Jump to content

Recommended Posts

Hi.

 

I think I have a rootkit of some kind.
No Tool yet to fight it.

Trouble:
- At start up system32/cmd.exe opens
- "This computer" also opens at start up
- Job list closes when I open it.
- When searcing for "virus" on Google... explorer closes.
- Many anti-virus programs have to be run in safe mode otherwise they close too.

Please help!!
I don't wanna re-install Windows.

Thank you.
BR Lasse

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Lasse (administrator) on I5 on 20-03-2014 15:30:03
Running from C:\Users\Lasse\Desktop
Windows 8.1 Pro (X64) OS Language: Danish
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5694640 2013-08-16] (VIA)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBKeyScan] - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [unlockerAssistant] - "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
HKU\S-1-5-21-2159222201-2007947042-125459430-1001\...\Run: [sUPERAntiSpyware] - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [3905920 2012-05-01] (SUPERAntiSpyware.com)
HKU\S-1-5-21-2159222201-2007947042-125459430-1001\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKU\S-1-5-21-2159222201-2007947042-125459430-1001\...\Run: [Google Update] - C:\Users\Lasse\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-20] (Google Inc.)
HKU\S-1-5-21-2159222201-2007947042-125459430-1001\...\Run: [E-MU USB Audio Control Panel] - C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe [274432 2007-11-26] (E-MU Systems)
HKU\S-1-5-21-2159222201-2007947042-125459430-1001\...\Run: [PC Suite Tray] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2159222201-2007947042-125459430-1001\...\Run: [Java] - cmd /c cd %APPDATA%\AutoIt3 & AutoIt3.exe soundmng.txt
HKU\S-1-5-21-2159222201-2007947042-125459430-1001\...\Winlogon: [shell] explorer.exe /select,explorer.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaffa.dk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC3E14B9A0DC7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da-DK
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPFC8CC4E7-894B-4D24-AF73-4A59A672D9BC&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Handler: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} -  No File
Handler-x32: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Program Files (x86)\WMHelp Software\XmlPad\WmhASPP.dll (WMHelp Software)
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 193.162.153.164 194.239.134.83
Tcpip\..\Interfaces\{F5B481E7-021D-48E9-A8CB-93319C531C45}: [NameServer]208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\atqzmld1.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lasse\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lasse\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-co-uk.xml
FF Extension: Firebug - C:\Users\Lasse\AppData\Roaming\Mozilla\Firefox\Profiles\atqzmld1.default\Extensions\firebug@software.joehewitt.com.xpi [2013-04-19]

Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\Lasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-20]
CHR Extension: (YouTube) - C:\Users\Lasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-20]
CHR Extension: (Google Search) - C:\Users\Lasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-20]
CHR Extension: (No Name) - C:\Users\Lasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\Lasse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-20]

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files (x86)\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
S2 emaudsv; C:\Windows\system32\emaudsv.exe [26624 2010-10-06] (E-MU Systems)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-06-06] (Freemake)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
S2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
S2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [254552 2012-09-14] (CyberLink)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S3 emusba10; C:\Windows\system32\DRIVERS\emusba10.sys [215000 2010-10-06] (E-MU Systems)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
R0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 RDID1027; C:\Windows\system32\Drivers\rdwm1027.sys [82304 2013-12-11] (Roland Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-11] (Microsoft Corporation)
R0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-11] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-20 15:29 - 2014-03-20 15:30 - 00013601 _____ () C:\Users\Lasse\Desktop\FRST.txt
2014-03-20 14:52 - 2014-03-20 14:52 - 02157056 _____ (Farbar) C:\Users\Lasse\Desktop\FRST64.exe
2014-03-19 22:25 - 2014-03-19 22:25 - 01950720 _____ () C:\Users\Lasse\Desktop\adwcleaner.exe
2014-03-19 13:33 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-19 13:33 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-19 13:33 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-19 13:33 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-19 13:33 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-19 13:33 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-19 13:33 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-19 13:33 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-19 13:33 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-19 13:33 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-19 13:33 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-19 13:33 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-19 13:33 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-19 13:33 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-19 13:33 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-19 13:33 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-19 13:33 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-19 13:33 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-19 13:33 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-19 13:33 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-19 13:33 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-19 13:33 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-19 13:33 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-19 13:33 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-19 13:33 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-19 13:33 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-19 13:33 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-19 13:33 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-19 13:33 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-19 13:33 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-19 13:33 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-19 13:33 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-19 13:33 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-19 13:33 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-19 13:33 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-19 13:33 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-19 13:33 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-18 15:45 - 2014-03-18 15:45 - 00001133 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 15:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-18 15:42 - 2014-03-18 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lasse\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-16 20:01 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-16 20:01 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-16 20:01 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-16 20:01 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-16 20:01 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-16 20:01 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-16 20:01 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-16 20:01 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-16 20:01 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-16 20:01 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-16 20:01 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-16 20:01 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-16 20:01 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-16 20:01 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-16 20:01 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-16 20:01 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-16 20:01 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-16 20:01 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-16 20:01 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-16 20:01 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-16 20:01 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-16 20:01 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-16 20:00 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-16 20:00 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-16 20:00 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-16 20:00 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-16 20:00 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-16 20:00 - 2014-01-29 10:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-16 20:00 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-16 20:00 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-16 20:00 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-16 20:00 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-16 20:00 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-16 20:00 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-16 20:00 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-16 20:00 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-16 20:00 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-16 20:00 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-16 20:00 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-16 20:00 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-16 20:00 - 2014-01-27 19:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-16 20:00 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-16 20:00 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-16 20:00 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-16 20:00 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-16 20:00 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-16 20:00 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-16 20:00 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-16 20:00 - 2014-01-27 12:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-16 20:00 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-16 20:00 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-16 20:00 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-16 20:00 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-16 20:00 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-16 20:00 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-16 19:56 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-16 19:56 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-16 19:56 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-15 22:29 - 2014-03-18 15:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-15 22:22 - 2014-03-15 22:22 - 00000000 ____D () C:\_OTL
2014-03-14 20:06 - 2014-03-14 20:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-13 20:28 - 2014-03-13 20:28 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Malwarebytes
2014-03-13 20:28 - 2014-03-13 20:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 19:50 - 2014-03-13 20:22 - 00000000 _____ () C:\Recovery.txt
2014-03-12 21:42 - 2014-03-20 15:30 - 00000000 ____D () C:\FRST
2014-03-11 18:27 - 2014-03-19 13:27 - 00006564 _____ () C:\WINDOWS\PFRO.log
2014-03-11 18:25 - 2014-03-19 22:27 - 00000000 ____D () C:\AdwCleaner
2014-03-11 18:14 - 2014-03-11 18:15 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-11 18:14 - 2014-03-11 18:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-11 17:59 - 2014-03-16 21:02 - 00003573 _____ () C:\WINDOWS\setupact.log
2014-03-11 17:59 - 2014-03-11 17:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-07 13:47 - 2014-03-07 13:47 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-03 22:43 - 2014-03-03 22:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-02 14:01 - 2014-03-02 14:01 - 00000000 ____D () C:\Program Files (x86)\SoThink Logo Maker
2014-02-27 12:27 - 2014-02-27 12:27 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-27 12:27 - 2014-02-27 12:27 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-22 23:01 - 2014-03-16 20:26 - 00000000 ____D () C:\Program Files\DivX
2014-02-22 23:01 - 2014-03-16 19:23 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\DivX
2014-02-22 22:57 - 2014-03-16 20:27 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-02-22 22:55 - 2014-03-16 20:27 - 00000000 ____D () C:\ProgramData\DivX
2014-02-22 22:55 - 2014-03-16 19:23 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\AutoIt3
2014-02-22 22:55 - 2014-02-22 22:55 - 42012493 _____ () C:\Users\Lasse\AppData\Roaming\launcher.exe
2014-02-21 22:08 - 2014-02-21 22:33 - 00009434 _____ () C:\Users\Lasse\Desktop\indre lys.odt

==================== One Month Modified Files and Folders =======

2014-03-20 15:30 - 2014-03-20 15:29 - 00013601 _____ () C:\Users\Lasse\Desktop\FRST.txt
2014-03-20 15:30 - 2014-03-12 21:42 - 00000000 ____D () C:\FRST
2014-03-20 15:14 - 2013-12-11 18:39 - 02039956 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-20 15:14 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-20 15:14 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-20 15:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-20 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-20 14:59 - 2013-12-11 18:58 - 00000000 ___RD () C:\Users\Lasse\SkyDrive
2014-03-20 14:59 - 2012-11-19 19:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2159222201-2007947042-125459430-1001
2014-03-20 14:57 - 2012-11-19 22:12 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 14:55 - 2013-12-11 18:36 - 01398662 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-20 14:55 - 2013-09-30 04:56 - 00464630 _____ () C:\WINDOWS\system32\perfh006.dat
2014-03-20 14:55 - 2013-09-30 04:56 - 00079890 _____ () C:\WINDOWS\system32\perfc006.dat
2014-03-20 14:54 - 2014-02-04 14:17 - 00001834 _____ () C:\Users\Lasse\Desktop\Inst. mails.txt
2014-03-20 14:52 - 2014-03-20 14:52 - 02157056 _____ (Farbar) C:\Users\Lasse\Desktop\FRST64.exe
2014-03-20 14:51 - 2012-11-24 12:16 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\uTorrent
2014-03-20 14:51 - 2012-11-20 14:10 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2159222201-2007947042-125459430-1001UA.job
2014-03-20 14:47 - 2013-04-28 20:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-20 14:26 - 2013-04-17 11:15 - 00000000 ____D () C:\Users\Lasse\AppData\Local\Paint.NET
2014-03-20 14:17 - 2013-12-11 19:09 - 00003900 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D17CE9BD-4A98-475F-BE0F-4196983EADC5}
2014-03-20 14:14 - 2012-11-19 22:12 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 22:30 - 2012-11-19 18:21 - 00000000 ___RD () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-19 22:30 - 2012-11-19 18:21 - 00000000 ___RD () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-19 22:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-19 22:27 - 2014-03-11 18:25 - 00000000 ____D () C:\AdwCleaner
2014-03-19 22:25 - 2014-03-19 22:25 - 01950720 _____ () C:\Users\Lasse\Desktop\adwcleaner.exe
2014-03-19 13:27 - 2014-03-11 18:27 - 00006564 _____ () C:\WINDOWS\PFRO.log
2014-03-18 15:45 - 2014-03-18 15:45 - 00001133 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-18 15:45 - 2014-03-15 22:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-18 15:42 - 2014-03-18 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lasse\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-17 13:42 - 2012-11-22 10:47 - 00614294 _____ () C:\Users\Lasse\danid.log
2014-03-17 13:21 - 2013-08-22 15:44 - 00375032 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-17 13:20 - 2012-12-13 22:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 13:20 - 2012-12-13 22:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 22:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 22:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 22:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-16 22:26 - 2012-11-20 14:03 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\vlc
2014-03-16 21:02 - 2014-03-11 17:59 - 00003573 _____ () C:\WINDOWS\setupact.log
2014-03-16 20:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-16 20:27 - 2014-02-22 22:57 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-03-16 20:27 - 2014-02-22 22:55 - 00000000 ____D () C:\ProgramData\DivX
2014-03-16 20:26 - 2014-02-22 23:01 - 00000000 ____D () C:\Program Files\DivX
2014-03-16 20:12 - 2013-12-11 18:21 - 00000000 ____D () C:\Users\Lasse
2014-03-16 19:47 - 2013-04-28 20:31 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-16 19:35 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-03-16 19:35 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-03-16 19:31 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-03-16 19:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\icsxml
2014-03-16 19:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2014-03-16 19:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-03-16 19:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-03-16 19:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-03-16 19:31 - 2013-05-16 16:42 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\GHISLER
2014-03-16 19:31 - 2012-12-04 20:14 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\MediaMonkey
2014-03-16 19:31 - 2012-11-27 19:59 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Winamp
2014-03-16 19:31 - 2012-11-24 16:49 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-03-16 19:31 - 2012-11-20 14:10 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-03-16 19:31 - 2012-11-19 22:10 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\IrfanView
2014-03-16 19:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration
2014-03-16 19:24 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-03-16 19:23 - 2014-02-22 23:01 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\DivX
2014-03-16 19:23 - 2014-02-22 22:55 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\AutoIt3
2014-03-16 19:23 - 2012-11-19 21:39 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Macromedia
2014-03-16 19:21 - 2013-12-11 18:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-03-16 19:21 - 2013-12-11 18:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-03-16 19:21 - 2012-11-22 10:20 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-16 19:20 - 2012-11-20 14:30 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-15 22:22 - 2014-03-15 22:22 - 00000000 ____D () C:\_OTL
2014-03-14 20:06 - 2014-03-14 20:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-14 19:12 - 2013-12-11 19:08 - 00161792 ___SH () C:\Users\Lasse\Desktop\Thumbs.db
2014-03-13 20:28 - 2014-03-13 20:28 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\Malwarebytes
2014-03-13 20:28 - 2014-03-13 20:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 20:22 - 2014-03-13 19:50 - 00000000 _____ () C:\Recovery.txt
2014-03-13 20:15 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-12 08:26 - 2013-04-08 13:57 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\FileZilla
2014-03-11 18:15 - 2014-03-11 18:14 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-11 18:14 - 2014-03-11 18:14 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-11 17:59 - 2014-03-11 17:59 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-08 20:13 - 2014-01-28 23:00 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-07 13:47 - 2014-03-07 13:47 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-03-04 23:53 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 23:53 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 23:26 - 2012-11-20 10:15 - 00000000 ____D () C:\Users\Lasse\AppData\Roaming\TeamViewer
2014-03-03 22:43 - 2014-03-03 22:43 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-02 19:40 - 2012-11-24 16:53 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-03-02 14:01 - 2014-03-02 14:01 - 00000000 ____D () C:\Program Files (x86)\SoThink Logo Maker
2014-03-01 07:05 - 2014-03-16 20:01 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-01 05:58 - 2014-03-16 20:01 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-01 05:30 - 2014-03-16 20:01 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-01 05:17 - 2014-03-16 20:01 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-01 04:54 - 2014-03-16 20:01 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-01 04:47 - 2014-03-16 20:01 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-01 04:42 - 2014-03-16 20:01 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-01 04:18 - 2014-03-16 20:01 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-01 04:14 - 2014-03-16 20:01 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-16 20:01 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-01 04:03 - 2014-03-16 20:01 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-01 03:57 - 2014-03-16 20:01 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-16 20:01 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-16 20:01 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-16 20:01 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-16 20:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-16 20:01 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-27 12:27 - 2014-02-27 12:27 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-27 12:27 - 2014-02-27 12:27 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 16:51 - 2012-11-20 14:10 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2159222201-2007947042-125459430-1001Core.job
2014-02-22 22:55 - 2014-02-22 22:55 - 42012493 _____ () C:\Users\Lasse\AppData\Roaming\launcher.exe
2014-02-21 22:33 - 2014-02-21 22:08 - 00009434 _____ () C:\Users\Lasse\Desktop\indre lys.odt
2014-02-21 16:16 - 2012-11-20 14:30 - 00000000 ____D () C:\Users\Lasse\AppData\Local\Windows Live
2014-02-20 22:52 - 2012-11-19 22:12 - 00003908 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-20 22:52 - 2012-11-19 22:12 - 00003672 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-19 16:51 - 2013-07-19 13:46 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-19 16:50 - 2012-12-12 19:17 - 88567024 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-18 16:46 - 2012-11-20 14:10 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2159222201-2007947042-125459430-1001UA
2014-02-18 16:46 - 2012-11-20 14:10 - 00003514 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2159222201-2007947042-125459430-1001Core

Some content of TEMP:
====================
C:\Users\Lasse\AppData\Local\Temp\034DC349.dll
C:\Users\Lasse\AppData\Local\Temp\0C91DF10.dll
C:\Users\Lasse\AppData\Local\Temp\0C9E5CBD.dll
C:\Users\Lasse\AppData\Local\Temp\10AD37D4.dll
C:\Users\Lasse\AppData\Local\Temp\24F1C8FD.dll
C:\Users\Lasse\AppData\Local\Temp\302CF9B6.dll
C:\Users\Lasse\AppData\Local\Temp\5B9B8326.dll
C:\Users\Lasse\AppData\Local\Temp\6447CC8D.dll
C:\Users\Lasse\AppData\Local\Temp\645BA074.dll
C:\Users\Lasse\AppData\Local\Temp\692DDBDE.dll
C:\Users\Lasse\AppData\Local\Temp\6934C3DA.dll
C:\Users\Lasse\AppData\Local\Temp\6AAB3AED.dll
C:\Users\Lasse\AppData\Local\Temp\7970A28E.dll
C:\Users\Lasse\AppData\Local\Temp\D00EF9FA.dll
C:\Users\Lasse\AppData\Local\Temp\D010B872.dll
C:\Users\Lasse\AppData\Local\Temp\DivXSetup.exe
C:\Users\Lasse\AppData\Local\Temp\E895860F.dll
C:\Users\Lasse\AppData\Local\Temp\F44F30AF.dll
C:\Users\Lasse\AppData\Local\Temp\FF07E6D7.dll
C:\Users\Lasse\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-16 20:00] - [2014-01-31 17:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02

 

LastRegBack: 2014-03-20 14:59

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Lasse at 2014-03-20 15:30:18
Running from C:\Users\Lasse\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Ableton Live 8 (HKLM-x32\...\{4941E15C-3C68-4FB7-B5A4-5061B92E9166}) (Version: 8.0.0.0 - Ableton)
Ableton Live 8 (HKLM-x32\...\{9CE59D07-D8A0-4FF7-938D-EA98F51B8B55}) (Version: 8.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM-x32\...\{5CB870DE-94A1-4A37-AAE2-08E4D2AA658A}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Reader X (10.1.9) - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
AmpliTube 3 version 3.9.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.9.0 - IK Multimedia)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programunderstøttelse (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Bullzip PDF Printer 10.2.0.2141 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.2.0.2141 - Bullzip)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP550 series Brugerregistrering (HKLM-x32\...\Canon MP550 series Brugerregistrering) (Version:  - )
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
ColorDirector (x32 Version: 1.0 - CyberLink Corp.) Hidden
csp (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
CyberLink ColorDirector (HKLM-x32\...\{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 1.0.2114 - CyberLink Corp.)
CyberLink ColorDirector (HKLM-x32\...\InstallShield_{75EBDE4A-BD6A-453e-8F91-462A38FFA595}) (Version: 1.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2230.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2230.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 Content Pack Premium (HKLM-x32\...\InstallShield_{0219CB86-A833-4581-8FF1-78F303F93AC3}) (Version: 12 - CyberLink Corp.)
CyberLink PowerDirector 12 Content Pack Premium (x32 Version: 12 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
CyberLink WaveEditor 2 (x32 Version: 2.0.4203 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.11 - Piriform)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
East West EWQLSO Gold Edition (HKLM-x32\...\East West EWQLSO Gold Edition) (Version:  - )
East West Symphonic Choirs (HKLM-x32\...\East West Symphonic Choirs) (Version:  - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
E-MU USB Audio (HKLM-x32\...\{1C99893D-BC98-4456-AA3E-B67AB42301A6}) (Version: 1.0 - )
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Flash Video Capture 4.10.5 build 6380 (HKLM-x32\...\Flash Video Capture_is1) (Version:  - FlashVideoCapture.com)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
iZotope Ozone 4 (HKLM-x32\...\iZotope Ozone 4_is1) (Version: 4.00 - iZotope, Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 da) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 da)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Absynth 5 (Version: 5.0.0.829 - Native Instruments) Hidden
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Battery 3 (Version: 3.0.5.23 - Native Instruments) Hidden
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments FM8 (Version: 1.0.4.879 - Native Instruments) Hidden
Native Instruments Komplete 6 (HKLM-x32\...\Native Instruments Komplete 6) (Version:  - Native Instruments)
Native Instruments Komplete 6 (Version: 6.0.0.001 - Native Instruments) Hidden
Native Instruments Kontakt 4 (HKLM-x32\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
Native Instruments Kontakt 4 (Version: 4.0.0.2475 - Native Instruments) Hidden
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (Version: 5.1.0.6066 - Native Instruments) Hidden
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Massive (Version: 1.1.4.1901 - Native Instruments) Hidden
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor 5 (Version: 5.1.5.2 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Service Center (Version: 2.2.0.367 - Native Instruments) Hidden
NemID CSP (HKLM-x32\...\NemID CSP) (Version: 7.2.0 - Nets DanID)
NemID CSP (Version: 7.2.0 - Nets DanID) Hidden
NemID CSP (x32 Version: 7.2.0 - Nets DanID) Hidden
Nero 8 (HKLM-x32\...\{D6D5CB84-0E6E-4E69-B300-C690B6911030}) (Version: 8.3.23 - Nero AG)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{D90BC3B4-7EEE-41E3-B20C-0F8F9BAF4EA3}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PCR Driver (HKLM\...\RolandRDID0027) (Version:  - Roland Corporation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PowerDirector (Version: 12.0 - Dit firmanavn) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.20 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SUPERAntiSpyware (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1148 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Commander (Remove or Repair) (HKLM-x32\...\Wincmd) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-driverpakke - Nokia Modem  (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-driverpakke - Nokia Modem  (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-driverpakke - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WMHelp XmlPad (HKLM-x32\...\{718CCDCB-A709-4781-8D64-27ADFB25827A}) (Version: 3.02.1001 - WMHelp Software)
Youtube Downloader HD v. 2.9.6 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Restore Points  =========================

28-02-2014 19:39:19 Planlagt kontrolpunkt
08-03-2014 19:43:21 Windows Live Essentials
13-03-2014 19:14:17 Windows Update
16-03-2014 19:37:19 Windows Update

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2BA14E02-2148-4941-98D4-6D22155955E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-19] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5E4D10A1-65ED-44CF-88CC-5977D22F9C64} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2159222201-2007947042-125459430-1001UA => C:\Users\Lasse\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {82F4D724-C85E-4EED-AAD1-12D23ACDC7A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8EAB1F64-75DD-431F-9FE7-393D9E534ECA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-19] (Microsoft Corporation)
Task: {9DB52FFD-18A2-4953-898E-8CE37D964416} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C4D3D4AC-26D4-425A-AEBA-59D9220C4299} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2159222201-2007947042-125459430-1001Core => C:\Users\Lasse\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-20] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E85F60FC-19A6-43F9-BF2E-F9C9500CAB4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-19] (Google Inc.)
Task: {FA713B0B-8D6C-476E-A494-563F4C5CE646} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2159222201-2007947042-125459430-1001Core.job => C:\Users\Lasse\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2159222201-2007947042-125459430-1001UA.job => C:\Users\Lasse\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Lasse\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2014 03:16:59 PM) (Source: SideBySide) (User: )
Description: Det lykkedes ikke at oprette aktiveringskontekst for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1". Der opstod fejl i manifest- eller politikfilen "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" på linje C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
En komponentversion, der er påkrævet af programmet, er i konflikt med en anden komponentversion, der allerede er aktiv.
Komponenter i konflikt er:
Komponent 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

Error: (03/20/2014 03:16:57 PM) (Source: SideBySide) (User: )
Description: Det lykkedes ikke at oprette aktiveringskontekst for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1". Der opstod fejl i manifest- eller politikfilen "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" på linje C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
En komponentversion, der er påkrævet af programmet, er i konflikt med en anden komponentversion, der allerede er aktiv.
Komponenter i konflikt er:
Komponent 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

Error: (03/20/2014 03:01:37 PM) (Source: SideBySide) (User: )
Description: Det lykkedes ikke at oprette aktiveringskontekst for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Der opstod fejl i manifest- eller politikfilen "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" på linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
En komponentversion, der er påkrævet af programmet, er i konflikt med en anden komponentversion, der allerede er aktiv.
Komponenter i konflikt er:
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (03/20/2014 03:01:35 PM) (Source: SideBySide) (User: )
Description: Det lykkedes ikke at oprette aktiveringskontekst for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1". Der opstod fejl i manifest- eller politikfilen "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" på linje C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
En komponentversion, der er påkrævet af programmet, er i konflikt med en anden komponentversion, der allerede er aktiv.
Komponenter i konflikt er:
Komponent 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

Error: (03/20/2014 03:01:34 PM) (Source: SideBySide) (User: )
Description: Det lykkedes ikke at oprette aktiveringskontekst for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest1". Der opstod fejl i manifest- eller politikfilen "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest2" på linje C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest3.
En komponentversion, der er påkrævet af programmet, er i konflikt med en anden komponentversion, der allerede er aktiv.
Komponenter i konflikt er:
Komponent 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.

Error: (03/20/2014 02:15:25 PM) (Source: Application Error) (User: )
Description: Navn på program med fejl: glcnd.exe, version: 6.3.9600.17044, tidsstempel: 0x531f2957
Navn på modul med fejl: glcnd.exe, version: 6.3.9600.17044, tidsstempel: 0x531f2957
Undtagelseskode: 0xc0000602
Forskydning med fejl 0x0000000000314c2d
Proces-id 0x398
Programmets starttidspunkt 0xglcnd.exe0
Programsti: glcnd.exe1
Modulsti: glcnd.exe2
Rapport-id: glcnd.exe3
Fuldt navn på program med fejl: glcnd.exe4
Relativt program-id for program med fejl: glcnd.exe5

Error: (03/19/2014 10:32:50 PM) (Source: Application Error) (User: )
Description: Navn på program med fejl: IAStorDataMgrSvc.exe, version: 11.5.0.1207, tidsstempel: 0x4ffb4350
Navn på modul med fejl: IAStorUtil.ni.dll, version: 11.5.0.1207, tidsstempel: 0x4ffb434b
Undtagelseskode: 0xc0000005
Forskydning med fejl 0x0002f3fd
Proces-id 0x8d4
Programmets starttidspunkt 0xIAStorDataMgrSvc.exe0
Programsti: IAStorDataMgrSvc.exe1
Modulsti: IAStorDataMgrSvc.exe2
Rapport-id: IAStorDataMgrSvc.exe3
Fuldt navn på program med fejl: IAStorDataMgrSvc.exe4
Relativt program-id for program med fejl: IAStorDataMgrSvc.exe5

Error: (03/19/2014 10:32:47 PM) (Source: .NET Runtime) (User: )
Description: Program: IAStorDataMgrSvc.exe
Framework-version: v4.0.30319
Beskrivelse: Denne proces blev afsluttet pga. en ubehandlet undtagelse.
Undtagelsesoplysninger: System.NullReferenceException
Stak:
   ved IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   ved IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   ved IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   ved System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   ved System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   ved System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   ved System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   ved System.Threading.ThreadPoolWorkQueue.Dispatch()
   ved System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/19/2014 02:05:11 PM) (Source: SideBySide) (User: )
Description: Aktiveringskontekstgenereringen mislykkedes for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Afhængig samling Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" blev ikke fundet.
Anvend sxstrace.exe til detaljeret diagnose.

Error: (03/19/2014 01:58:25 PM) (Source: SideBySide) (User: )
Description: Det lykkedes ikke at oprette aktiveringskontekst for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Der opstod fejl i manifest- eller politikfilen "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" på linje C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
En komponentversion, der er påkrævet af programmet, er i konflikt med en anden komponentversion, der allerede er aktiv.
Komponenter i konflikt er:
Komponent 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponent 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

System errors:
=============
Error: (03/20/2014 03:30:21 PM) (Source: DCOM) (User: I5)
Description: 1084WSearchIkke tilgængelig{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/20/2014 03:30:21 PM) (Source: DCOM) (User: I5)
Description: 1084WSearchIkke tilgængelig{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/20/2014 03:30:19 PM) (Source: DCOM) (User: I5)
Description: 1084WSearchIkke tilgængelig{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/20/2014 03:30:19 PM) (Source: DCOM) (User: I5)
Description: 1084WSearchIkke tilgængelig{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/20/2014 03:30:17 PM) (Source: DCOM) (User: I5)
Description: 1084WSearchIkke tilgængelig{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/20/2014 03:30:17 PM) (Source: DCOM) (User: I5)
Description: 1084WSearchIkke tilgængelig{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/20/2014 03:30:03 PM) (Source: DCOM) (User: I5)
Description: 1084WSearchIkke tilgængelig{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/20/2014 03:30:03 PM) (Source: DCOM) (User: I5)
Description: 1084WSearchIkke tilgængelig{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (03/20/2014 03:29:49 PM) (Source: Service Control Manager) (User: )
Description: Tjenesten Computerbrowser afhænger af tjenesten Server, der ikke kunne starte pga. følgende fejl:
%%1068

Error: (03/20/2014 03:29:49 PM) (Source: Service Control Manager) (User: )
Description: Tjenesten Computerbrowser afhænger af tjenesten Server, der ikke kunne starte pga. følgende fejl:
%%1068

Microsoft Office Sessions:
=========================
Error: (03/20/2014 03:16:59 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe

Error: (03/20/2014 03:16:57 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe

Error: (03/20/2014 03:01:37 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

Error: (03/20/2014 03:01:35 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe

Error: (03/20/2014 03:01:34 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe

Error: (03/20/2014 02:15:25 PM) (Source: Application Error)(User: )
Description: glcnd.exe6.3.9600.17044531f2957glcnd.exe6.3.9600.17044531f2957c00006020000000000314c2d39801cf443e6006743aC:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exeC:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exeb2a263e3-b031-11e3-beeb-50465d053fb1Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbweMicrosoft.Reader

Error: (03/19/2014 10:32:50 PM) (Source: Application Error)(User: )
Description: IAStorDataMgrSvc.exe11.5.0.12074ffb4350IAStorUtil.ni.dll11.5.0.12074ffb434bc00000050002f3fd8d401cf43bac1bccba9C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\ce052cddc7abb8092b8a95df8b57c562\IAStorUtil.ni.dll053d4dc5-afae-11e3-beeb-50465d053fb1

Error: (03/19/2014 10:32:47 PM) (Source: .NET Runtime)(User: )
Description: Program: IAStorDataMgrSvc.exe
Framework-version: v4.0.30319
Beskrivelse: Denne proces blev afsluttet pga. en ubehandlet undtagelse.
Undtagelsesoplysninger: System.NullReferenceException
Stak:
   ved IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   ved IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   ved IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   ved System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   ved System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   ved System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   ved System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   ved System.Threading.ThreadPoolWorkQueue.Dispatch()
   ved System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/19/2014 02:05:11 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll

Error: (03/19/2014 01:58:25 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe

CodeIntegrity Errors:
===================================
  Date: 2014-03-18 14:03:58.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-18 14:03:58.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-18 14:03:22.375
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-18 14:03:22.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-18 14:03:22.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-18 14:03:22.313
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-18 14:03:22.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-18 14:03:22.157
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-17 21:05:44.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-17 21:05:14.064
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16075.05 MB
Available physical RAM: 14833 MB
Total Pagefile: 18507.05 MB
Available Pagefile: 17325.05 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (Win8_11.2012) (Fixed) (Total:232.54 GB) (Free:67.15 GB) NTFS
Drive d: (Data) (Fixed) (Total:488.28 GB) (Free:315.56 GB) NTFS
Drive e: (Diverse) (Fixed) (Total:1374.73 GB) (Free:343.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D92DA278)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

See if you can boot to Normal mode, then continue:

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

copy and paste the report in next reply

 

Let me see those logs in next reply, also give an update on any remaining issues or concerns..

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Lasse at 2014-03-21 17:15:04 Run:2
Running from C:\Users\Lasse\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-2159222201-2007947042-125459430-1001\...\Winlogon: [shell] explorer.exe /select,explorer.exe <==== ATTENTION
C:\Users\Lasse\AppData\Local\Temp\034DC349.dll
C:\Users\Lasse\AppData\Local\Temp\0C91DF10.dll
C:\Users\Lasse\AppData\Local\Temp\0C9E5CBD.dll
C:\Users\Lasse\AppData\Local\Temp\10AD37D4.dll
C:\Users\Lasse\AppData\Local\Temp\24F1C8FD.dll
C:\Users\Lasse\AppData\Local\Temp\302CF9B6.dll
C:\Users\Lasse\AppData\Local\Temp\5B9B8326.dll
C:\Users\Lasse\AppData\Local\Temp\6447CC8D.dll
C:\Users\Lasse\AppData\Local\Temp\645BA074.dll
C:\Users\Lasse\AppData\Local\Temp\692DDBDE.dll
C:\Users\Lasse\AppData\Local\Temp\6934C3DA.dll
C:\Users\Lasse\AppData\Local\Temp\6AAB3AED.dll
C:\Users\Lasse\AppData\Local\Temp\7970A28E.dll
C:\Users\Lasse\AppData\Local\Temp\D00EF9FA.dll
C:\Users\Lasse\AppData\Local\Temp\D010B872.dll
C:\Users\Lasse\AppData\Local\Temp\DivXSetup.exe
C:\Users\Lasse\AppData\Local\Temp\E895860F.dll
C:\Users\Lasse\AppData\Local\Temp\F44F30AF.dll
C:\Users\Lasse\AppData\Local\Temp\FF07E6D7.dll
C:\Users\Lasse\AppData\Local\Temp\Quarantine.exe
End
*****************

HKU\S-1-5-21-2159222201-2007947042-125459430-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Lasse\AppData\Local\Temp\034DC349.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\0C91DF10.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\0C9E5CBD.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\10AD37D4.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\24F1C8FD.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\302CF9B6.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\5B9B8326.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\6447CC8D.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\645BA074.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\692DDBDE.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\6934C3DA.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\6AAB3AED.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\7970A28E.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\D00EF9FA.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\D010B872.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\DivXSetup.exe => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\E895860F.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\F44F30AF.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\FF07E6D7.dll => Moved successfully.
C:\Users\Lasse\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

ESET LOG:
E:\Nyt\CyberLink.PowerDirector.Ultimate.v12.0.2230.0.Multilingual.Incl.Keymaker-CORE\keygen.exe a variant of Win32/Keygen.AU potentially unsafe application deleted - quarantined


Still no change...Trouble:
- At start up system32/cmd.exe opens
- "This computer" also opens at start up
- Job list closes when I open it.
- When searcing for "virus" on Google... explorer closes.
- Many anti-virus programs have to be run in safe mode otherwise they close too.

ACTUALLY... I saw once a strange russian program open at start up... called MOZILLA. All in russian, like a little amateur program with options.
Maybe it could be one of the problems that was revealed shortly?

 

I really hope you have a Next step.

 

BR LSJ

 

Link to post
Share on other sites

See if you can run the following in Normal mode, if not run in Safemode with NW..

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Kevin...
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.