11 13:18 -------- d-----w- c:\program files (x86)\Microsoft XNA2013-10-10 17:03 . 2013-10-10 17:18 -------- d-----w- c:\programdata\eSafe2013-10-10 16:55 . 2013-10-10 16:55 -------- d--h--r- c:\users\Mathias\AppData\Roaming\SecuROM2013-10-10 16:55 . 2013-10-10 17:20 -------- d-----w- c:\users\Mathias\AppData\Roaming\Nosibay2013-10-10 16:52 . 2013-10-11 21:45 -------- d-----w- c:\programdata\DSearchLink2013-10-10 16:52 . 2013-10-10 16:52 -------- d-----w- c:\programdata\Babylon2013-10-09 20:13 . 2013-06-22 05:45 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2013-10-03 16:47 . 2013-10-03 16:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help2013-10-03 15:51 . 2013-09-04 19:58 965008 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B16529D-B318-4645-BB8A-CB2264A87C28}\gapaengine.dll2013-10-02 15:47 . 2013-10-02 15:47 -------- d-----w- c:\windows\PCHEALTH2013-10-02 15:45 . 2013-10-02 15:45 -------- d-----w- c:\program files\Microsoft Office2013-10-02 15:44 . 2013-10-02 15:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services2013-10-02 15:44 . 2013-10-02 15:44 -------- d-----w- c:\users\Mathias\AppData\Local\Microsoft Help2013-10-02 15:44 . 2013-10-10 15:50 -------- d-----w- c:\programdata\Microsoft Help2013-10-02 13:35 . 2013-10-02 13:35 -------- d-----w- c:\users\Mathias\AppData\Roaming\Fatshark2013-09-19 12:59 . 2013-10-18 14:12 -------- d-----w- c:\users\Mathias\AppData\Roaming\Skype2013-09-19 12:59 . 2013-09-19 12:59 -------- d-----w- c:\program files (x86)\Common Files\Skype2013-09-19 12:59 . 2013-10-13 12:38 -------- d-----r- c:\program files (x86)\Skype2013-09-19 12:59 . 2013-10-13 12:38 -------- d-----w- c:\programdata\Skype...(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-10 15:48 . 2013-09-07 22:18 80541720 ----a-w- c:\windows\system32\MRT.exe2013-10-02 01:38 . 2013-09-13 20:56 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-02 01:38 . 2013-09-13 20:56 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-09-12 14:29 . 2013-09-12 14:29 82432 ----a-w- c:\users\Mathias\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll2013-09-12 14:29 . 2013-09-12 14:29 44544 ----a-w- c:\users\Mathias\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll2013-09-12 14:29 . 2013-09-12 14:29 1275392 ----a-w- c:\users\Mathias\AppData\Roaming\Microsoft\MSXML2\msxml4.dll2013-09-08 10:04 . 2013-09-08 10:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-09-08 10:04 . 2013-09-08 10:04 312232 ----a-w- c:\windows\system32\javaws.exe2013-09-08 10:04 . 2013-09-08 10:04 189352 ----a-w- c:\windows\system32\javaw.exe2013-09-08 10:04 . 2013-09-08 10:04 188840 ----a-w- c:\windows\system32\java.exe2013-09-08 10:04 . 2013-09-08 10:04 972712 ----a-w- c:\windows\system32\deployJava1.dll2013-09-08 10:04 . 2013-09-08 10:04 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll2013-09-07 14:38 . 2013-09-07 14:38 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-09-07 14:38 . 2013-09-07 14:38 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-09-07 14:38 . 2013-09-07 14:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-07 08:26 . 2013-09-07 08:26 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin2013-09-07 08:26 . 2013-09-07 08:26 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin2013-09-06 15:43 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-08-16 05:41 . 2013-09-12 11:09 58200 ----a-w- c:\windows\system32\drivers\dam.sys2013-08-16 05:39 . 2013-09-12 11:09 2371728 ----a-w- c:\windows\system32\WSService.dll2013-08-16 05:39 . 2013-09-12 11:09 59416 ----a-w- c:\windows\system32\wuauclt.exe2013-08-16 05:32 . 2013-09-12 11:09 209200 ----a-w- c:\windows\system32\NotificationUI.exe2013-08-16 05:22 . 2013-09-12 11:09 40448 ----a-w- c:\windows\system32\wuapp.exe2013-08-16 05:22 . 2013-09-12 11:09 4917760 ----a-w- c:\windows\system32\sppsvc.exe2013-08-16 05:21 . 2013-09-12 11:09 3275776 ----a-w- c:\windows\system32\wuaueng.dll2013-08-16 05:21 . 2013-09-12 11:09 49664 ----a-w- c:\windows\system32\wups.dll2013-08-16 05:21 . 2013-09-12 11:09 1621504 ----a-w- c:\windows\system32\wucltux.dll2013-08-16 05:21 . 2013-09-12 11:09 49152 ----a-w- c:\windows\system32\wups2.dll2013-08-16 05:21 . 2013-09-12 11:09 252416 ----a-w- c:\windows\system32\WUSettingsProvider.dll2013-08-16 05:21 . 2013-09-12 11:09 99328 ----a-w- c:\windows\system32\wudriver.dll2013-08-16 05:21 . 2013-09-12 11:09 142848 ----a-w- c:\windows\system32\wuwebv.dll2013-08-16 05:21 . 2013-09-12 11:09 773120 ----a-w- c:\windows\system32\wuapi.dll2013-08-16 05:21 . 2013-09-12 11:09 688640 ----a-w- c:\windows\system32\WSShared.dll2013-08-16 05:21 . 2013-09-12 11:09 183808 ----a-w- c:\windows\system32\WSSync.dll2013-08-16 05:21 . 2013-09-12 11:09 204800 ----a-w- c:\windows\system32\WSClient.dll2013-08-16 05:21 . 2013-09-12 11:09 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll2013-08-16 05:21 . 2013-09-12 11:09 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-16 05:21 . 2013-09-12 11:09 174592 ----a-w- c:\windows\system32\storewuauth.dll2013-08-16 05:21 . 2013-09-12 11:09 1164288 ----a-w- c:\windows\system32\sppobjs.dll2013-08-16 05:21 . 2013-09-12 11:09 368640 ----a-w- c:\windows\system32\sppwinob.dll2013-08-16 05:21 . 2013-09-12 11:09 81408 ----a-w- c:\windows\system32\setupcln.dll2013-08-16 05:21 . 2013-09-12 11:09 120320 ----a-w- c:\windows\system32\sppc.dll2013-08-16 05:20 . 2013-09-12 11:09 105984 ----a-w- c:\windows\system32\WinSetupUI.dll2013-08-15 22:43 . 2013-09-12 11:09 35328 ----a-w- c:\windows\SysWow64\wuapp.exe2013-08-15 22:43 . 2013-09-12 11:09 628736 ----a-w- c:\windows\SysWow64\wuapi.dll2013-08-15 22:43 . 2013-09-12 11:09 84992 ----a-w- c:\windows\SysWow64\wudriver.dll2013-08-15 22:43 . 2013-09-12 11:09 20992 ----a-w- c:\windows\SysWow64\wups.dll2013-08-15 22:43 . 2013-09-12 11:09 126976 ----a-w- c:\windows\SysWow64\wuwebv.dll2013-08-15 22:43 . 2013-09-12 11:09 562688 ----a-w- c:\windows\SysWow64\WSShared.dll2013-08-15 22:43 . 2013-09-12 11:09 159232 ----a-w- c:\windows\SysWow64\WSSync.dll2013-08-15 22:43 . 2013-09-12 11:09 143872 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.dll2013-08-15 22:43 . 2013-09-12 11:09 167424 ----a-w- c:\windows\SysWow64\WSClient.dll2013-08-15 22:43 . 2013-09-12 11:09 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 22:43 . 2013-09-12 11:09 83968 ----a-w- c:\windows\SysWow64\OEMLicense.dll2013-08-15 22:42 . 2013-09-12 11:09 76800 ----a-w- c:\windows\SysWow64\setupcln.dll2013-08-15 22:42 . 2013-09-12 11:09 91648 ----a-w- c:\windows\SysWow64\sppc.dll2013-08-07 05:15 . 2013-09-16 19:34 144896 ----a-w- c:\windows\system32\tssdisai.dll2013-07-27 03:58 . 2012-07-26 07:24 2207232 ----a-w- c:\windows\SysWow64\PrintConfig.dll..(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))..*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-09 1813928]"Spotify Web Helper"="c:\users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-04 1140736]"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-11-10 109640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-08-01 155488]"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2012-07-20 34160]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0)"EnableCursorSuppression"= 1 (0x1)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\System32\drivers\MijXfilt.sys;c:\windows\SYSNATIVE\drivers\MijXfilt.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhid.sys [x]S3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]S3 NETwNe64;@oem14.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-10-17 17:56 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe.Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver).2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 15:46].2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 15:46]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ThpSrv"="c:\windows\system32\thpsrv" [X]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-09-25 13196432]"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-08-19 2170784]"TecoResident"="c:\program files\TOSHIBA\Teco\TecoResident.exe" [2012-08-13 169896]"TSleepSrv"="c:\program files (x86)\TOSHIBA\System Setting\TSleepSrv.exe" [2012-08-04 1548952]"TODDMain"="c:\program files (x86)\TOSHIBA\System Setting\TODDMain.exe" [2012-08-04 213136]"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2012-08-27 751528]"TosPU"="c:\program files\TOSHIBA\PasswordUtility\TosPU.exe" [2012-08-27 2374552].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.------- Tilleggsskanning -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1.- - - - TOMME PEKERE FJERNET - - - -.Toolbar-Locked - (no file)Toolbar-Locked - (no file)HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe...--------------------- LÅSTE REGISTERNØKLER ---------------------.[HKEY_USERS\S-1-5-21-4163163250-1276266440-2742575193-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]"datasecu"=hex:57,2d,1a,92,d4,c8,82,ab,c0,fd,e9,8a,79,5b,10,6e,08,42,7b,aa,cf, bd,1a,7b,36,62,d5,f9,a7,43,82,5f,fb,41,3f,2a,fe,94,c7,2d,90,c7,61,f6,a9,88,\"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone)@SACL=(02 0000).Tidspunkt ferdig: 2013-10-18 16:17:58ComboFix-quarantined-files.txt 2013-10-18 14:17.Pre-Run: 900 315 205 632 bytes freePost-Run: 899 955 412 992 bytes free.- - End Of File - - 92E34DF5DFBDBCC7726107A4182E392B

Here are the RogueKill scan report: RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Mathias [Admin rights]Mode : Scan -- Date : 10/17/2013 17:50:34| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - TOSHIBA MQ01ABD100 +++++--- User ---[MBR] a84dd93b5b19931ceaddbccc47850486[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_10172013_175034.txt >>

SpyHunter 4 is still saved in the restore point that we earlier left, hand hopefully no trace of it infected the restore point that was made two days before SpyHunter 4 was downloaded and installed. Progress: The system is backed up and are now about to scan with RogueKill, I will post the log when I recieve it form my mate.

Here are the two files from DDS: Attach.txt : .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 06.09.2013 17:24:02System Uptime: 17.10.2013 14:07:31 (2 hours ago).Motherboard: TOSHIBA | | QFKAAProcessor: Intel® Core i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2300/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 920 GiB total, 821,859 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP9: 10.10.2013 17:39:13 - Windows UpdateRP10: 14.10.2013 21:55:01 - Installed DirectXRP11: 16.10.2013 20:57:44 - Installed SpyHunterRP12: 16.10.2013 22:14:22 - Restore Operation.==== Installed Programs ======================.Call of Duty: Modern Warfare 2Call of Duty: Modern Warfare 2 - MultiplayerCCleanerDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionENE CIR Receiver DriverFootball Manager 2013Google ChromeGoogle Update HelperIntel AppUp(SM) centerIntel PROSet WirelessIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® WiDiIntel® PROSet/Wireless WiFi SoftwareIntel® Trusted Connect Service ClientJava 7 Update 25Java 7 Update 25 (64-bit)Java Auto UpdaterMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft XNA Framework Redistributable 4.0MotioninJoy DS3 driver version 0.6.0005Nero 12 Essentials ToshibaNero BackItUpNero BackItUp Help (CHM)Nero Blu-ray PlayerNero Blu-ray Player Help (CHM)Nero BurnRightsNero BurnRights Help (CHM)Nero ControlCenterNero ControlCenter Help (CHM)Nero Core ComponentsNero ExpressNero Express Help (CHM)Nero Kwik MediaNero Kwik Media Help (CHM)Nero Kwik Themes BasicNero LauncherNero RescueAgentNero RescueAgent Help (CHM)Nero SharedVideoCodecsNero UpdateNVIDIA Control Panel 305.46NVIDIA Graphics Driver 305.46NVIDIA Install ApplicationNVIDIA Optimus 1.10.8NVIDIA PhysXNVIDIA PhysX System Software 9.12.0613NVIDIA Update ComponentsPrerequisite installerRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderSecurity Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589337) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2794707) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionShared C Run-time for x64Skype™ 6.9SpotifySRS Premium Sound Control PanelSteamSynaptics Pointing Device DriverTerrariaTOSHIBA Desktop AssistTOSHIBA eco UtilityTOSHIBA Flash Cards Support UtilityTOSHIBA Function KeyTOSHIBA HDD ProtectionTOSHIBA ManualsTOSHIBA Password UtilityTOSHIBA PC Health MonitorTOSHIBA Recovery Media CreatorTOSHIBA Remote Control ManagerTOSHIBA Resolution+ Plug-in for Windows Media PlayerTOSHIBA Service StationTOSHIBA System DriverTOSHIBA System SettingsToshiba TEMPROTOSHIBA VIDEO PLAYERUpdate for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2827323) 32-Bit EditionUtility Common DriverWar of the Vikings Early AccessWelcome App (Start-up experience)WinRAR 5.00 (64-bit).==== Event Viewer Messages From Past Week ========.17.10.2013 14:07:44, Error: BTHUSB [30] - The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.17.10.2013 00:26:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.17.10.2013 00:26:19, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.16.10.2013 21:09:30, Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly..==== End Of File =========================== dds.txt : DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2Run by Mathias at 16:46:50 on 2013-10-17Microsoft Windows 8 6.2.9200.0.1252.47.1044.18.16273.14200 [GMT 2:00].AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\system32\dwm.exeC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\windows\system32\nvvsvc.exeC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\windows\system32\ThpSrv.exeC:\Windows\system32\TODDSrv.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\TOSHIBA\Teco\TecoService.exeC:\windows\system32\wbem\unsecapp.exeC:\windows\system32\wbem\wmiprvse.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\windows\system32\taskhostex.exeC:\windows\Explorer.EXEC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\windows\system32\SearchIndexer.exeC:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exeC:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exeC:\Program Files\TOSHIBA\Teco\TecoResident.exeC:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exeC:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exeC:\Windows\System32\ThpSrv.exeC:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exeC:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exeC:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [spotify Web Helper] "C:\Users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -minimRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCMmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{11EC6F3D-312C-4F7B-B31F-EC69D5F5CCE6} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{11EC6F3D-312C-4F7B-B31F-EC69D5F5CCE6}\75C414E4F534630344 : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllAppInit_DLLs= C:\windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [sRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /hx64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exex64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exex64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exex64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exex64-Run: [ThpSrv] C:\windows\System32\thpsrv /logonx64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exex64-Run: [TosPU] C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe TOSPUx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-2-17 645952]R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-2-17 30056]R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\Drivers\thpdrv.sys [2012-7-28 48512]R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\Drivers\Thpevm.sys [2012-6-25 18304]R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-2-17 499096]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-2-17 128896]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-17 165760]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-2-17 201360]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2012-8-24 291240]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-17 364416]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]R3 CeKbFilter;CeKbFilter;C:\windows\System32\Drivers\CeKbFilter.sys [2013-2-17 20312]R3 enecir;ENE CIR Receiver;C:\windows\System32\Drivers\enecir.sys [2012-9-5 72688]R3 enecirhid;ENE CIR HID Receiver;C:\windows\System32\Drivers\enecirhid.sys [2012-9-5 25296]R3 IntcDAud;Intel® Skjermlyd;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-8-9 25568]R3 NETwNe64;@oem14.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-8-19 4273192]R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-2-17 690832]R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-28 43832]R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384]R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2012-7-28 458152]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-14 418376]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-14 701512]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-8-9 35296]S3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-9-14 25928]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\Drivers\MijXfilt.sys [2013-9-6 97040]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\Drivers\RtsP2Stor.sys [2013-2-17 269968]S3 TemproMonitoringService;TEMPRO Service;C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2012-9-25 114656]S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384].=============== Created Last 30 ================.2013-10-16 22:00:58 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06D69CCE-B330-47E2-B437-69B035A2F188}\mpengine.dll2013-10-16 21:53:06 290992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10221.bin2013-10-16 20:33:34 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll2013-10-16 19:43:36 -------- d-----w- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics2013-10-16 19:14:27 -------- d-----w- C:\Users\Mathias\AppData\Roaming\AVAST Software2013-10-16 19:08:56 -------- d-----w- C:\Program Files\AVAST Software2013-10-16 19:08:44 -------- d-----w- C:\ProgramData\AVAST Software2013-10-16 19:06:57 -------- d-----w- C:\Users\Mathias\AppData\Roaming\SUPERAntiSpyware.com2013-10-16 19:06:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com2013-10-16 19:06:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware2013-10-16 18:58:24 -------- d-----w- C:\Program Files\Enigma Software Group2013-10-14 19:58:10 -------- d-----w- C:\Users\Mathias\AppData\Local\Rockstar Games2013-10-14 19:57:31 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE2013-10-12 09:52:55 -------- d-----w- C:\Program Files\CCleaner2013-10-11 13:18:22 -------- d-----w- C:\Program Files (x86)\Microsoft XNA2013-10-10 17:03:34 -------- d-----w- C:\ProgramData\eSafe2013-10-10 16:55:21 -------- d-----w- C:\Users\Mathias\AppData\Roaming\Nosibay2013-10-10 16:52:59 -------- d-----w- C:\ProgramData\DSearchLink2013-10-10 16:52:34 -------- d-----w- C:\ProgramData\Babylon2013-10-09 20:13:16 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys2013-10-03 15:51:17 965008 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B16529D-B318-4645-BB8A-CB2264A87C28}\gapaengine.dll2013-10-02 15:47:14 -------- d-----w- C:\windows\PCHEALTH2013-10-02 15:44:39 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services2013-10-02 15:44:29 -------- d-----w- C:\Users\Mathias\AppData\Local\Microsoft Help2013-10-02 13:35:33 -------- d-----w- C:\Users\Mathias\AppData\Roaming\Fatshark2013-09-19 12:59:55 -------- d-----r- C:\Program Files (x86)\Skype2013-09-17 18:45:44 -------- d-----w- C:\Users\Mathias\AppData\Roaming\Sports Interactive2013-09-17 18:45:44 -------- d-----w- C:\Users\Mathias\AppData\Local\Sports Interactive.==================== Find3M ====================.2013-10-02 01:38:13 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-02 01:38:13 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll2013-09-08 10:04:04 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll2013-09-08 10:04:00 972712 ----a-w- C:\windows\System32\deployJava1.dll2013-09-08 10:04:00 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll2013-09-07 14:38:45 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2013-09-07 14:38:45 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll2013-09-07 14:38:45 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll2013-08-23 05:11:57 4040192 ----a-w- C:\windows\System32\win32k.sys2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll2013-08-10 05:21:51 448512 ----a-w- C:\windows\System32\SettingSync.dll2013-08-10 05:21:51 128512 ----a-w- C:\windows\System32\SettingSyncInfo.dll2013-08-10 03:58:51 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll2013-08-07 05:15:02 144896 ----a-w- C:\windows\System32\tssdisai.dll2013-08-03 06:40:49 462336 ----a-w- C:\windows\System32\sysmon.ocx2013-08-03 06:40:17 566784 ----a-w- C:\windows\System32\wvc.dll2013-08-03 06:40:01 1374208 ----a-w- C:\windows\System32\wdc.dll2013-08-03 05:14:15 399360 ----a-w- C:\windows\SysWow64\sysmon.ocx2013-08-03 05:13:57 437248 ----a-w- C:\windows\SysWow64\wvc.dll2013-08-03 05:13:43 1245696 ----a-w- C:\windows\SysWow64\wdc.dll2013-08-02 06:28:29 10116608 ----a-w- C:\windows\System32\twinui.dll2013-08-02 06:26:53 2304512 ----a-w- C:\windows\System32\authui.dll2013-08-02 05:08:18 8858112 ----a-w- C:\windows\SysWow64\twinui.dll2013-08-02 05:06:50 2035712 ----a-w- C:\windows\SysWow64\authui.dll2013-08-01 10:41:31 2233688 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-07-27 03:58:39 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll2013-07-24 23:10:08 158208 ----a-w- C:\windows\SysWow64\mbsmsapi.dll2013-07-24 23:06:39 225280 ----a-w- C:\windows\System32\mbsmsapi.dll2013-07-19 22:13:34 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll2013-07-19 22:13:15 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll.============= FINISH: 16:47:23,57 ===============

Okay, we managed to get rid of SpyHunter 4 after setting the PC back to two days earlier. The Do Search is still on there.

So, I am posting this on behalf of a friend. He came to me because he had a browser hijack called Do Search. We ended up with ''removing'' it by going into Google Chrome's properties and changing the Target bar so it would set Google.no as it's homepage. I guess there is still something on the computer after that. Also, to top the cake my friend downloaded something called SpyHunter 4 before he came to me. Now he cannot get rid of it, but it is not doing anything, yet, other than coming back after deletion. (We haven't rebooted the PC.) Malwarebytes, Avast nor SUPERantispyware notice the program. Now, what to do?

Thank you for the fast reply. I checked Malwarebytes for any new updates. After downloading the newest update the false positive is gone.

Okay, I will be waiting

Here is the same .exe file that I used when Malwarebytes found it.