FedUpL76i Posted February 12, 2014 ID:790006 Share Posted February 12, 2014 Hey. Can I please ask you this?I have gotten some nasty malware - not sure but it may have been a part of an update for JAVA, but unsure.One thing is certain and that is I NEED HELP to get this out of the system.Any gurus on the subject? Thanks a lot for any reply! ---------------------------------------------------------------------Added some logs:---------------------------------------------------------------------FRST:---------Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014Ran by Rune (administrator) on RUNESTASJON-PC on 10-02-2014 22:18:34Running from K:\MovablesWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.seolinkrobot.com)Skype Click to Call (x32 Version: 6.9.12585 - Skype Technologies S.A.)Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)SmartFTP Client Setup Files 4.1 (x64) (remove only) (x32 Version: 4.1 - SmartSoft Ltd)Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0 - Adobe Systems Incorporated)Steam (x32 Version: 1.0.0.0 - Valve Corporation)SWF Components (x32 Version: 1.0.0 - Keyword Rockstar, Inc.)TweetAdder4 (x32 Version: 4.0.130521 - TweetAdder.com)Unity Web Player (HKCU Version: - Unity Technologies ApS)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)Uplay (x32 Version: 2.0 - Ubisoft)Vegas Pro 11.0 (x32 Version: 11.0.370 - Sony)Video Components (x32 Version: 1.0.0 - Keyword Rockstar, Inc.)Viral Meme Maker version 1.0.5 (x32 Version: 1.0.5 - )Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)Webroot SecureAnywhere (x32 Version: 8.0.4.46 - Webroot)WebTablet IE Plugin (x32 Version: 1.1.0.4 - Wacom Technology Corp.)WebTablet Netscape Plugin (x32 Version: 1.1.0.3 - Wacom Technology Corp.)WP Auto Links (x32 Version: 1.0.0 - Reilly Labs)==================== Restore Points =========================05-02-2014 19:05:40 Driver Booster : NVIDIA GeForce GT 52007-02-2014 14:59:54 Removed Trapcode Suite 64-bit08-02-2014 14:14:34 Windows Update09-02-2014 12:08:05 AA1109-02-2014 12:08:51 AA1109-02-2014 12:11:11 AA1109-02-2014 12:49:17 Installed AVG 201409-02-2014 12:49:24 Installed AVG 201410-02-2014 19:46:20 Removed AVG 201410-02-2014 19:48:44 Removed AVG 201410-02-2014 19:50:56 avast! antivirus system restore point10-02-2014 20:48:45 Removed Java 7 Update 51==================== Hosts content: ==========================2012-04-15 19:32 - 2012-04-15 19:01 - 00001811 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net==================== Scheduled Tasks (whitelisted) =============Task: {0C5CB6C2-A7C8-4C43-AD05-E01609C88053} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {4611432B-BF01-4324-859B-9393CEDEE758} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exeTask: {6E64468E-11C6-40EA-AB11-6FB2D5B78135} - System32\Tasks\AdobeAAMUpdater-1.0-Runestasjon-PC-Rune => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)Task: {9B7A4555-2ADC-4C1B-AAC7-B38AABE18625} - System32\Tasks\Run RoboForm TaskBar Icon => E:\Programs\Roboform\RoboTaskBarIcon.exe [2013-12-01] (Siber Systems)Task: {A74AB3BC-35D3-47A3-B333-22896AC721A8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-892377978-1441931877-1165036963-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-31] (RealNetworks, Inc.)Task: {AC1A2C52-A321-41E8-808E-CA3BCC6069A9} - System32\Tasks\Run RoboForm Process => E:\Programs\Roboform\Identities.exe [2013-12-01] (Siber Systems)Task: {AD3370DC-C03A-4597-A7C5-3AD6D82FC3B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)Task: {E88F3D95-9D88-4362-A46A-B16EA0FB3117} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)Task: {F6FB6E80-7085-4A4D-8EF9-98B4A17C039A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNMLMJMHMKJNJHMPMCNOJOJMJMJCNLMNMMMKMCNNJLMLJPMCNJJJMMMGMJJMMIMHMIMIMPMOMJNJICMIMCNGMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMKMGMOMJNHICMIJKJKIIJNMJNBJCMNKKIBJKJPNKLDJDJGJBJIJMIKJBJJNKJCMJNNICMJNDJCMKJBJ"Task: {F77DFB73-8DCA-4BA0-8387-973893A2A661} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-892377978-1441931877-1165036963-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-31] (RealNetworks, Inc.)Task: {FB352FED-08AA-41C5-8663-8CFD39DFE055} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMKMNMNMLMMMLJGMCNKJGMNJLMCNLMJMLMPMCNGMPMLMOMCNLJJJLMMMIMOMKMIMJJJJPMMJJNJICMJMCNOMPMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMMMJNHICMEKMICNJJCKJNBJCMNKKIBJKJJNKJCMJNNICMJNDJCMKJBJ"Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe==================== Loaded Modules (whitelisted) =============2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () E:\Programs\Filezilla\FileZilla FTP Client\fzshellext_64.dll2011-04-13 00:03 - 2011-04-13 00:03 - 02857808 _____ () E:\Programs\Telenor\mobilt bredband\mobilt bredband.exe2014-02-10 22:10 - 2014-02-10 22:10 - 01166132 _____ () E:\Temp Downloads\adwcleaner(2).exe2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll2014-01-27 21:43 - 2014-01-27 21:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2011-11-11 23:08 - 2011-11-11 23:08 - 02145304 _____ () E:\Programs\Logitech Webcam\LWS\Webcam Software\QtCore4.dll2011-11-11 23:08 - 2011-11-11 23:08 - 07956504 _____ () E:\Programs\Logitech Webcam\LWS\Webcam Software\QtGui4.dll2011-11-11 23:08 - 2011-11-11 23:08 - 00342552 _____ () E:\Programs\Logitech Webcam\LWS\Webcam Software\QtXml4.dll2011-11-11 23:08 - 2011-11-11 23:08 - 00029208 _____ () E:\Programs\Logitech Webcam\LWS\Webcam Software\imageformats\QGif4.dll2011-11-11 23:08 - 2011-11-11 23:08 - 00128536 _____ () E:\Programs\Logitech Webcam\LWS\Webcam Software\imageformats\QJpeg4.dll2013-08-17 08:38 - 2013-08-17 08:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll2012-02-23 06:12 - 2011-04-30 09:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2011-04-13 00:03 - 2011-04-13 00:03 - 01384448 ____R () E:\Programs\Telenor\mobilt bredband\OSCSettingsLibU_vc90.dll2011-04-13 00:03 - 2011-04-13 00:03 - 01995776 _____ () E:\Programs\Telenor\mobilt bredband\QtDeclarative4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 01116160 _____ () E:\Programs\Telenor\mobilt bredband\QtScript4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 02142720 _____ () E:\Programs\Telenor\mobilt bredband\QtCore4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00184320 _____ () E:\Programs\Telenor\mobilt bredband\QtSql4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 02530304 _____ () E:\Programs\Telenor\mobilt bredband\QtXmlPatterns4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00916480 _____ () E:\Programs\Telenor\mobilt bredband\QtNetwork4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00335360 _____ () E:\Programs\Telenor\mobilt bredband\QtXml4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 07793152 _____ () E:\Programs\Telenor\mobilt bredband\QtGui4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00860160 ____R () E:\Programs\Telenor\mobilt bredband\NDISAPI.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00063312 _____ () E:\Programs\Telenor\mobilt bredband\LicenseRegistration.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00416768 ____R () E:\Programs\Telenor\mobilt bredband\sqldrivers\qsqlite4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00027648 _____ () E:\Programs\Telenor\mobilt bredband\imageformats\qico4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00121344 _____ () E:\Programs\Telenor\mobilt bredband\imageformats\qjpeg4.dll2014-02-06 21:18 - 2014-02-06 21:18 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll2014-02-10 20:57 - 2014-02-10 20:57 - 01013248 _____ () C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\platform\WINNT_x86-msvc\components\wrxpcom.dll2014-02-05 22:59 - 2014-02-05 22:59 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8==================== Safe Mode (whitelisted) ===================HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/10/2014 09:36:37 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/10/2014 09:08:05 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/10/2014 08:52:15 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/10/2014 08:49:44 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/10/2014 08:46:32 PM) (Source: Application Error) (User: )Description: Faulting application name: avgui.exe, version: 14.0.0.4330, time stamp: 0x52dfa8b0Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x4c24448dFaulting process id: 0x1478Faulting application start time: 0xavgui.exe0Faulting application path: avgui.exe1Faulting module path: avgui.exe2Report Id: avgui.exe3Error: (02/10/2014 08:25:22 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/09/2014 08:07:12 PM) (Source: Windows Backup) (User: )Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).Error: (02/09/2014 07:57:14 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (02/10/2014 09:38:41 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%1069Error: (02/10/2014 09:38:41 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:%%1330To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (02/10/2014 09:38:15 PM) (Source: Service Control Manager) (User: )Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).Error: (02/10/2014 09:34:34 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068Error: (02/10/2014 09:34:34 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068Error: (02/10/2014 09:34:34 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068Error: (02/10/2014 09:34:34 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068Error: (02/10/2014 09:34:34 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068Error: (02/10/2014 09:34:34 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068Error: (02/10/2014 09:34:34 PM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:%%1068Microsoft Office Sessions:============================================= Memory info ===========================Percentage of memory in use: 16%Total physical RAM: 16360.88 MBAvailable physical RAM: 13627.02 MBTotal Pagefile: 32719.94 MBAvailable Pagefile: 29908.19 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB==================== Drives ================================Drive c: () (Fixed) (Total:111.79 GB) (Free:34.16 GB) NTFSDrive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:616.67 GB) NTFSDrive k: () (Fixed) (Total:29.8 GB) (Free:25.44 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 713ADFE5)Partition 1: (Not Active) - (Size=993 KB) - (Type=42)Partition 2: (Active) - (Size=125 MB) - (Type=42)Partition 3: (Not Active) - (Size=931 GB) - (Type=42)========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 713ADFFD)Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 30 GB) (Disk ID: D05815ED)Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)==================== End Of Log ============================ASWMBR:-------aswMBR version 0.9.9.1771 Copyright© 2011 AVAST SoftwareRun date: 2014-02-10 22:28:23-----------------------------22:28:23.830 OS Version: Windows x64 6.1.7601 Service Pack 122:28:23.830 Number of processors: 4 586 0x2A0722:28:23.830 ComputerName: RUNESTASJON-PC UserName: Rune22:28:35.491 Initialize success22:30:31.542 AVAST engine defs: 1402100122:30:55.546 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-022:30:55.546 Disk 0 Vendor: ST1000DM CC46 Size: 953869MB BusType: 322:30:55.556 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-122:30:55.556 Disk 1 Vendor: OCZ-AGIL 2.15 Size: 114473MB BusType: 322:30:55.566 Disk 1 MBR read successfully22:30:55.576 Disk 1 MBR scan22:30:55.576 Disk 1 Windows 7 default MBR code22:30:55.586 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 114471 MB offset 204822:30:55.606 Disk 1 scanning C:\Windows\system32\drivers22:30:58.846 Service scanning22:31:06.986 Modules scanning22:31:06.986 Disk 1 trace - called modules:22:31:06.996 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll22:31:07.006 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80103d3060]22:31:07.006 3 CLASSPNP.SYS[fffff88001efb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800dfd6050]22:31:07.197 AVAST engine scan C:\Windows22:31:07.657 AVAST engine scan C:\Windows\system3222:32:28.338 AVAST engine scan C:\Windows\system32\drivers22:32:31.089 AVAST engine scan C:\Users\Rune22:33:24.845 AVAST engine scan C:\ProgramData22:33:33.076 Scan finished successfully22:34:18.371 Disk 1 MBR has been saved successfully to "C:\Users\Rune\Desktop\Mother\Avastlog\MBR.dat"22:34:18.371 The log file has been saved successfully to "C:\Users\Rune\Desktop\Mother\Avastlog\aswMBR.txt" Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790008 Share Posted February 12, 2014 Must add that I have tried removing it in safe and normal mode before posting here:with malwarebytes, adaware, superantispyare, webroot, avast, avg and one maybe a couple more which I do not recall the names right now. Link to post Share on other sites More sharing options...
MrCharlie Posted February 12, 2014 ID:790044 Share Posted February 12, 2014 Have you read the policy on Piracy?? https://forums.malwarebytes.org/index.php?showtopic=97700 MrC Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790054 Share Posted February 12, 2014 Just read your post. This machine has been setup for me by a friend and I must admit that I am not all that computer savvy myself but use Google for my AV searches.Will give him a call to see what is not "kosher" if anything. I cannot read code so I am terribly sorry if I have given you something that you did not want. Will delete anything that is not ok with you guys.Would be very grateful if you gave me some pointers as to where to start. The only thing I can guess must be a torrent software which I will delete from my system ASAP. Terribly sorry if that is what causing a conflict here. - On a side note: The malware I have is acting like this: Slower internet connection.Pop ups x2:One in the bottom of the screen stating how many percentage of "safety" the current webpage I visit is on - like a trust guard.And one in the lower right corner stating that I have low disc space. ( I do not have low disc space by the way. ) Thanks for your help - really appreciate it! Link to post Share on other sites More sharing options...
MrCharlie Posted February 12, 2014 ID:790058 Share Posted February 12, 2014 Adobe After Effects CS5.5 (x32 Version: 10.5 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) HiddenAdobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.)Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) HiddenAdobe Dreamweaver CS5.5 (x32 Version: 11.5 - Adobe Systems Incorporated)Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)Adobe Illustrator CS5.1 (x32 Version: 15.1 - Adobe Systems Incorporated)Adobe Photoshop CS5.1 (x32 Version: 12.1 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated)Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) HiddenAdobe Widget Browser (x32 Version: 2.0 Build 230 - Adobe Systems Incorporated.)Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden 2012-04-15 19:32 - 2012-04-15 19:01 - 00001811 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790062 Share Posted February 12, 2014 Thanks. Must say I am not all that familiar with the process of these things. Will I be good if I delete all of Adobe programs from my pc? Link to post Share on other sites More sharing options...
MrCharlie Posted February 12, 2014 ID:790065 Share Posted February 12, 2014 These you can keep, the rest uninstall: Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated) Then............... Please go to the link below, download and run Fixit: http://support.microsoft.com/kb/972034 <---reset host file fixit Last....... Please download and run RogueKiller 32 Bit to your desktop. RogueKiller 64 Bit <---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad!!!!!!! Post back the report which should be located on your desktop. (please don't put logs in code or quotes and use the default font) General Forum P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided. 2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running, please create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. ------->Your topic will be closed if you haven't replied within 3 days!<-------- (If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790109 Share Posted February 12, 2014 Ok. Should be better now. Here is the first step and log: --------------------------------RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Rune [Admin rights]Mode : Scan -- Date : 02/12/2014 16:24:15| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : BLSyndicationSystem (C:\Users\Rune\Desktop\Social Syndication\SociSynd_Submitter.exe [x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-892377978-1441931877-1165036963-1000\[...]\Run : BLSyndicationSystem (C:\Users\Rune\Desktop\Social Syndication\SociSynd_Submitter.exe [x][x]) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM003-9YN162 +++++--- User ---[MBR] 41eca58f1c190b0e980e2c10f0390f30[bSP] 5a6957a2bc7b9a71fb8291bf0d3e1c81 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 125 Mo2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 258048 | Size: 953742 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) OCZ-AGILITY3 +++++--- User ---[MBR] b8825ed2e992a3d4876bb78db86f34c7[bSP] c5f622ee7ce8e0136bad8c44ce41e68c : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE3 @ USB) StoreJet Transcend USB Device +++++--- User ---[MBR] 16083d832a185440785700628c0347f4[bSP] 21cd240dc894aa1afce793cdbe816c78 : Windows XP MBR CodePartition table:0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 953867 MoUser = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )Finished : << RKreport[0]_S_02122014_162415.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted February 12, 2014 ID:790118 Share Posted February 12, 2014 Download and run DDS as outlined here:http://forums.malwarebytes.org/index.php?showtopic=9573Post back (or attach) the 2 logs.MrC Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790123 Share Posted February 12, 2014 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428Run by Rune at 16:56:48 on 2014-02-12Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.14339 [GMT 1:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Program Files\WTouch\WTouchService.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Nuance\dgnsvc.exeC:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exeC:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exeC:\Windows\system32\IProsetMonitor.exeE:\Programs\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\Pen_Tablet.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskhost.exeC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\Windows\Explorer.EXEC:\Program Files\WTouch\WTouchUser.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeE:\Programs\Roboform\robotaskbaricon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeE:\Programs\Logitech Webcam\LWS\Webcam Software\LWS.exeE:\Programs\Office\Office12\ONENOTEM.EXEC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exeC:\Windows\system32\WTablet\Pen_TabletUser.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\Pen_Tablet.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k SDRSVCC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeE:\Temp Downloads\RogueKillerX64.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\System32\WUDFHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\roboform.dllBHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - E:\Programs\Dragon Nuance Naturally Speaking 12\Program\ieShim.dllBHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - E:\Programs\Roboform\roboform.dllTB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\roboform.dllTB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -uRun: [DAEMON Tools Lite] "E:\Programs\DAEMON Tools Lite\DTLite.exe" -autorunuRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduleruRun: [AdobeBridge] <no file>mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exemRun: [LWS] E:\Programs\Logitech Webcam\LWS\Webcam Software\LWS.exe -hidemRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -schedulermRun: [DNS7reminder] "E:\Programs\Dragon Nuance Naturally Speaking 12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"StartupFolder: C:\Users\Rune\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - E:\Programs\Office\Office12\ONENOTEM.EXEmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Customize Menu - E:\Programs\Roboform\RoboFormComCustomizeIEMenu.htmlIE: E&ksporter til Microsoft Excel - E:\Programs\Office\Office12\EXCEL.EXE/3000IE: Save Forms - E:\Programs\Roboform\RoboFormComSavePass.htmlIE: Show RoboForm Toolbar - E:\Programs\Roboform\RoboFormComShowToolbar.htmlIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - E:\Programs\Office\Office12\ONBttnIE.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - E:\Programs\Roboform\roboform.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - E:\Programs\Roboform\roboform.dllIE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\roboform.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 193.213.112.4 130.67.15.198TCP: Interfaces\{49DD153C-27E0-4694-BB87-A39878C313ED} : DHCPNameServer = 193.213.112.4 130.67.15.198TCP: Interfaces\{8EB4E54D-45EE-4A93-872C-29B4FDDCC2B7} : DHCPNameServer = 193.213.112.4 130.67.15.198TCP: Interfaces\{DE2C8EFC-1269-48E1-BFBE-E68E135B8FB5} : DHCPNameServer = 193.213.112.4 130.67.15.198Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\RoboForm-x64.dllx64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\RoboForm-x64.dllx64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -sx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - E:\Programs\Roboform\RoboForm-x64.dllx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - E:\Programs\Roboform\RoboForm-x64.dllx64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\RoboForm-x64.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\FF - prefs.js: network.proxy.http - 127.0.0.1FF - prefs.js: network.proxy.type - 1FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dllFF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dllFF - plugin: C:\Users\Rune\AppData\Local\Citrix\Plugins\104\npappdetector.dllFF - plugin: C:\Users\Rune\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: E:\Programs\DRAGON~1\Program\npDgnRia.dllFF - plugin: E:\Programs\VLC\npvlc.dll.============= SERVICES / DRIVERS ===============.R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-3-11 283200]R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-10-15 311184]R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-23 13592]R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-2-23 133800]R2 SesamService;Sesam Control Service;E:\Programs\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe [2009-2-17 1237800]R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2013-3-15 5556520]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2013-3-15 127784]R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\System32\drivers\ew_usbenumfilter.sys [2010-3-20 13952]R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2010-8-27 138752]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2014-2-5 181760]R3 wtsmpadap;Sesam Virtual Adapter;C:\Windows\System32\drivers\wtsmpadap.sys [2009-1-31 56104]R3 WtSmpFlt;Sesam Adapter;C:\Windows\System32\drivers\wtsmpflt.sys [2009-1-31 383784]R3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2009-7-31 25600]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-2-5 2151200]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2010-3-20 114560]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2013-3-15 18216]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-23 1255736].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist].=============== Created Last 30 ================.2014-02-12 13:39:27 -------- d-----w- C:\Users\Rune\AppData\Roaming\Local2014-02-10 21:18:21 -------- d-----w- C:\FRST2014-02-10 19:57:32 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe2014-02-10 19:57:31 -------- d-----w- C:\Users\Rune\AppData\Local\lptmp15624962682014-02-09 12:49:37 -------- d-----w- C:\Users\Rune\AppData\Roaming\TuneUp Software2014-02-09 12:46:14 -------- d--h--w- C:\ProgramData\Common Files2014-02-09 12:46:14 -------- d-----w- C:\Users\Rune\AppData\Local\MFAData2014-02-09 12:46:14 -------- d-----w- C:\ProgramData\MFAData2014-02-09 12:25:12 -------- d-----w- C:\Windows\ERUNT2014-02-08 21:40:39 -------- d-----w- C:\Windows\pss2014-02-08 14:14:41 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8EB90C22-ECC7-40CB-9B5D-FF2F72D61A20}\mpengine.dll2014-02-05 22:13:01 181760 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys2014-02-05 22:12:24 99800 ----a-w- C:\Windows\System32\drivers\TeeDriverx64.sys2014-02-05 22:12:24 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll2014-02-05 22:04:52 35840 ----a-w- C:\Windows\System32\mv91xxm.dll2014-02-05 22:04:52 321896 ----a-w- C:\Windows\System32\drivers\mvs91xx.sys2014-02-05 22:04:52 14696 ----a-w- C:\Windows\System32\drivers\mvxxmm.sys2014-02-05 19:07:45 123704 ----a-w- C:\Windows\System32\drivers\jraid.sys2014-02-05 19:07:23 31520 ----a-w- C:\Windows\System32\nvhdap64.dll2014-02-05 19:07:23 196384 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys2014-02-05 19:07:23 1510176 ----a-w- C:\Windows\System32\nvhdagenco64.dll2014-02-05 19:03:27 34080 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe2014-02-05 19:02:12 121856 ----a-w- C:\Windows\System32\IObitSmartDefragExtension.dll2014-02-05 19:01:31 -------- d-----w- C:\Users\Rune\AppData\Local\Google2014-02-05 18:45:07 -------- d-----w- C:\ProgramData\ProductData2014-02-05 18:45:07 -------- d-----w- C:\Program Files (x86)\IObit2014-02-05 18:44:55 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2014-02-05 18:44:53 -------- d-----w- C:\ProgramData\IObit2014-02-05 18:43:05 -------- d-----w- C:\Users\Rune\AppData\Roaming\IObit2014-01-27 22:00:45 -------- d-----w- C:\Users\Rune\AppData\Local\My Games2014-01-27 21:35:37 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2014-01-27 21:35:32 -------- d-----w- C:\Users\Rune\AppData\Local\PunkBuster2014-01-27 20:43:33 -------- d-----w- C:\Users\Rune\AppData\Local\Ubisoft Game Launcher2014-01-27 20:43:22 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02014-01-15 13:16:12 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-15 13:16:12 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-15 13:16:12 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-15 13:16:11 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-15 13:16:11 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-15 13:16:11 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-15 13:16:11 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-15 13:16:11 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-15 13:16:10 376768 ----a-w- C:\Windows\System32\drivers\netio.sys.==================== Find3M ====================.2014-02-05 19:05:58 9619872 ----a-w- C:\Windows\SysWow64\nvopencl.dll2013-12-18 05:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll.============= FINISH: 16:56:55.74 =============== Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790124 Share Posted February 12, 2014 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume2Install Date: 2/23/2012 5:56:58 AMSystem Uptime: 2/12/2014 4:13:58 PM (0 hours ago).Motherboard: ASUSTeK Computer INC. | | SABERTOOTH P67Processor: Intel® Core i5-2500 CPU @ 3.30GHz | LGA1155 | 3301/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 112 GiB total, 36.226 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 931 GiB total, 618.453 GiB free.F: is CDROM ()G: is CDROM (CDFS)H: is RemovableI: is FIXED (FAT32) - 931 GiB total, 579.685 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP253: 2/9/2014 1:08:51 PM - AA11RP254: 2/9/2014 1:11:11 PM - AA11RP255: 2/9/2014 1:49:17 PM - Installed AVG 2014RP256: 2/9/2014 1:49:24 PM - Installed AVG 2014RP257: 2/10/2014 8:46:20 PM - Removed AVG 2014RP258: 2/10/2014 8:48:44 PM - Removed AVG 2014RP259: 2/10/2014 8:50:56 PM - avast! antivirus system restore pointRP260: 2/10/2014 9:48:45 PM - Removed Java 7 Update 51RP261: 2/12/2014 2:20:43 PM - Removed Vegas Pro 11.0RP262: 2/12/2014 2:37:03 PM - Removed Adobe Community HelpRP263: 2/12/2014 2:46:22 PM - Removed Adobe Reader XI (11.0.06).RP264: 2/12/2014 2:50:08 PM - Removed Adobe Widget BrowserRP265: 2/12/2014 2:51:08 PM - Removed Adobe StoryRP266: 2/12/2014 2:56:53 PM - Removed Final Effects Complete 6.0.0 64BitRP267: 2/12/2014 2:58:16 PM - Removed Spelling Dictionaries Support For Adobe Reader 9.RP268: 2/12/2014 3:00:15 PM - Removed Vegas Pro 11.0RP269: 2/12/2014 3:04:36 PM - Removed Apple Application SupportRP270: 2/12/2014 3:05:15 PM - Removed Apple Mobile Device SupportRP271: 2/12/2014 3:05:23 PM - Removed Apple Software UpdateRP272: 2/12/2014 3:05:34 PM - Removed BonjourRP273: 2/12/2014 3:06:26 PM - Removed iTunesRP274: 2/12/2014 4:12:47 PM - Installed Microsoft Fix it 50267.==== Installed Programs ======================.7-Zip 9.22 (x64 edition)7-Zip 9.22betaBambooBeach Millions Traffic AttractorCameraHelperMsiCamtasia Studio 6Citrix Online LauncherClip JuicerDAEMON Tools LiteDragon NaturallySpeaking 12erLTFBAppsNinjaFileZilla Client 3.5.3FlipShareFreeMindG_Insider_Premium 2.0.0.0GoToMeeting 6.0.0.1259GreenSambaIntel® Control CenterIntel® Management Engine ComponentsIntel® Network Connections 15.6.25.0Intel® Rapid Storage TechnologyJMicron JMB36X DriverKickAssBots Domain Bot Beta V 1.4.1 version 1.4.1Lead Finder JackLeft 4 Dead 2Logitech Webcam SoftwarelookinglinkLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.75.0.1300Market SamuraiMarvel Heroesmarvell 91xx driverMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office Excel MUI (Norwegian (Bokmål)) 2007Microsoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (German) 2007Microsoft Office Proof (Norwegian (Bokmål)) 2007Microsoft Office Proof (Norwegian (Nynorsk)) 2007Microsoft Office Proofing (Norwegian (Bokmål)) 2007Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2007Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007Microsoft Office Word MUI (Norwegian (Bokmål)) 2007Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programsMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86Microsoft_VC90_MFCLOC_x86_x64mobilt bredbandMozilla Firefox 27.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRT RedistsMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKNVIDIA 3D Vision Controller Driver 310.70NVIDIA Control Panel 331.82NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Update 1.11.3NVIDIA Update ComponentsPamela Pro 4.8PAYDAY 2PAYDAY: The HeistPDF Pop Up MagicPinball ArcadeQR Code Machine 1.5Realtek High Definition Audio DriverRenesas Electronics USB 3.0 Host Controller DriverRoboForm 7-9-2-5 (All Users)Rockstar Power SuiteScummVM 1.5.0Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)SEO Link Dominator - fast Indexer and PingerSEO Link Robot - Fast Indexer 2.0.2.0Skype Click to CallSkype™ 6.11SmartFTP Client Setup Files 4.1 (x64) (remove only)SteamSWF ComponentsTweetAdder4Unity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)UplayVideo ComponentsViral Meme Maker version 1.0.5Visual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVLC media player 2.1.2WebTablet IE PluginWebTablet Netscape PluginWP Auto Links.==== Event Viewer Messages From Past Week ========.2/9/2014 1:51:04 PM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.2/12/2014 4:16:25 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).2/12/2014 4:16:25 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.2/12/2014 4:15:14 PM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).2/12/2014 3:04:58 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.2/12/2014 2:46:15 PM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.2/10/2014 9:34:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.2/10/2014 9:34:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}2/10/2014 9:34:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}2/10/2014 9:34:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}2/10/2014 9:34:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}2/10/2014 9:34:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}2/10/2014 9:34:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}2/10/2014 9:34:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.2/10/2014 9:34:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted February 12, 2014 ID:790127 Share Posted February 12, 2014 Start with this: Lets clean out any adware/spyware now: (this will require a reboot so save all your work) Please download AdwCleaner from HERE or HERE to your desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. MrC Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790141 Share Posted February 12, 2014 # AdwCleaner v3.018 - Report created 12/02/2014 at 17:29:39# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : Rune - RUNESTASJON-PC# Running from : C:\Users\Rune\Desktop\adw\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428-\\ Mozilla Firefox v27.0 (en-US)[ File : C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\prefs.js ]*************************AdwCleaner[R3].txt - [774 octets] - [12/02/2014 17:22:12]AdwCleaner[s2].txt - [696 octets] - [12/02/2014 17:29:39]########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [755 octets] ##########_________________________________________________________________________________________________________ Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.02.12.06Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Rune :: RUNESTASJON-PC [administrator]2/12/2014 5:35:42 PMmbam-log-2014-02-12 (17-35-42).txtScan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 576716Time elapsed: 35 minute(s), 59 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted February 12, 2014 ID:790145 Share Posted February 12, 2014 Next: Please download and run ComboFix. The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop. Please visit this webpage for download links, and instructions for running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please make sure you click download buttons that look similar to this, not "sponsored ad links": Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Information on disabling your malware programs can be found Here. Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed. Please include the C:\ComboFix.txt in your next reply for further review. ---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed. MrC Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790157 Share Posted February 12, 2014 Hey, Is this the file you want?Or do I need to into dos mode and c: and so on? ComboFix 14-02-12.01 - Rune 02/12/2014 18:59:59.1.4 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.12210 [GMT 1:00]Running from: c:\users\Rune\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Localc:\users\Rune\AppData\Roaming\Localc:\users\Rune\AppData\Roaming\Local\Temp\lptmp1059393488\lp_languages.zipc:\users\Rune\AppData\Roaming\ubotc:\users\Rune\AppData\Roaming\WTouchc:\users\Rune\AppData\Roaming\WTouch\WTouch.xmlc:\users\Rune\g2mdlhlpx.exe..((((((((((((((((((((((((( Files Created from 2014-01-12 to 2014-02-12 )))))))))))))))))))))))))))))))..2014-02-12 18:03 . 2014-02-12 18:03 -------- d-----w- c:\users\Rune\AppData\Roaming\WTouch2014-02-12 18:02 . 2014-02-12 18:02 -------- d-----w- c:\programdata\Local2014-02-12 18:01 . 2014-02-12 18:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-02-12 16:22 . 2014-02-12 16:29 -------- d-----w- C:\AdwCleaner2014-02-10 21:18 . 2014-02-10 21:18 -------- d-----w- C:\FRST2014-02-10 19:57 . 2014-02-10 19:57 10395072 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe2014-02-10 19:57 . 2014-02-10 20:37 -------- d-----w- c:\users\Rune\AppData\Local\lptmp15624962682014-02-09 12:49 . 2014-02-09 12:49 -------- d-----w- c:\users\Rune\AppData\Roaming\TuneUp Software2014-02-09 12:46 . 2014-02-10 19:49 -------- d-----w- c:\programdata\MFAData2014-02-09 12:46 . 2014-02-09 12:46 -------- d--h--w- c:\programdata\Common Files2014-02-09 12:46 . 2014-02-09 12:46 -------- d-----w- c:\users\Rune\AppData\Local\MFAData2014-02-09 12:25 . 2014-02-09 12:25 -------- d-----w- c:\windows\ERUNT2014-02-09 12:07 . 2014-02-09 12:07 -------- d-----w- c:\programdata\Lavasoft2014-02-08 14:14 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EB90C22-ECC7-40CB-9B5D-FF2F72D61A20}\mpengine.dll2014-02-05 22:13 . 2014-02-05 22:13 181760 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys2014-02-05 22:12 . 2014-02-05 22:12 99800 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys2014-02-05 22:12 . 2014-02-05 22:12 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll2014-02-05 22:04 . 2014-02-05 22:04 35840 ----a-w- c:\windows\system32\mv91xxm.dll2014-02-05 22:04 . 2014-02-05 22:04 321896 ----a-w- c:\windows\system32\drivers\mvs91xx.sys2014-02-05 22:04 . 2014-02-05 22:04 14696 ----a-w- c:\windows\system32\drivers\mvxxmm.sys2014-02-05 19:07 . 2014-02-05 19:07 123704 ----a-w- c:\windows\system32\drivers\jraid.sys2014-02-05 19:07 . 2014-02-05 19:07 31520 ----a-w- c:\windows\system32\nvhdap64.dll2014-02-05 19:07 . 2014-02-05 19:07 196384 ----a-w- c:\windows\system32\drivers\nvhda64v.sys2014-02-05 19:07 . 2014-02-05 19:07 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll2014-02-05 19:03 . 2013-11-19 15:52 34080 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2014-02-05 19:02 . 2014-01-08 14:54 121856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll2014-02-05 19:01 . 2014-02-05 19:01 -------- d-----w- c:\users\Rune\AppData\Local\Google2014-02-05 18:45 . 2014-02-09 10:29 -------- d-----w- c:\program files (x86)\IObit2014-02-05 18:45 . 2014-02-05 18:45 -------- d-----w- c:\programdata\ProductData2014-02-05 18:44 . 2014-02-05 18:44 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2014-02-05 18:44 . 2014-02-05 22:14 -------- d-----w- c:\programdata\IObit2014-02-05 18:43 . 2014-02-05 19:02 -------- d-----w- c:\users\Rune\AppData\Roaming\IObit2014-01-27 22:00 . 2014-01-27 22:00 -------- d-----w- c:\users\Rune\AppData\Local\My Games2014-01-27 21:35 . 2014-02-05 22:20 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2014-01-27 21:35 . 2014-01-27 21:35 -------- d-----w- c:\users\Rune\AppData\Local\PunkBuster2014-01-27 20:43 . 2014-01-27 22:09 -------- d-----w- c:\users\Rune\AppData\Local\Ubisoft Game Launcher2014-01-27 20:43 . 2014-02-03 22:52 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02014-01-27 20:43 . 2014-01-27 20:43 -------- d-----w- c:\program files (x86)\Ubisoft2014-01-15 13:16 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2014-01-15 13:16 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2014-01-15 13:16 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2014-01-15 13:16 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2014-01-15 13:16 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2014-01-15 13:16 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2014-01-15 13:16 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2014-01-15 13:16 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys2014-01-15 13:16 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-05 19:05 . 2013-02-25 22:32 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll2014-02-05 19:05 . 2013-02-25 22:32 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll2014-02-05 19:05 . 2013-02-25 22:32 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2014-02-05 19:05 . 2013-02-25 22:32 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll2014-02-05 19:05 . 2013-02-25 22:32 3069608 ----a-w- c:\windows\system32\nvapi64.dll2014-01-16 15:58 . 2012-02-23 03:49 86054176 ----a-w- c:\windows\system32\MRT.exe2013-12-18 05:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe2013-11-26 11:54 . 2013-12-13 02:00 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 10:19 . 2013-12-13 02:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-13 02:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-13 02:00 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-13 02:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-13 02:00 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-13 02:00 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-13 02:00 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-13 02:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-13 02:00 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-13 02:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-13 02:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-13 02:00 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-13 02:00 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-13 02:00 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-13 02:00 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-13 02:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-13 02:00 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-13 02:00 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-13 02:00 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-13 02:00 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-13 02:00 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-13 02:00 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-13 02:00 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-23 18:26 . 2013-12-11 12:53 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-11 12:53 465920 ----a-w- c:\windows\system32\WMPhoto.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="e:\programs\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-12 2068856]"RoboForm"="e:\programs\Roboform\RoboTaskBarIcon.exe" [2013-12-01 109784].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]"LWS"="e:\programs\Logitech Webcam\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-12 2068856]"DNS7reminder"="e:\programs\Dragon Nuance Naturally Speaking 12\Ereg\Ereg.exe" [2010-10-27 328992].c:\users\Rune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnk - e:\programs\Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x]S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]S2 SesamService;Sesam Control Service;e:\programs\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe;e:\programs\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe [x]S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe;c:\windows\SYSNATIVE\Pen_Tablet.exe [x]S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe;c:\program files\WTouch\WTouchService.exe [x]S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys;c:\windows\SYSNATIVE\DRIVERS\wtsmpadap.sys [x]S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys;c:\windows\SYSNATIVE\DRIVERS\wtsmpflt.sys [x]S3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys;c:\windows\SYSNATIVE\drivers\XENfiltv.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-02-05 7205592].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&ksporter til Microsoft Excel - e:\programs\Office\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 193.213.112.4 130.67.15.198FF - ProfilePath - c:\users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\FF - prefs.js: network.proxy.http - 127.0.0.1FF - prefs.js: network.proxy.type - 1.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKCU-Run-BLSyndicationSystem - c:\users\Rune\Desktop\Social Syndication\SociSynd_Submitter.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-892377978-1441931877-1165036963-1000_Classes\CLSID]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-892377978-1441931877-1165036963-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-892377978-1441931877-1165036963-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}]@DACL=(02 0000)@="GoToMeeting Outlook COM Addin".[HKEY_USERS\S-1-5-21-892377978-1441931877-1165036963-1000_Classes\CLSID\{A33A4C68-79F4-15CC-89D9-0BE4B0FDC9C2}]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-892377978-1441931877-1165036963-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}]@DACL=(02 0000).[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exec:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe.**************************************************************************.Completion time: 2014-02-12 19:04:12 - machine was rebootedComboFix-quarantined-files.txt 2014-02-12 18:04.Pre-Run: 38,793,805,824 bytes freePost-Run: 38,649,487,360 bytes free.- - End Of File - - 2DEC819A959703AB17BF9A69F7700FE2 Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790175 Share Posted February 12, 2014 Hey. Kinda sick with a fever so just disregard what I said about going into dos mode...Did some thinking and double checked the file and it was the same. Thanks a LOT for all of the help so far! Link to post Share on other sites More sharing options...
MrCharlie Posted February 12, 2014 ID:790191 Share Posted February 12, 2014 OK, run another scan with FRST and make sure the addition box is checked, post or attach the logs. What symptoms are present?? MrC Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790223 Share Posted February 12, 2014 I get this message: An unexpected error is keeping you from copying the file. If you continue to recieve this error, you can use the error code to search for help with this problem: Error 0x80030002: install.rdf could not be foundinstall.rdftype rdf filedate modified 1/23/2014 11:53 AMSize 2,15kb Googling it t says something about mapple story cannot be played . Do not know what this is. ______________________________________________ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014Ran by Rune (administrator) on RUNESTASJON-PC on 12-02-2014 21:20:25Running from C:\Users\Rune\DesktopWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe(Swisscom) E:\Programs\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe() E:\Programs\Telenor\mobilt bredband\mobilt bredband.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2014-02-05] (Realtek Semiconductor)HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()HKLM-x32\...\Run: [LWS] - E:\Programs\Logitech Webcam\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)HKLM-x32\...\Run: [DNS7reminder] - E:\Programs\Dragon Nuance Naturally Speaking 12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)HKU\S-1-5-21-892377978-1441931877-1165036963-1000\...\Run: [DAEMON Tools Lite] - E:\Programs\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)HKU\S-1-5-21-892377978-1441931877-1165036963-1000\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)HKU\S-1-5-21-892377978-1441931877-1165036963-1000\...\Run: [RoboForm] - E:\Programs\Roboform\RoboTaskBarIcon.exe [109784 2013-12-01] (Siber Systems)Startup: C:\Users\Rune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper og Launcher.lnk -> E:\Programs\Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnkShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x50503E8CEDF1CC01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\RoboForm-x64.dll (Siber Systems Inc.)BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll No FileBHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\roboform.dll (Siber Systems Inc.)BHO-x32: Dragon NaturallySpeaking Rich Internet Application Support - Extension - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - E:\Programs\Dragon Nuance Naturally Speaking 12\Program\ieShim.dll (Nuance Communications, Inc.)BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll No FileToolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\RoboForm-x64.dll (Siber Systems Inc.)Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No FileToolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Programs\Roboform\roboform.dll (Siber Systems Inc.)Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No FileToolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - E:\Programs\Roboform\RoboForm-x64.dll (Siber Systems Inc.)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 193.213.112.4 130.67.15.198FireFox:========FF ProfilePath: C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.defaultFF NetworkProxy: "http", "127.0.0.1"FF NetworkProxy: "type", 1FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.1 - E:\Programs\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - E:\Programs\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)FF Plugin-x32: nuance.com/DragonRIAPlugin - E:\Programs\DRAGON~1\Program\npDgnRia.dll (Nuance Communications Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Rune\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Rune\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()FF SearchPlugin: C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\searchplugins\wot-safe-search.xmlFF Extension: SeoQuake - C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-10-13]FF Extension: Webroot Password Manager - C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted [2014-02-10]FF Extension: WOT - C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-29]FF Extension: Disconnect - C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\Extensions\2.0@disconnect.me.xpi [2013-10-07]FF Extension: S3 Firefox Organizer(S3Fox) - C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\Extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi [2012-04-25]FF Extension: lookinglink - C:\Users\Rune\AppData\Roaming\Mozilla\Firefox\Profiles\st0cn8zi.default\Extensions\{7f6d153f-9819-4c98-96fb-5c6aa213f0ea}.xpi [2014-02-03]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-06]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-06]FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - E:\Programs\Dragon Nuance Naturally Speaking 12\Program\ffShim.xpiFF Extension: No Name - E:\Programs\Dragon Nuance Naturally Speaking 12\Program\ffShim.xpi [2013-10-15]FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - E:\Programs\Roboform\FirefoxFF Extension: RoboForm Toolbar for Firefox - E:\Programs\Roboform\Firefox [2012-04-19]Chrome:=======Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTIONCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - E:\Programs\Dragon Nuance Naturally Speaking 12\Program\chromeShim.crx [2013-10-15]==================== Services (Whitelisted) =================R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)R2 SesamService; E:\Programs\Telenor\mobilt bredband\Sesam\BIN\SecMIPService.exe [1237800 2009-02-17] (Swisscom)R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127784 2009-11-24] (Wacom Technology, Corp.)==================== Drivers (Whitelisted) ====================R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-11] (DT Soft Ltd)R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2010-08-27] (Huawei Technologies Co., Ltd.)R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2014-02-05] (Intel Corporation)R3 wtsmpadap; C:\Windows\System32\DRIVERS\wtsmpadap.sys [56104 2009-01-31] (Swisscom)R3 WtSmpFlt; C:\Windows\System32\DRIVERS\wtsmpflt.sys [383784 2009-01-31] (Swisscom)R3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-02-12 21:20 - 2014-02-12 21:26 - 00011635 _____ () C:\Users\Rune\Desktop\FRST.txt2014-02-12 21:18 - 2014-02-12 21:18 - 02152448 _____ (Farbar) C:\Users\Rune\Desktop\FRST64.exe2014-02-12 21:18 - 2014-02-12 21:18 - 00017355 _____ () C:\Users\Rune\Desktop\FXQQkY2_.htm2014-02-12 19:04 - 2014-02-12 19:04 - 00018024 _____ () C:\ComboFix.txt2014-02-12 19:03 - 2014-02-12 19:03 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\WTouch2014-02-12 18:59 - 2014-02-12 19:04 - 00000000 ____D () C:\Qoobox2014-02-12 18:59 - 2014-02-12 19:03 - 00000000 ____D () C:\Windows\erdnt2014-02-12 18:59 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe2014-02-12 18:59 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe2014-02-12 18:59 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-02-12 18:59 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-02-12 18:59 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-02-12 18:59 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe2014-02-12 18:59 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe2014-02-12 18:59 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe2014-02-12 18:51 - 2014-02-12 18:51 - 05180679 ____R (Swearware) C:\Users\Rune\Desktop\ComboFix.exe2014-02-12 18:49 - 2014-02-12 18:51 - 00000000 ____D () C:\Users\Rune\Desktop\Combo2014-02-12 17:22 - 2014-02-12 17:29 - 00000000 ____D () C:\AdwCleaner2014-02-12 17:20 - 2014-02-12 17:21 - 00000000 ____D () C:\Users\Rune\Desktop\adw2014-02-12 16:57 - 2014-02-12 16:57 - 00003964 _____ () C:\Users\Rune\Desktop\attach.zip2014-02-12 16:56 - 2014-02-12 16:56 - 00017852 _____ () C:\Users\Rune\Desktop\dds.txt2014-02-12 16:56 - 2014-02-12 16:56 - 00013805 _____ () C:\Users\Rune\Desktop\attach.txt2014-02-12 16:55 - 2014-02-12 16:55 - 00688992 ____R (Swearware) C:\Users\Rune\Desktop\dds.com2014-02-12 16:24 - 2014-02-12 16:24 - 00002780 _____ () C:\Users\Rune\Desktop\RKreport[0]_S_02122014_162415.txt2014-02-10 22:18 - 2014-02-12 21:20 - 00000000 ____D () C:\FRST2014-02-10 20:57 - 2014-02-12 14:53 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-02-10 20:57 - 2014-02-10 21:37 - 00000000 ____D () C:\Users\Rune\AppData\Local\lptmp15624962682014-02-09 22:07 - 2014-02-09 22:07 - 00000038 _____ () C:\Users\Rune\AppData\Roaming\mbam.context.scan2014-02-09 13:49 - 2014-02-09 13:49 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\TuneUp Software2014-02-09 13:46 - 2014-02-10 20:49 - 00000000 ____D () C:\ProgramData\MFAData2014-02-09 13:46 - 2014-02-09 13:46 - 00000000 ____D () C:\Users\Rune\AppData\Local\MFAData2014-02-09 13:25 - 2014-02-09 13:25 - 00000000 ____D () C:\Windows\ERUNT2014-02-09 13:08 - 2014-02-09 13:08 - 00003132 _____ () C:\Windows\System32\Tasks\{1241CD9C-F1E2-41FE-8316-EF883A1DB809}2014-02-09 13:07 - 2014-02-09 13:07 - 00000000 ____D () C:\ProgramData\Lavasoft2014-02-09 13:05 - 2014-02-12 19:02 - 00316850 _____ () C:\Windows\PFRO.log2014-02-09 13:05 - 2014-02-12 19:02 - 00002250 _____ () C:\Windows\setupact.log2014-02-09 13:05 - 2014-02-09 13:05 - 00000000 _____ () C:\Windows\setuperr.log2014-02-09 11:29 - 2014-02-09 11:29 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled2014-02-08 22:40 - 2014-02-10 21:35 - 00000000 ____D () C:\Windows\pss2014-02-06 21:18 - 2014-02-06 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-02-05 23:19 - 2014-02-06 16:02 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute2014-02-05 23:14 - 2014-02-05 23:14 - 00003158 _____ () C:\Windows\System32\Tasks\Game_Booster_AutoUpdate2014-02-05 23:13 - 2014-02-05 23:13 - 00181760 _____ (Renesas Electronics Corporation) C:\Windows\system32\Drivers\nusb3xhc.sys2014-02-05 23:12 - 2014-02-05 23:12 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll2014-02-05 23:12 - 2014-02-05 23:12 - 00099800 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys2014-02-05 23:12 - 2014-02-05 23:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf2014-02-05 23:04 - 2014-02-05 23:04 - 00321896 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvs91xx.sys2014-02-05 23:04 - 2014-02-05 23:04 - 00035840 _____ (<Marvell>) C:\Windows\system32\mv91xxm.dll2014-02-05 23:04 - 2014-02-05 23:04 - 00014696 _____ (Marvell Semiconductor Inc.) C:\Windows\system32\Drivers\mvxxmm.sys2014-02-05 20:17 - 2014-02-05 20:17 - 66252800 _____ () C:\Windows\system32\config\SOFTWARE.iobit2014-02-05 20:17 - 2014-02-05 20:17 - 00167936 _____ () C:\Windows\system32\config\DEFAULT.iobit2014-02-05 20:17 - 2014-02-05 20:17 - 00061440 _____ () C:\Windows\system32\config\SAM.iobit2014-02-05 20:17 - 2014-02-05 20:17 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit2014-02-05 20:12 - 2014-02-05 20:12 - 00000000 ____H () C:\ProgramData\DP45977C.lfl2014-02-05 20:11 - 2014-02-05 20:11 - 41974272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat2014-02-05 20:11 - 2014-02-05 20:11 - 27644160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 14153984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 05753112 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll2014-02-05 20:11 - 2014-02-05 20:11 - 05681196 _____ () C:\Windows\system32\Drivers\rtvienna.dat2014-02-05 20:11 - 2014-02-05 20:11 - 03899648 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 03760344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys2014-02-05 20:11 - 2014-02-05 20:11 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 02036992 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01922304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl2014-02-05 20:11 - 2014-02-05 20:11 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01345280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01286400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01014016 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00912184 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00897792 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00722688 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00693329 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT2014-02-05 20:11 - 2014-02-05 20:11 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00618200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00605496 _____ () C:\Windows\system32\audioLibVc.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll2014-02-05 20:07 - 2014-02-05 20:07 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll2014-02-05 20:07 - 2014-02-05 20:07 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2014-02-05 20:07 - 2014-02-05 20:07 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys2014-02-05 20:07 - 2014-02-05 20:07 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-02-05 20:05 - 2014-02-05 20:05 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-02-05 20:05 - 2014-02-05 20:05 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-02-05 20:05 - 2014-02-05 20:05 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-02-05 20:05 - 2014-02-05 20:05 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2014-02-05 20:05 - 2014-02-05 20:05 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-02-05 20:05 - 2014-02-05 20:05 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-02-05 20:05 - 2014-02-05 20:05 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-02-05 20:05 - 2014-02-05 20:05 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-02-05 20:05 - 2014-02-05 20:05 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-02-05 20:05 - 2014-02-05 20:05 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-02-05 20:05 - 2014-02-05 20:05 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll2014-02-05 20:05 - 2014-02-05 20:05 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-02-05 20:05 - 2014-02-05 20:05 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2014-02-05 20:05 - 2014-02-05 20:05 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll2014-02-05 20:05 - 2014-02-05 20:05 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll2014-02-05 20:05 - 2014-02-05 20:05 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-02-05 20:03 - 2013-11-19 16:52 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe2014-02-05 20:02 - 2014-01-08 15:54 - 00121856 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll2014-02-05 20:01 - 2014-02-05 20:01 - 00000000 ____D () C:\Users\Rune\AppData\Local\Google2014-02-05 19:45 - 2014-02-09 11:29 - 00000000 ____D () C:\Program Files (x86)\IObit2014-02-05 19:45 - 2014-02-05 19:45 - 00000000 ____D () C:\ProgramData\ProductData2014-02-05 19:44 - 2014-02-05 23:14 - 00000000 ____D () C:\ProgramData\IObit2014-02-05 19:44 - 2014-02-05 19:44 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2014-02-05 19:43 - 2014-02-05 20:02 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\IObit2014-01-31 13:07 - 2014-01-31 14:19 - 00189440 _____ () C:\Users\Rune\Documents\cross country ski goggles.msam2014-01-27 23:00 - 2014-01-27 23:00 - 00000000 ____D () C:\Users\Rune\AppData\Local\My Games2014-01-27 22:35 - 2014-02-05 23:20 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr2014-01-27 22:35 - 2014-01-27 22:35 - 00000000 ____D () C:\Users\Rune\AppData\Local\PunkBuster2014-01-27 22:34 - 2014-01-27 22:34 - 00000000 ____D () C:\Users\Rune\Documents\My Games2014-01-27 21:43 - 2014-02-03 23:52 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex02014-01-27 21:43 - 2014-01-27 23:09 - 00000000 ____D () C:\Users\Rune\AppData\Local\Ubisoft Game Launcher2014-01-27 21:43 - 2014-01-27 21:43 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft2014-01-27 21:43 - 2014-01-27 21:43 - 00000000 ____D () C:\Program Files (x86)\Ubisoft2014-01-16 18:22 - 2014-01-16 18:22 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log2014-01-15 14:16 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2014-01-15 14:16 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2014-01-15 14:16 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2014-01-15 14:16 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2014-01-15 14:16 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2014-01-15 14:16 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2014-01-15 14:16 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2014-01-15 14:16 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2014-01-15 14:16 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-01-14 00:09 - 2014-01-14 00:09 - 00013405 _____ () C:\Users\Rune\Documents\hijackthis.log==================== One Month Modified Files and Folders =======2014-02-12 21:26 - 2014-02-12 21:20 - 00011635 _____ () C:\Users\Rune\Desktop\FRST.txt2014-02-12 21:20 - 2014-02-10 22:18 - 00000000 ____D () C:\FRST2014-02-12 21:18 - 2014-02-12 21:18 - 02152448 _____ (Farbar) C:\Users\Rune\Desktop\FRST64.exe2014-02-12 21:18 - 2014-02-12 21:18 - 00017355 _____ () C:\Users\Rune\Desktop\FXQQkY2_.htm2014-02-12 21:16 - 2012-02-23 05:56 - 01648452 _____ () C:\Windows\WindowsUpdate.log2014-02-12 19:09 - 2009-07-14 05:45 - 00024096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-02-12 19:09 - 2009-07-14 05:45 - 00024096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-02-12 19:07 - 2009-07-14 06:13 - 00816032 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-12 19:04 - 2014-02-12 19:04 - 00018024 _____ () C:\ComboFix.txt2014-02-12 19:04 - 2014-02-12 18:59 - 00000000 ____D () C:\Qoobox2014-02-12 19:04 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default2014-02-12 19:03 - 2014-02-12 19:03 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\WTouch2014-02-12 19:03 - 2014-02-12 18:59 - 00000000 ____D () C:\Windows\erdnt2014-02-12 19:03 - 2013-03-15 20:22 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\WTablet2014-02-12 19:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini2014-02-12 19:02 - 2014-02-09 13:05 - 00316850 _____ () C:\Windows\PFRO.log2014-02-12 19:02 - 2014-02-09 13:05 - 00002250 _____ () C:\Windows\setupact.log2014-02-12 19:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-12 19:01 - 2012-02-23 05:56 - 00000000 ____D () C:\Users\Rune2014-02-12 18:51 - 2014-02-12 18:51 - 05180679 ____R (Swearware) C:\Users\Rune\Desktop\ComboFix.exe2014-02-12 18:51 - 2014-02-12 18:49 - 00000000 ____D () C:\Users\Rune\Desktop\Combo2014-02-12 17:29 - 2014-02-12 17:22 - 00000000 ____D () C:\AdwCleaner2014-02-12 17:21 - 2014-02-12 17:20 - 00000000 ____D () C:\Users\Rune\Desktop\adw2014-02-12 16:57 - 2014-02-12 16:57 - 00003964 _____ () C:\Users\Rune\Desktop\attach.zip2014-02-12 16:56 - 2014-02-12 16:56 - 00017852 _____ () C:\Users\Rune\Desktop\dds.txt2014-02-12 16:56 - 2014-02-12 16:56 - 00013805 _____ () C:\Users\Rune\Desktop\attach.txt2014-02-12 16:55 - 2014-02-12 16:55 - 00688992 ____R (Swearware) C:\Users\Rune\Desktop\dds.com2014-02-12 16:24 - 2014-02-12 16:24 - 00002780 _____ () C:\Users\Rune\Desktop\RKreport[0]_S_02122014_162415.txt2014-02-12 15:07 - 2012-03-12 20:58 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\Real2014-02-12 15:07 - 2012-03-12 20:58 - 00000000 ____D () C:\Program Files (x86)\Real2014-02-12 15:06 - 2014-01-03 15:54 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-02-12 15:00 - 2012-03-12 19:38 - 00000000 ____D () C:\Program Files (x86)\Sony2014-02-12 15:00 - 2012-03-04 22:53 - 00000000 ____D () C:\Users\Rune\AppData\Local\Sony2014-02-12 14:57 - 2013-10-07 19:33 - 00000000 ____D () C:\Program Files (x86)\Boris Fx, Inc2014-02-12 14:53 - 2014-02-10 20:57 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-02-12 14:50 - 2012-02-23 06:27 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-02-12 14:48 - 2012-03-03 18:58 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\Skype2014-02-12 14:46 - 2012-02-23 06:27 - 00000000 ____D () C:\ProgramData\Adobe2014-02-12 14:45 - 2012-02-23 05:47 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\Adobe2014-02-12 14:43 - 2012-03-04 22:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2014-02-10 21:37 - 2014-02-10 20:57 - 00000000 ____D () C:\Users\Rune\AppData\Local\lptmp15624962682014-02-10 21:35 - 2014-02-08 22:40 - 00000000 ____D () C:\Windows\pss2014-02-10 20:52 - 2014-01-12 21:33 - 00000000 ____D () C:\ProgramData\AVAST Software2014-02-10 20:49 - 2014-02-09 13:46 - 00000000 ____D () C:\ProgramData\MFAData2014-02-09 22:07 - 2014-02-09 22:07 - 00000038 _____ () C:\Users\Rune\AppData\Roaming\mbam.context.scan2014-02-09 13:49 - 2014-02-09 13:49 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\TuneUp Software2014-02-09 13:46 - 2014-02-09 13:46 - 00000000 ____D () C:\Users\Rune\AppData\Local\MFAData2014-02-09 13:25 - 2014-02-09 13:25 - 00000000 ____D () C:\Windows\ERUNT2014-02-09 13:08 - 2014-02-09 13:08 - 00003132 _____ () C:\Windows\System32\Tasks\{1241CD9C-F1E2-41FE-8316-EF883A1DB809}2014-02-09 13:07 - 2014-02-09 13:07 - 00000000 ____D () C:\ProgramData\Lavasoft2014-02-09 13:05 - 2014-02-09 13:05 - 00000000 _____ () C:\Windows\setuperr.log2014-02-09 11:29 - 2014-02-09 11:29 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled2014-02-09 11:29 - 2014-02-05 19:45 - 00000000 ____D () C:\Program Files (x86)\IObit2014-02-08 22:28 - 2012-04-25 02:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-02-07 16:44 - 2012-03-20 08:09 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\vlc2014-02-07 16:00 - 2012-02-23 06:06 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-02-07 00:22 - 2012-04-15 20:06 - 00000132 _____ () C:\Users\Rune\AppData\Roaming\Adobe PNG Format CS5 Prefs2014-02-06 21:18 - 2014-02-06 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-02-06 16:02 - 2014-02-05 23:19 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute2014-02-05 23:20 - 2014-01-27 22:35 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr2014-02-05 23:14 - 2014-02-05 23:14 - 00003158 _____ () C:\Windows\System32\Tasks\Game_Booster_AutoUpdate2014-02-05 23:14 - 2014-02-05 19:44 - 00000000 ____D () C:\ProgramData\IObit2014-02-05 23:13 - 2014-02-05 23:13 - 00181760 _____ (Renesas Electronics Corporation) C:\Windows\system32\Drivers\nusb3xhc.sys2014-02-05 23:12 - 2014-02-05 23:12 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll2014-02-05 23:12 - 2014-02-05 23:12 - 00099800 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys2014-02-05 23:12 - 2014-02-05 23:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf2014-02-05 23:04 - 2014-02-05 23:04 - 00321896 _____ (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvs91xx.sys2014-02-05 23:04 - 2014-02-05 23:04 - 00035840 _____ (<Marvell>) C:\Windows\system32\mv91xxm.dll2014-02-05 23:04 - 2014-02-05 23:04 - 00014696 _____ (Marvell Semiconductor Inc.) C:\Windows\system32\Drivers\mvxxmm.sys2014-02-05 20:17 - 2014-02-05 20:17 - 66252800 _____ () C:\Windows\system32\config\SOFTWARE.iobit2014-02-05 20:17 - 2014-02-05 20:17 - 00167936 _____ () C:\Windows\system32\config\DEFAULT.iobit2014-02-05 20:17 - 2014-02-05 20:17 - 00061440 _____ () C:\Windows\system32\config\SAM.iobit2014-02-05 20:17 - 2014-02-05 20:17 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit2014-02-05 20:12 - 2014-02-05 20:12 - 00000000 ____H () C:\ProgramData\DP45977C.lfl2014-02-05 20:12 - 2012-02-23 06:08 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM2014-02-05 20:11 - 2014-02-05 20:11 - 41974272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat2014-02-05 20:11 - 2014-02-05 20:11 - 27644160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 14153984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 05753112 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll2014-02-05 20:11 - 2014-02-05 20:11 - 05681196 _____ () C:\Windows\system32\Drivers\rtvienna.dat2014-02-05 20:11 - 2014-02-05 20:11 - 03899648 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 03760344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys2014-02-05 20:11 - 2014-02-05 20:11 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 02036992 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01922304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl2014-02-05 20:11 - 2014-02-05 20:11 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01345280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01286400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01084160 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01014016 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00912184 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00907008 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00897792 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00722688 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00693329 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT2014-02-05 20:11 - 2014-02-05 20:11 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00618200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00605496 _____ () C:\Windows\system32\audioLibVc.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00244480 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll2014-02-05 20:11 - 2014-02-05 20:11 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll2014-02-05 20:07 - 2014-02-05 20:07 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll2014-02-05 20:07 - 2014-02-05 20:07 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2014-02-05 20:07 - 2014-02-05 20:07 - 00123704 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys2014-02-05 20:07 - 2014-02-05 20:07 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2014-02-05 20:06 - 2012-02-23 06:31 - 00000000 ____D () C:\ProgramData\NVIDIA2014-02-05 20:06 - 2012-02-23 06:31 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-02-05 20:05 - 2014-02-05 20:05 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-02-05 20:05 - 2014-02-05 20:05 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-02-05 20:05 - 2014-02-05 20:05 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-02-05 20:05 - 2014-02-05 20:05 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-02-05 20:05 - 2014-02-05 20:05 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2014-02-05 20:05 - 2014-02-05 20:05 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-02-05 20:05 - 2014-02-05 20:05 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-02-05 20:05 - 2014-02-05 20:05 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-02-05 20:05 - 2014-02-05 20:05 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-02-05 20:05 - 2014-02-05 20:05 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-02-05 20:05 - 2014-02-05 20:05 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-02-05 20:05 - 2014-02-05 20:05 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll2014-02-05 20:05 - 2014-02-05 20:05 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-02-05 20:05 - 2014-02-05 20:05 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2014-02-05 20:05 - 2014-02-05 20:05 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll2014-02-05 20:05 - 2014-02-05 20:05 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll2014-02-05 20:05 - 2014-02-05 20:05 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-02-05 20:05 - 2014-02-05 20:05 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-02-05 20:05 - 2013-02-25 23:32 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2014-02-05 20:05 - 2013-02-25 23:32 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2014-02-05 20:05 - 2013-02-25 23:32 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2014-02-05 20:05 - 2013-02-25 23:32 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2014-02-05 20:05 - 2013-02-25 23:32 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2014-02-05 20:05 - 2011-05-21 15:01 - 00023754 _____ () C:\Windows\system32\nvinfo.pb2014-02-05 20:02 - 2014-02-05 19:43 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\IObit2014-02-05 20:01 - 2014-02-05 20:01 - 00000000 ____D () C:\Users\Rune\AppData\Local\Google2014-02-05 19:55 - 2013-08-18 23:10 - 00000000 ____D () C:\Windows\Minidump2014-02-05 19:55 - 2012-02-23 05:49 - 00000000 ____D () C:\Windows\Panther2014-02-05 19:53 - 2012-10-15 23:09 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\FileZilla2014-02-05 19:53 - 2012-03-11 03:55 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\DAEMON Tools Lite2014-02-05 19:45 - 2014-02-05 19:45 - 00000000 ____D () C:\ProgramData\ProductData2014-02-05 19:45 - 2014-01-03 15:54 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\Apple Computer2014-02-05 19:44 - 2014-02-05 19:44 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}2014-02-03 23:52 - 2014-01-27 21:43 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex02014-02-03 17:01 - 2012-02-23 07:41 - 00000000 ____D () C:\Users\Rune\AppData\Local\Adobe2014-01-31 14:19 - 2014-01-31 13:07 - 00189440 _____ () C:\Users\Rune\Documents\cross country ski goggles.msam2014-01-31 13:15 - 2012-09-14 13:39 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\GInsider2014-01-27 23:09 - 2014-01-27 21:43 - 00000000 ____D () C:\Users\Rune\AppData\Local\Ubisoft Game Launcher2014-01-27 23:00 - 2014-01-27 23:00 - 00000000 ____D () C:\Users\Rune\AppData\Local\My Games2014-01-27 22:35 - 2014-01-27 22:35 - 00000000 ____D () C:\Users\Rune\AppData\Local\PunkBuster2014-01-27 22:34 - 2014-01-27 22:34 - 00000000 ____D () C:\Users\Rune\Documents\My Games2014-01-27 21:43 - 2014-01-27 21:43 - 00000000 ____D () C:\Users\Rune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft2014-01-27 21:43 - 2014-01-27 21:43 - 00000000 ____D () C:\Program Files (x86)\Ubisoft2014-01-16 18:23 - 2013-10-22 12:45 - 00000000 ____D () C:\ProgramData\Oracle2014-01-16 18:22 - 2014-01-16 18:22 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log2014-01-16 17:16 - 2009-07-14 05:45 - 04877264 _____ () C:\Windows\system32\FNTCACHE.DAT2014-01-16 17:00 - 2013-08-15 17:32 - 00000000 ____D () C:\Windows\system32\MRT2014-01-16 16:58 - 2012-02-23 04:49 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-01-14 00:09 - 2014-01-14 00:09 - 00013405 _____ () C:\Users\Rune\Documents\hijackthis.log==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-02-08 15:16==================== End Of Log ============================ Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790224 Share Posted February 12, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2014Ran by Rune at 2014-02-12 21:26:16Running from C:\Users\Rune\DesktopBoot Mode: Normal============================================================================== Security Center ========================AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================7-Zip 9.22 (x64 edition) (Version: 9.22.00.0 - Igor Pavlov)7-Zip 9.22beta (x32 Version: - )Bamboo (x32 Version: - Wacom Technology Corp.)Beach Millions Traffic Attractor (x32 Version: 3.3 - OTC Publishing)Beach Millions Traffic Attractor (x32 Version: 3.3 - OTC Publishing) HiddenCameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) HiddenCamtasia Studio 6 (x32 Version: 6.0.2 - TechSmith Corporation)Citrix Online Launcher (x32 Version: 1.0.162 - Citrix)Clip Juicer (x32 Version: 1.0.0 - Nick Amaral)DAEMON Tools Lite (x32 Version: 4.45.3.0297 - DT Soft Ltd)Dragon NaturallySpeaking 12 (x32 Version: 12.50.000 - Nuance Communications Inc.)erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenFBAppsNinja (x32 Version: 2.0.4 - FBAppsNinja.com)FileZilla Client 3.5.3 (x32 Version: 3.5.3 - FileZilla Project)FlipShare (x32 Version: 5.12.3.0 - Flip Video)FreeMind (x32 Version: 0.9.0 - )G_Insider_Premium 2.0.0.0 (x32 Version: - Antification)GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)GreenSamba (x32 Version: - )Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)Intel® Network Connections 15.6.25.0 (Version: 15.6.25.0 - Intel)Intel® Network Connections 15.6.25.0 (Version: 15.6.25.0 - Intel) HiddenIntel® Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)JMicron JMB36X Driver (x32 Version: 1.17.58.2 - JMicron Technology Corp.)KickAssBots Domain Bot Beta V 1.4.1 version 1.4.1 (x32 Version: 1.4.1 - KickAssBots)Lead Finder Jack (x32 Version: 1.1.39 - GuideTrade LLC)Left 4 Dead 2 (x32 Version: - Valve)Logitech Webcam Software (x32 Version: 2.0 - Logitech Inc.)lookinglink (Version: 2014.02.03.223422 - lookinglink)LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) HiddenLWS Gallery (x32 Version: 13.31.1038.0 - Logitech) HiddenLWS Help_main (x32 Version: 13.31.1044.0 - Logitech) HiddenLWS Launcher (x32 Version: 13.31.1038.0 - Logitech) HiddenLWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) HiddenLWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) HiddenLWS Twitter (x32 Version: 13.30.1346.0 - Logitech) HiddenLWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) HiddenLWS VideoEffects (Version: 13.30.1379.0 - Logitech) HiddenLWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) HiddenLWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) HiddenLWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)Market Samurai (x32 Version: 0.93.06 - Alliance Software Pty Ltd)Market Samurai (x32 Version: 0.93.06 - Alliance Software Pty Ltd) HiddenMarvel Heroes (x32 Version: - Gazillion Entertainment)marvell 91xx driver (x32 Version: 1.0.0.1051 - Marvell)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Office Proof (Norwegian (Nynorsk)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Office Proofing (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2007 (Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (Norwegian (Bokmål)) 2007 (x32 Version: 12.0.4518.1022 - Microsoft Corporation) HiddenMicrosoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (x32 Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) HiddenMicrosoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hiddenmobilt bredband (Version: 2.3.1.343 - Option) Hiddenmobilt bredband (x32 Version: 2.3.1.343 - Option)Mozilla Firefox 27.0 (x86 en-US) (x32 Version: 27.0 - Mozilla)Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) HiddenMSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) HiddenMSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)NVIDIA 3D Vision Controller Driver 310.70 (Version: 310.70 - NVIDIA Corporation)NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) HiddenNVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) HiddenPamela Pro 4.8 (x32 Version: 4.8 - Scendix Software-Vertriebsges. mbH)PAYDAY 2 (x32 Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (x32 Version: - Overkill)PDF Pop Up Magic (x32 Version: 0 - Ken Sar)Pinball Arcade (x32 Version: - FarSight Studios)QR Code Machine 1.5 (x32 Version: 1.5 - 1CheckOutCart.com)Realtek High Definition Audio Driver (x32 Version: 6.0.1.7106 - Realtek Semiconductor Corp.)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) HiddenRoboForm 7-9-2-5 (All Users) (x32 Version: 7-9-2-5 - Siber Systems)Rockstar Power Suite (HKCU Version: 2.0.0.29 - Rockstar Power Suite)ScummVM 1.5.0 (x32 Version: - The ScummVM Team)SEO Link Dominator - fast Indexer and Pinger (Version: 1.0.5 - stephenhawkins)SEO Link Robot - Fast Indexer 2.0.2.0 (Version: 2.0.2.0 - http://www.seolinkrobot.com)Skype Click to Call (x32 Version: 6.9.12585 - Skype Technologies S.A.)Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)SmartFTP Client Setup Files 4.1 (x64) (remove only) (x32 Version: 4.1 - SmartSoft Ltd)Steam (x32 Version: 1.0.0.0 - Valve Corporation)SWF Components (x32 Version: 1.0.0 - Keyword Rockstar, Inc.)TweetAdder4 (x32 Version: 4.0.130521 - TweetAdder.com)Unity Web Player (HKCU Version: - Unity Technologies ApS)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)Uplay (x32 Version: 2.0 - Ubisoft)Video Components (x32 Version: 1.0.0 - Keyword Rockstar, Inc.)Viral Meme Maker version 1.0.5 (x32 Version: 1.0.5 - )Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)WebTablet IE Plugin (x32 Version: 1.1.0.4 - Wacom Technology Corp.)WebTablet Netscape Plugin (x32 Version: 1.1.0.3 - Wacom Technology Corp.)WP Auto Links (x32 Version: 1.0.0 - Reilly Labs)==================== Restore Points =========================09-02-2014 12:08:51 AA1109-02-2014 12:11:11 AA1109-02-2014 12:49:17 Installed AVG 201409-02-2014 12:49:24 Installed AVG 201410-02-2014 19:46:20 Removed AVG 201410-02-2014 19:48:44 Removed AVG 201410-02-2014 19:50:56 avast! antivirus system restore point10-02-2014 20:48:45 Removed Java 7 Update 5112-02-2014 13:20:43 Removed Vegas Pro 11.012-02-2014 13:37:03 Removed Adobe Community Help12-02-2014 13:46:22 Removed Adobe Reader XI (11.0.06).12-02-2014 13:50:08 Removed Adobe Widget Browser12-02-2014 13:51:08 Removed Adobe Story12-02-2014 13:56:53 Removed Final Effects Complete 6.0.0 64Bit12-02-2014 13:58:16 Removed Spelling Dictionaries Support For Adobe Reader 9.12-02-2014 14:00:15 Removed Vegas Pro 11.012-02-2014 14:04:36 Removed Apple Application Support12-02-2014 14:05:15 Removed Apple Mobile Device Support12-02-2014 14:05:23 Removed Apple Software Update12-02-2014 14:05:34 Removed Bonjour12-02-2014 14:06:26 Removed iTunes12-02-2014 15:12:47 Installed Microsoft Fix it 50267==================== Hosts content: ==========================2012-04-15 19:32 - 2014-02-12 19:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {0C5CB6C2-A7C8-4C43-AD05-E01609C88053} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {4611432B-BF01-4324-859B-9393CEDEE758} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exeTask: {9B7A4555-2ADC-4C1B-AAC7-B38AABE18625} - System32\Tasks\Run RoboForm TaskBar Icon => E:\Programs\Roboform\RoboTaskBarIcon.exe [2013-12-01] (Siber Systems)Task: {A74AB3BC-35D3-47A3-B333-22896AC721A8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-892377978-1441931877-1165036963-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {AC1A2C52-A321-41E8-808E-CA3BCC6069A9} - System32\Tasks\Run RoboForm Process => E:\Programs\Roboform\Identities.exe [2013-12-01] (Siber Systems)Task: {E88F3D95-9D88-4362-A46A-B16EA0FB3117} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)Task: {F6FB6E80-7085-4A4D-8EF9-98B4A17C039A} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNMLMJMHMKJNJHMPMCNOJOJMJMJCNLMNMMMKMCNNJLMLJPMCNJJJMMMGMJJMMIMHMIMIMPMOMJNJICMIMCNGMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMKMGMOMJNHICMIJKJKIIJNMJNBJCMNKKIBJKJPNKLDJDJGJBJIJMIKJBJJNKJCMJNNICMJNDJCMKJBJ"Task: {F77DFB73-8DCA-4BA0-8387-973893A2A661} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-892377978-1441931877-1165036963-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {FB352FED-08AA-41C5-8663-8CFD39DFE055} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMKMNMNMLMMMLJGMCNKJGMNJLMCNLMJMLMPMCNGMPMLMOMCNLJJJLMMMIMOMKMIMJJJJPMMJJNJICMJMCNOMPMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMMMJNHICMEKMICNJJCKJNBJCMNKKIBJKJJNKJCMJNNICMJNDJCMKJBJ"==================== Loaded Modules (whitelisted) =============2011-04-13 00:03 - 2011-04-13 00:03 - 02857808 _____ () E:\Programs\Telenor\mobilt bredband\mobilt bredband.exe2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll2013-08-17 08:38 - 2013-08-17 08:38 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll2012-02-23 06:12 - 2011-04-30 09:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2011-04-13 00:03 - 2011-04-13 00:03 - 01384448 ____R () E:\Programs\Telenor\mobilt bredband\OSCSettingsLibU_vc90.dll2011-04-13 00:03 - 2011-04-13 00:03 - 01995776 _____ () E:\Programs\Telenor\mobilt bredband\QtDeclarative4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 01116160 _____ () E:\Programs\Telenor\mobilt bredband\QtScript4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 02142720 _____ () E:\Programs\Telenor\mobilt bredband\QtCore4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00184320 _____ () E:\Programs\Telenor\mobilt bredband\QtSql4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 02530304 _____ () E:\Programs\Telenor\mobilt bredband\QtXmlPatterns4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00916480 _____ () E:\Programs\Telenor\mobilt bredband\QtNetwork4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00335360 _____ () E:\Programs\Telenor\mobilt bredband\QtXml4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 07793152 _____ () E:\Programs\Telenor\mobilt bredband\QtGui4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00860160 ____R () E:\Programs\Telenor\mobilt bredband\NDISAPI.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00063312 _____ () E:\Programs\Telenor\mobilt bredband\LicenseRegistration.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00416768 ____R () E:\Programs\Telenor\mobilt bredband\sqldrivers\qsqlite4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00027648 _____ () E:\Programs\Telenor\mobilt bredband\imageformats\qico4.dll2011-04-13 00:03 - 2011-04-13 00:03 - 00121344 _____ () E:\Programs\Telenor\mobilt bredband\imageformats\qjpeg4.dll2014-02-06 21:18 - 2014-02-06 21:18 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8==================== Safe Mode (whitelisted) ===================HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"==================== Disabled items from MSCONFIG ================================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (02/12/2014 09:12:14 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (02/12/2014 09:12:14 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (02/12/2014 09:12:14 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (02/12/2014 09:12:14 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.Please use sxstrace.exe for detailed diagnosis.Error: (02/12/2014 09:12:09 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (02/12/2014 09:11:29 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error: (02/12/2014 07:02:40 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/12/2014 05:30:36 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/12/2014 04:14:06 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (02/12/2014 03:04:58 PM) (Source: Microsoft-Windows-RestartManager) (User: Runestasjon-PC)Description: Application or service 'Apple Mobile Device' could not be restarted.System errors:=============Error: (02/12/2014 08:14:12 PM) (Source: DCOM) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}Error: (02/12/2014 07:04:44 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%1069Error: (02/12/2014 07:04:44 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:%%1330To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (02/12/2014 07:01:49 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (02/12/2014 07:01:34 PM) (Source: Application Popup) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (02/12/2014 07:00:49 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (02/12/2014 05:32:55 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%1069Error: (02/12/2014 05:32:55 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:%%1330To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (02/12/2014 05:31:50 PM) (Source: Service Control Manager) (User: )Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).Error: (02/12/2014 04:16:25 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%1069Microsoft Office Sessions:=========================CodeIntegrity Errors:=================================== Date: 2014-02-12 19:01:34.217 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-12 19:01:34.170 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info ===========================Percentage of memory in use: 14%Total physical RAM: 16360.88 MBAvailable physical RAM: 14035.27 MBTotal Pagefile: 32719.94 MBAvailable Pagefile: 30325.46 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB==================== Drives ================================Drive c: () (Fixed) (Total:111.79 GB) (Free:36.07 GB) NTFSDrive e: (New Volume) (Fixed) (Total:931.39 GB) (Free:618.45 GB) NTFSDrive g: (mobilt bredbånd) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFSDrive i: (Transcend) (Fixed) (Total:931.28 GB) (Free:579.69 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 713ADFE5)Partition 1: (Not Active) - (Size=993 KB) - (Type=42)Partition 2: (Active) - (Size=125 MB) - (Type=42)Partition 3: (Not Active) - (Size=931 GB) - (Type=42)========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 713ADFFD)Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)========================================================Disk: 3 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00583005)Partition 1: (Active) - (Size=932 GB) - (Type=0C)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790225 Share Posted February 12, 2014 Symptoms present: Looks like the "low disc space" pop up in the lower right corner has gone... But the bottom of the screen pop up is still visible. Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790231 Share Posted February 12, 2014 Not sure about my connection speed either. It seems to me as if it is uploading something every now and then. Small short uploads. I do not upload anything myself right now so it shouldn't be displaying any uploading. This reading is from my mobile broadband software. It is what caused me to look into this in the first place. May be another way of knowing for sure though. Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790243 Share Posted February 12, 2014 Mister C. Just thought I should mention it that I am in GMT+1 and time here now is 10:20 and I will propably be up just a couple of more hours max. If I don't see a new post today I will check back tomorrow morning.Thanks again for being the super awesome helper that you are - you guys really make a difference for those who are in the need. so, thanks again. Link to post Share on other sites More sharing options...
MrCharlie Posted February 12, 2014 ID:790280 Share Posted February 12, 2014 Looks like the "low disc space" pop up in the lower right corner has gone... But the bottom of the screen pop up is still visible. What is the "pop-up"????What am I looking for???MrC Link to post Share on other sites More sharing options...
FedUpL76i Posted February 12, 2014 Author ID:790304 Share Posted February 12, 2014 Hey again.The pop up is a banner ad - located in the bottom of the screen in FF which I use.It has a trust rating for the site I choose to visit. And an rotating ad. Showed an ad for gameconnect earlier.. but it changes all the time. Link to post Share on other sites More sharing options...
MrCharlie Posted February 13, 2014 ID:790373 Share Posted February 13, 2014 See if you can uninstall this from your add/remove programs:lookinglink (Version: 2014.02.03.223422 - lookinglink) Download the attached fixlist.txt to the same folder as FRST.Run FRST.exe and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply. Let me know how it is, MrC Link to post Share on other sites More sharing options...
Recommended Posts