Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple .exe *32 processes [Closed]

Started by atsjo , Oct 05 2014 03:22 PM
windows 7*32 adware malware

  • This topic is locked This topic is locked

#1
atsjo
Posted 05 October 2014 - 03:22 PM

atsjo

    Member

  • Member
  • PipPip
  • 11 posts

Hey!

 

I seem to have somewhat of the same problem as in these topics:

http://www.geekstogo...2-draining-cpu/

http://www.geekstogo...e-chromeexe-32/

 

It seems that I have gotten something unwanted installed 3 days ago. I remebered I installed adobe the same day, not sure if there's any relation though. What has happened is that my computer has slowed down immensely, and by looking at task manager I can see that there are atleast 9 chrome.exe *32 processes running and other .exe *32 processes.

 

EDIT: I should also note that I uninstalled a program that had been installed on my computer unwantingly that same day, before I realised that there was this big problem. When uninstalled it, something happened and it seemed like it installed a device driver or something and since my volum on my computer has been quite a rebel and sometimes lived its own life. The program was called "conexant".

 

I've ran OTL which gave me this (some text is written in norwegian, I can translate it to english if you want me to):

1. OTL.Txt
 

OTL logfile created on: 05.10.2014 21:56:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fredrik\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 39,96% Memory free
7,78 Gb Paging File | 5,03 Gb Available in Paging File | 64,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178,85 Gb Total Space | 134,22 Gb Free Space | 75,05% Space Free | Partition Type: NTFS
Drive D: | 119,24 Gb Total Space | 118,98 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
 
Computer Name: FREDRIK-PC | User Name: Fredrik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.10.05 21:51:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fredrik\Downloads\OTL.exe
PRC - [2014.09.23 06:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014.09.12 11:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.07.14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014.07.14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014.07.10 15:33:16 | 005,187,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014.07.10 15:23:36 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014.06.16 13:31:16 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programfiler\Lenovo\ZOOM\TpScrex.exe
PRC - [2014.06.16 13:31:16 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programfiler\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2014.06.16 13:31:15 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programfiler\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2014.06.16 13:31:14 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programfiler\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2014.06.16 13:31:14 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programfiler\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2014.06.16 13:31:12 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programfiler\Lenovo\HOTKEY\micmute.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.09.23 06:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
MOD - [2014.09.23 06:07:04 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
MOD - [2014.09.23 06:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014.09.23 06:06:58 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
MOD - [2014.09.23 06:06:56 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
MOD - [2014.09.23 06:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.08.19 00:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.02.27 02:52:12 | 000,068,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2012.10.18 22:27:10 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.09.12 11:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.08.22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programfiler\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014.08.22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014.07.14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014.07.14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014.07.10 15:34:10 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014.07.10 15:32:46 | 001,417,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2014.07.10 15:23:36 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014.06.16 13:31:15 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programfiler\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2014.06.16 13:31:14 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programfiler\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2014.06.16 13:31:12 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programfiler\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2014.06.16 13:31:06 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programfiler\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2014.04.03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.02.19 20:34:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.07.17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014.06.30 12:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014.06.17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014.06.17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014.06.17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014.06.17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014.06.17 16:06:22 | 000,242,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014.06.17 16:06:20 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014.06.17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014.06.16 13:31:15 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2014.06.16 13:18:42 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2014.06.16 13:18:40 | 000,101,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2014.06.16 13:18:39 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2014.06.16 13:18:35 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2014.06.16 13:18:26 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2014.02.27 02:52:12 | 000,057,144 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2013.10.02 04:22:44 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.09.26 10:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013.02.19 20:34:56 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F E3 A3 77 47 8A CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib\4.2_0\
CHR - Extension: No name found = C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.5_0\
CHR - Extension: No name found = C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAA5D606-A5D6-48A4-972C-B68AEED924FC}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.10.02 16:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014.10.02 16:23:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014.10.02 16:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014.10.02 16:21:54 | 000,000,000 | ---D | C] -- C:\Users\Fredrik\AppData\Local\Adobe
[2014.09.12 02:16:09 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.09.12 02:16:09 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.09.12 02:16:05 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.09.12 02:16:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.09.12 02:16:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.09.12 02:16:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.09.12 02:16:04 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.09.12 02:16:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.09.12 02:16:03 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.09.12 02:16:03 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.09.12 02:16:03 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.09.12 02:16:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.09.12 02:16:02 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.09.12 02:16:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.09.12 02:16:01 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.09.12 02:16:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.09.12 02:16:00 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.09.12 02:15:59 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.09.12 02:15:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.09.12 02:15:58 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.09.12 02:15:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.09.12 02:15:58 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.09.12 02:15:57 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.09.12 02:15:57 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.09.12 02:15:54 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.09.12 02:15:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.09.12 02:15:53 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.09.12 02:15:53 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.09.12 02:15:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.09.12 02:15:52 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.09.12 02:15:52 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.09.12 02:15:51 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.09.12 02:15:44 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.09.12 02:15:41 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.09.12 02:15:40 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.09.11 14:06:23 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014.10.05 22:00:39 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.10.05 22:00:39 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.10.05 21:58:36 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.10.05 20:31:37 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\MATLAB R2013a Startup Accelerator.job
[2014.10.05 20:31:11 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.10.05 20:30:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.10.05 20:30:43 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys
[2014.10.02 16:27:54 | 000,523,974 | ---- | M] () -- C:\Users\Fredrik\Documents\FELTKORT-Sunndalsoera2014.pdf
[2014.10.02 16:23:16 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014.09.25 08:02:15 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.09.12 02:20:56 | 000,492,744 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2014.09.12 02:20:56 | 000,094,502 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2014.09.12 02:20:55 | 001,375,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.09.12 02:20:55 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.09.12 02:20:55 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.09.12 02:14:25 | 001,335,250 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.09.11 14:08:29 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2014.10.02 16:23:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014.10.02 16:23:16 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014.10.02 16:11:51 | 000,523,974 | ---- | C] () -- C:\Users\Fredrik\Documents\FELTKORT-Sunndalsoera2014.pdf
[2014.06.17 12:33:16 | 000,000,352 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.06.16 13:29:08 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2014.06.16 13:29:08 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2014.06.16 13:29:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2014.06.16 13:18:27 | 000,057,640 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2014.01.23 10:36:55 | 001,335,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.01.23 10:35:52 | 000,000,329 | ---- | C] () -- C:\Windows\SMSCFG.INI
[2013.02.19 20:35:12 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013.02.19 20:35:00 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013.02.19 20:34:56 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:34:55 | 014,179,328 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:18:50 | 012,877,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 
2. Extras.Txt
 
OTL Extras logfile created on: 05.10.2014 21:56:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Fredrik\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 39,96% Memory free
7,78 Gb Paging File | 5,03 Gb Available in Paging File | 64,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178,85 Gb Total Space | 134,22 Gb Free Space | 75,05% Space Free | Partition Type: NTFS
Drive D: | 119,24 Gb Total Space | 118,98 Gb Free Space | 99,79% Space Free | Partition Type: NTFS
 
Computer Name: FREDRIK-PC | User Name: Fredrik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0334604B-0215-46CA-9C68-CDC649AF6ECE}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{10848C77-1290-4422-A545-01482E964BDE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E39922A-511F-4F50-B10A-6FEE08F09C7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{24822A78-AF18-4700-A3A3-2508BA927CD9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2B22289B-4D11-4976-813F-2F7A7C995054}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31CBA77F-B94E-42E5-B0C5-C8EC1693B841}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{375E15DA-253F-4828-986C-92D262062AB8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{38FBCEEC-3466-4484-9321-944EE398330F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{425409B4-1729-40FA-81DC-66D6CF86CDC5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{43B7A1A6-C518-472B-B79D-C3F636E21145}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44C32370-8FEA-4ADE-905F-FC11C0B6164E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5B7937A4-17B5-466D-ABBE-E7B2A7C4CC3B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{61B75F8E-1E37-4185-BB49-BD0D3BC3BD73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{912ADB11-8819-4A98-8D65-1E620163C831}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A53B9154-D523-424B-BACD-1D4A9A8E461C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B399777D-04DF-4EEE-9110-4301C034821F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B454AC03-F205-491D-A936-0B8019CAC1AC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B6DC5C34-D814-413F-A720-3830E1C26E21}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BBC26F1B-425E-43AB-907F-9CDF1E9DD883}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C06179C2-6067-406B-AD1D-149B6DC23F0F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D301BF59-ACB6-46DB-AE34-A6B0C5A7E57E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ED212E50-AC80-4D41-9962-7B9B69C8BE23}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038F7D7D-145F-4B73-A666-7F28E8CDC7E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{0402968F-0A8F-4432-8413-81CC3BC723FB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{05A8B5BD-2B37-4CB7-85CB-56BCD45327CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{0A147B25-309F-48B5-A30F-2DCF270242D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{165AA54C-26A1-4492-AABE-9B00CED4E758}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{20BE2D96-03B7-4891-BE81-2AAFC5CD42E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F47544B-0E57-4B93-8474-BE68C82E2467}" = protocol=58 | dir=out | [email protected],-28546 | 
"{3853822E-6E5B-4793-9FFB-22C5C813317B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3881170B-2516-472C-8BDF-38B31AB57ACF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BC7EF07-0553-4F2D-998A-B84986958E89}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{55589632-FB25-4C2F-AAB3-F4626CE6AD0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6329F77E-61F3-49DA-96D2-3C8CC414083F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{71B4DFE4-F75A-444B-983C-D42F11BC9362}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{785303BF-5E19-4F69-913B-98091C0894BA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{882308EA-532A-48D3-825D-213908148091}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{9C33F1E9-52DD-47FF-8948-2848F3012B90}" = protocol=1 | dir=out | [email protected],-28544 | 
"{A74E0719-DDE4-4C65-9722-4D965BA80E76}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{B0AE19CD-C129-422E-BD00-C0B7CEB2709D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B5AD7210-3FE2-4F38-87ED-4D4C4AD0DA67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B94EBBB4-AFE4-48CC-A3C3-6C44FED4FC02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5BF696F-E927-4E1B-8805-762E24617526}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D466F019-A9F9-4F20-BA8B-402EE378179D}" = protocol=58 | dir=in | [email protected],-28545 | 
"{DB67990A-8C5E-4545-A55E-6DCBCF4A9D1A}" = protocol=1 | dir=in | [email protected],-28543 | 
"{E4603E75-9BC0-4684-8407-3A274CD2972B}" = protocol=6 | dir=out | app=system | 
"{E84764CE-2CFF-4170-B7EB-4F682036AD7E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F23026F0-BB84-4FC4-BE73-004F179F2495}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F76C8C1A-E02C-4544-93B8-25713E818A39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD892A77-B444-4C65-A562-58930F45A404}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6532BCFB-8C63-3C63-B419-0A5FA3F1C854}" = Microsoft .NET Framework 4 Extended NOR Language Pack
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D9DCF92-F8A3-33A2-897A-9C379448E0D8}" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5BBEF15-44B1-43FA-A4B7-3AFE501B5949}" = AVG 2014
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F763D68B-B8D6-4C16-84EE-A2D990C5C639}" = AVG 2014
"AVG" = AVG 2014
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Matlab R2013a" = MATLAB R2013a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NOR Language Pack" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NOR Language Pack" = Microsoft .NET Framework 4 Extended NOR Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"OnScreenDisplay" = Visning på skjermen
"Power Management Driver" = Lenovo Power Management Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1044-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Norsk
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.13.18.02
"Google Chrome" = Google Chrome
"League of Legends 3.0.1" = League of Legends
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.09.2014 06:08:20 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.09.2014 14:38:09 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2014 02:01:27 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2014 08:17:03 | Computer Name = Fredrik-PC | Source = Application Error | ID = 1000
Description = Programnavn med feil: GoogleUpdate.exe, versjon: 1.3.21.103, tidsangivelse:
 0x4f3c6d6c  Modulnavn med feil: ntdll.dll, versjon: 6.1.7601.22436, tidsangivelse:
 0x521eaa80  Unntakskode: 0xc0000005  Feilforskyvning: 0x000223e0  Feil prosess-ID: 0x134c
Feil
 starttid for program: 0x01cfcc26b8f093aa  Feil programbane: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Feil
 modulbane: C:\Windows\SysWOW64\ntdll.dll  Rapport-ID: 346cd07f-381b-11e4-a179-f0def15db665
 
Error - 10.09.2014 02:30:18 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2014 04:45:08 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2014 07:58:39 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2014 13:07:28 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2014 15:19:34 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.09.2014 06:16:05 | Computer Name = Fredrik-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.09.2014 09:36:04 | Computer Name = Fredrik-PC | Source = Server | ID = 2505
Description = Serveren kan ikke koble seg til transport \Device\NetBT_Tcpip_{FAA5D606-A5D6-48A4-972C-B68AEED924FC},
 fordi nettverksnavnet allerede finnes. Serveren kan derfor ikke starte.
 
Error - 26.09.2014 09:36:04 | Computer Name = Fredrik-PC | Source = NetBT | ID = 4321
Description = Kan ikke registrere navnet FREDRIK-PC     :20 på grensesnittet med
 IP-adressen 78.91.17.226.  Datamaskinen med IP-adressen 129.241.18.16 tillot ikke
 at navnet ble krevd av denne  datamaskinen.
 
Error - 26.09.2014 09:36:04 | Computer Name = Fredrik-PC | Source = NetBT | ID = 4321
Description = Kan ikke registrere navnet FREDRIK-PC     :0 på grensesnittet med 
IP-adressen 78.91.17.226.  Datamaskinen med IP-adressen 129.241.56.33 tillot ikke 
at navnet ble krevd av denne  datamaskinen.
 
Error - 26.09.2014 09:36:04 | Computer Name = Fredrik-PC | Source = NetBT | ID = 4321
Description = Kan ikke registrere navnet FREDRIK-PC     :20 på grensesnittet med
 IP-adressen 78.91.17.226.  Datamaskinen med IP-adressen 129.241.56.33 tillot ikke
 at navnet ble krevd av denne  datamaskinen.
 
Error - 26.09.2014 10:10:51 | Computer Name = Fredrik-PC | Source = Service Control Manager | ID = 7024
Description = Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error - 26.09.2014 14:30:26 | Computer Name = Fredrik-PC | Source = Service Control Manager | ID = 7024
Description = Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error - 26.09.2014 14:34:26 | Computer Name = Fredrik-PC | Source = Service Control Manager | ID = 7024
Description = Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error - 26.09.2014 18:01:04 | Computer Name = Fredrik-PC | Source = EventLog | ID = 6008
Description = Forrige avslutning av systemet klokken 23:59:27 den ?26.?09.?2014 
var uventet.
 
Error - 26.09.2014 18:01:12 | Computer Name = Fredrik-PC | Source = Service Control Manager | ID = 7024
Description = Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error - 27.09.2014 09:41:24 | Computer Name = Fredrik-PC | Source = Service Control Manager | ID = 7024
Description = Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
 
< End of report >
 

Edited by atsjo, 05 October 2014 - 03:46 PM.

  • 0

Advertisements

#2
atsjo
Posted 05 October 2014 - 03:37 PM

atsjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

I have also run FRST64 now:

 

1. FRST.Txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014

Ran by Fredrik (administrator) on FREDRIK-PC on 05-10-2014 23:26:46
Running from C:\Users\Fredrik\Downloads
Loaded Profile: Fredrik (Available profiles: Fredrik)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2014-06-16] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7FE3A377478ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-17]
CHR Extension: (Google Drive) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-17]
CHR Extension: (Pop Block Pro - The Ultimate Popup Blocker) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-17]
CHR Extension: (Adblock Plus) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-17]
CHR Extension: (Google Search) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-17]
CHR Extension: (Google Wallet) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-17]
CHR Extension: (Gmail) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-07-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2014-06-16] (Lenovo Group Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 CnxtHdAudService; system32\drivers\CHDRT64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 23:26 - 2014-10-05 23:27 - 00010367 _____ () C:\Users\Fredrik\Downloads\FRST.txt
2014-10-05 23:14 - 2014-10-05 23:14 - 00001128 _____ () C:\Users\Fredrik\Desktop\FRST64.exe - Snarvei.lnk
2014-10-05 23:14 - 2014-10-05 23:14 - 00001097 _____ () C:\Users\Fredrik\Desktop\OTL.exe - Snarvei.lnk
2014-10-05 23:13 - 2014-10-05 23:26 - 00000000 ____D () C:\FRST
2014-10-05 23:12 - 2014-10-05 23:12 - 02109440 _____ (Farbar) C:\Users\Fredrik\Downloads\FRST64.exe
2014-10-05 22:13 - 2014-10-05 22:13 - 00040732 _____ () C:\Users\Fredrik\Downloads\Extras.Txt
2014-10-05 22:11 - 2014-10-05 22:11 - 00064410 _____ () C:\Users\Fredrik\Downloads\OTL.Txt
2014-10-05 21:50 - 2014-10-05 21:51 - 00602112 _____ (OldTimer Tools) C:\Users\Fredrik\Downloads\OTL.exe
2014-10-02 16:23 - 2014-10-02 16:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-02 16:23 - 2014-10-02 16:23 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-02 16:23 - 2014-10-02 16:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-02 16:22 - 2014-10-02 16:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-02 16:21 - 2014-10-02 16:26 - 00000000 ____D () C:\Users\Fredrik\AppData\Local\Adobe
2014-10-02 16:18 - 2014-10-02 16:18 - 00008333 _____ () C:\Users\Fredrik\Downloads\cpub-WINWORD-Officeapps-CmsRdsh.rdp
2014-10-02 16:18 - 2014-10-02 16:18 - 00008201 _____ () C:\Users\Fredrik\Downloads\cpub-Foxit_PhantomPDF-Officeapps-CmsRdsh.rdp
2014-10-02 16:16 - 2014-10-02 16:16 - 00008184 _____ () C:\Users\Fredrik\Downloads\cpub-AcroRd32-Officeapps-CmsRdsh.rdp
2014-09-12 02:16 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 02:16 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 02:16 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 02:16 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 02:16 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 02:16 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 02:16 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 02:16 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 02:16 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 02:16 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 02:16 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 02:16 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 02:16 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 02:16 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 02:16 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 02:16 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 02:16 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 02:16 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 02:16 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 02:16 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 02:16 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 02:16 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 02:16 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 02:16 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 02:15 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 02:15 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 02:15 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 02:15 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 02:15 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 02:15 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 02:15 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 02:15 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 02:15 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 02:15 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 02:15 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 02:15 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 02:15 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 02:15 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 02:15 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 02:15 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 02:15 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 02:15 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 02:15 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 02:15 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 02:15 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 02:15 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 02:15 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 02:15 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 02:15 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 02:15 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 02:15 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 02:15 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 02:15 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 02:15 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 02:15 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 02:15 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 14:06 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 14:06 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 14:06 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 14:06 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 14:06 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 22:58 - 2014-06-17 12:53 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 22:00 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 22:00 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 21:41 - 2009-07-14 06:51 - 00062806 _____ () C:\Windows\setupact.log
2014-10-05 20:33 - 2014-06-17 12:24 - 01732051 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 20:31 - 2014-08-26 15:17 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-10-05 20:31 - 2014-06-17 12:53 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-05 20:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 16:50 - 2014-06-30 02:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-02 16:26 - 2014-06-17 14:54 - 00000000 ____D () C:\Users\Fredrik\AppData\Roaming\Adobe
2014-10-02 14:38 - 2014-08-26 15:28 - 00000000 ____D () C:\Users\Fredrik\Documents\MATLAB
2014-09-25 08:02 - 2014-06-17 12:53 - 00002184 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 20:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-16 14:08 - 2009-07-14 07:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 21:51 - 2014-06-17 14:06 - 00000000 ____D () C:\Users\Fredrik\AppData\Roaming\Skype
2014-09-12 02:20 - 2011-04-12 14:57 - 00492744 _____ () C:\Windows\system32\perfh014.dat
2014-09-12 02:20 - 2011-04-12 14:57 - 00094502 _____ () C:\Windows\system32\perfc014.dat
2014-09-12 02:20 - 2009-07-14 07:13 - 01375856 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 02:14 - 2014-01-23 10:36 - 01335250 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 14:08 - 2014-06-16 13:58 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 14:08 - 2014-06-16 13:58 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-11 14:08 - 2014-06-16 13:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 14:08 - 2014-06-16 13:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 14:07 - 2014-01-23 12:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:02 - 2014-01-23 12:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Fredrik\AppData\Local\Temp\KUIU.EXE
C:\Users\Fredrik\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 10:25
 
==================== End Of Log ============================
 
2. Addition.Txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Fredrik at 2014-10-05 23:27:58
Running from C:\Users\Fredrik\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.09) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile NOR Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile NOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile NOR Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended NOR Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended NOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended NOR Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.30 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Visning på skjermen (HKLM\...\OnScreenDisplay) (Version: 6.42.00 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-09-2014 14:18:23 Windows Update
23-09-2014 16:58:44 Windows Update
26-09-2014 18:46:56 Windows Update
30-09-2014 18:03:54 Windows Update
04-10-2014 12:57:52 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3D1BDDE3-D9D6-4C75-90B0-6B84EC54F101} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {8A0507F4-5FC1-4922-AF27-561B1E56B031} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)
Task: {B9643ABD-8C62-40D5-81FC-4E8A48C70AAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)
Task: {F47F69FB-5CB1-4FA6-80BE-CDDD37B5C1F8} - System32\Tasks\CCMUninstall => C:\windows\ccmsetup\ccmsetup.exe [2014-06-16] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-16 13:18 - 2014-06-16 13:18 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-06-16 13:29 - 2012-01-10 13:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4067389362-361621110-1163700252-500 - Administrator - Disabled)
Fredrik (S-1-5-21-4067389362-361621110-1163700252-1001 - Administrator - Enabled) => C:\Users\Fredrik
Gjest (S-1-5-21-4067389362-361621110-1163700252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4067389362-361621110-1163700252-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2014 08:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 04:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 05:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 03:31:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 06:59:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 10:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 07:52:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 03:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 01:25:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet MATLAB.exe versjon 8.1.0.0 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter.
 
Prosess-ID: 37c
 
Starttidspunkt: 01cfdca016befc1d
 
Avslutningstidspunkt: 0
 
Programbane: C:\Program Files\MATLAB\R2013a\bin\win64\MATLAB.exe
 
Rapport-ID:
 
Error: (09/30/2014 01:11:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/05/2014 08:30:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error: (10/05/2014 04:45:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error: (10/05/2014 06:08:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (10/03/2014 05:47:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error: (10/03/2014 03:42:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.1915.0
 
Oppdateringskilde: %NT-MYNDIGHET59
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\SYSTEM
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/03/2014 03:31:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error: (10/03/2014 06:59:59 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Tjenesten AVGIDSAgent terminerte med tjenestespesifikk feil %%-536753636.
 
Error: (10/02/2014 02:26:48 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Kan ikke registrere navnet FREDRIK-PC     :0 på grensesnittet med IP-adressen 78.91.16.156.
Datamaskinen med IP-adressen 129.241.56.33 tillot ikke at navnet ble krevd av denne
datamaskinen.
 
Error: (10/02/2014 02:08:22 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Kan ikke registrere navnet FREDRIK-PC     :0 på grensesnittet med IP-adressen 78.91.16.156.
Datamaskinen med IP-adressen 129.241.56.33 tillot ikke at navnet ble krevd av denne
datamaskinen.
 
Error: (10/02/2014 02:08:22 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Kan ikke registrere navnet FREDRIK-PC     :20 på grensesnittet med IP-adressen 78.91.16.156.
Datamaskinen med IP-adressen 129.241.56.33 tillot ikke at navnet ble krevd av denne
datamaskinen.
 
 
Microsoft Office Sessions:
=========================
Error: (10/05/2014 08:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 04:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 05:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 03:31:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 06:59:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 10:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 07:52:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 03:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 01:25:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MATLAB.exe8.1.0.037c01cfdca016befc1d0C:\Program Files\MATLAB\R2013a\bin\win64\MATLAB.exe
 
Error: (09/30/2014 01:11:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-16 13:26:02.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:26:01.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:25:23.070
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:25:22.961
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:24:01.891
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:24:01.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:48.103
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:47.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:16.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:16.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 31%
Total physical RAM: 3983.23 MB
Available physical RAM: 2722.86 MB
Total Pagefile: 7964.66 MB
Available Pagefile: 6575.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (STFKSYS) (Fixed) (Total:178.85 GB) (Free:134.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (STFKData) (Fixed) (Total:119.24 GB) (Free:118.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 99D24F7A)
Partition 1: (Active) - (Size=178.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 

  • 0

#3
Naathim
Posted 09 October 2014 - 03:31 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

I'm sorry that we overlooked you, this forum is a quite busy one and sometimes it just happens. Please let me know if you still need any help and we will see what can be done :)


  • 0

#4
atsjo
Posted 10 October 2014 - 12:39 PM

atsjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hey Naat, thanks for noticing me!

Yeah, I still need help, haven't turned my computer off yet, since I got a pop-up after uninstalling that program which said that the changes will happen when I turn off and on the computer. Got no clue what kind of changes that may even be. But don't worry, it has been disconnected from the internet.
  • 0

#5
Naathim
Posted 10 October 2014 - 01:01 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
:thumbsup:

Please run a fresh scan with FRST (mark also the addition option). Post generated logfiles.
  • 0

#6
atsjo
Posted 11 October 2014 - 03:28 AM

atsjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

1. FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014

Ran by Fredrik (administrator) on FREDRIK-PC on 11-10-2014 10:59:27
Running from C:\Users\Fredrik\Downloads
Loaded Profile: Fredrik (Available profiles: Fredrik)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2014-06-16] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7FE3A377478ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-17]
CHR Extension: (Google Drive) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-17]
CHR Extension: (Pop Block Pro - The Ultimate Popup Blocker) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-17]
CHR Extension: (Adblock Plus) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-17]
CHR Extension: (Google Search) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-17]
CHR Extension: (Google Wallet) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-17]
CHR Extension: (Gmail) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-07-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2014-06-16] (Lenovo Group Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 CnxtHdAudService; system32\drivers\CHDRT64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 23:27 - 2014-10-05 23:28 - 00023215 _____ () C:\Users\Fredrik\Downloads\Addition.txt
2014-10-05 23:26 - 2014-10-11 10:59 - 00010367 _____ () C:\Users\Fredrik\Downloads\FRST.txt
2014-10-05 23:14 - 2014-10-05 23:14 - 00001128 _____ () C:\Users\Fredrik\Desktop\FRST64.exe - Snarvei.lnk
2014-10-05 23:14 - 2014-10-05 23:14 - 00001097 _____ () C:\Users\Fredrik\Desktop\OTL.exe - Snarvei.lnk
2014-10-05 23:13 - 2014-10-11 10:59 - 00000000 ____D () C:\FRST
2014-10-05 23:12 - 2014-10-05 23:12 - 02109440 _____ (Farbar) C:\Users\Fredrik\Downloads\FRST64.exe
2014-10-05 22:13 - 2014-10-05 22:13 - 00040732 _____ () C:\Users\Fredrik\Downloads\Extras.Txt
2014-10-05 22:11 - 2014-10-05 22:11 - 00064410 _____ () C:\Users\Fredrik\Downloads\OTL.Txt
2014-10-05 21:50 - 2014-10-05 21:51 - 00602112 _____ (OldTimer Tools) C:\Users\Fredrik\Downloads\OTL.exe
2014-10-02 16:23 - 2014-10-02 16:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-02 16:23 - 2014-10-02 16:23 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-02 16:23 - 2014-10-02 16:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-02 16:22 - 2014-10-02 16:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-02 16:21 - 2014-10-02 16:26 - 00000000 ____D () C:\Users\Fredrik\AppData\Local\Adobe
2014-10-02 16:18 - 2014-10-02 16:18 - 00008333 _____ () C:\Users\Fredrik\Downloads\cpub-WINWORD-Officeapps-CmsRdsh.rdp
2014-10-02 16:18 - 2014-10-02 16:18 - 00008201 _____ () C:\Users\Fredrik\Downloads\cpub-Foxit_PhantomPDF-Officeapps-CmsRdsh.rdp
2014-10-02 16:16 - 2014-10-02 16:16 - 00008184 _____ () C:\Users\Fredrik\Downloads\cpub-AcroRd32-Officeapps-CmsRdsh.rdp
2014-09-12 02:16 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 02:16 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 02:16 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 02:16 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 02:16 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 02:16 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 02:16 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 02:16 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 02:16 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 02:16 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 02:16 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 02:16 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 02:16 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 02:16 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 02:16 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 02:16 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 02:16 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 02:16 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 02:16 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 02:16 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 02:16 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 02:16 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 02:16 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 02:16 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 02:15 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 02:15 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 02:15 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 02:15 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 02:15 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 02:15 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 02:15 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 02:15 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 02:15 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 02:15 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 02:15 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 02:15 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 02:15 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 02:15 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 02:15 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 02:15 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 02:15 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 02:15 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 02:15 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 02:15 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 02:15 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 02:15 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 02:15 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 02:15 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 02:15 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 02:15 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 02:15 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 02:15 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 02:15 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 02:15 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 02:15 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 02:15 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 14:06 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 14:06 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 14:06 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 14:06 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 14:06 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 10:58 - 2014-06-17 12:53 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 08:06 - 2014-08-26 15:17 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-10-11 03:00 - 2014-06-17 12:24 - 01902389 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 12:58 - 2014-06-17 12:53 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-10 08:21 - 2014-06-30 02:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-05 22:00 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 22:00 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 21:41 - 2009-07-14 06:51 - 00062806 _____ () C:\Windows\setupact.log
2014-10-05 20:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 16:26 - 2014-06-17 14:54 - 00000000 ____D () C:\Users\Fredrik\AppData\Roaming\Adobe
2014-10-02 14:38 - 2014-08-26 15:28 - 00000000 ____D () C:\Users\Fredrik\Documents\MATLAB
2014-09-25 08:02 - 2014-06-17 12:53 - 00002184 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 20:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-16 14:08 - 2009-07-14 07:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 21:51 - 2014-06-17 14:06 - 00000000 ____D () C:\Users\Fredrik\AppData\Roaming\Skype
2014-09-12 02:20 - 2011-04-12 14:57 - 00492744 _____ () C:\Windows\system32\perfh014.dat
2014-09-12 02:20 - 2011-04-12 14:57 - 00094502 _____ () C:\Windows\system32\perfc014.dat
2014-09-12 02:20 - 2009-07-14 07:13 - 01375856 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 02:14 - 2014-01-23 10:36 - 01335250 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 14:08 - 2014-06-16 13:58 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 14:08 - 2014-06-16 13:58 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-11 14:08 - 2014-06-16 13:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 14:08 - 2014-06-16 13:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 14:07 - 2014-01-23 12:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:02 - 2014-01-23 12:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Fredrik\AppData\Local\Temp\KUIU.EXE
C:\Users\Fredrik\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 10:25
 
==================== End Of Log ============================
 
2. Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Fredrik at 2014-10-11 11:00:38
Running from C:\Users\Fredrik\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.09) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile NOR Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile NOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile NOR Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended NOR Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended NOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended NOR Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.30 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Visning på skjermen (HKLM\...\OnScreenDisplay) (Version: 6.42.00 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-09-2014 14:18:23 Windows Update
23-09-2014 16:58:44 Windows Update
26-09-2014 18:46:56 Windows Update
30-09-2014 18:03:54 Windows Update
04-10-2014 12:57:52 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3D1BDDE3-D9D6-4C75-90B0-6B84EC54F101} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {8A0507F4-5FC1-4922-AF27-561B1E56B031} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)
Task: {B9643ABD-8C62-40D5-81FC-4E8A48C70AAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)
Task: {F47F69FB-5CB1-4FA6-80BE-CDDD37B5C1F8} - System32\Tasks\CCMUninstall => C:\windows\ccmsetup\ccmsetup.exe [2014-06-16] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-16 13:18 - 2014-06-16 13:18 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-06-16 13:29 - 2012-01-10 13:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4067389362-361621110-1163700252-500 - Administrator - Disabled)
Fredrik (S-1-5-21-4067389362-361621110-1163700252-1001 - Administrator - Enabled) => C:\Users\Fredrik
Gjest (S-1-5-21-4067389362-361621110-1163700252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4067389362-361621110-1163700252-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2014 08:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 04:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 05:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 03:31:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 06:59:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 10:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 07:52:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 03:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 01:25:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet MATLAB.exe versjon 8.1.0.0 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter.
 
Prosess-ID: 37c
 
Starttidspunkt: 01cfdca016befc1d
 
Avslutningstidspunkt: 0
 
Programbane: C:\Program Files\MATLAB\R2013a\bin\win64\MATLAB.exe
 
Rapport-ID:
 
Error: (09/30/2014 01:11:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/10/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 113.5.0.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET59
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\SYSTEM
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 113.5.0.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET59
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\SYSTEM
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/09/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET59
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\SYSTEM
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/09/2014 08:41:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET59
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\SYSTEM
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
 
Microsoft Office Sessions:
=========================
Error: (10/05/2014 08:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 04:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 05:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 03:31:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 06:59:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 10:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 07:52:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 03:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 01:25:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MATLAB.exe8.1.0.037c01cfdca016befc1d0C:\Program Files\MATLAB\R2013a\bin\win64\MATLAB.exe
 
Error: (09/30/2014 01:11:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-16 13:26:02.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:26:01.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:25:23.070
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:25:22.961
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:24:01.891
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:24:01.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:48.103
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:47.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:16.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:16.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 3983.23 MB
Available physical RAM: 2665.08 MB
Total Pagefile: 7964.66 MB
Available Pagefile: 6521.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (STFKSYS) (Fixed) (Total:178.85 GB) (Free:134.15 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (STFKData) (Fixed) (Total:119.24 GB) (Free:118.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 99D24F7A)
Partition 1: (Active) - (Size=178.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#7
Naathim
Posted 11 October 2014 - 03:37 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

For now the biggest issue is that you have too much security. Please remove both of the programs mentioned later, and install one (only one). After that we will perform some additional scans to see what is going on there :)


warning.gif Multiple Anti-Virus Software

I see that you're running more than one antivirus program at the same time.

  • Microsoft Security Essentials
  • AVG Internet Security

This is a bad idea.
Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. Think carefully and stay with only one AV. It should be done before any other steps in malware removal will be taken.

Please uninstall all but one using the tools you may find in the following link: Uninstallers (removal tools) for common Windows antivirus software.



aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and select C:\.
  • Select scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!


  • 0

#8
atsjo
Posted 11 October 2014 - 03:48 AM

atsjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Is my AVG Internet Security still running even though my license expired months ago?
  • 0

#9
Naathim
Posted 11 October 2014 - 04:11 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
It is installed. Each AV is very deep in the system, with its drivers and functions. It needs to be uninstalled properly.
  • 0

#10
atsjo
Posted 11 October 2014 - 08:03 AM

atsjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

I see, I did everything you said and here's the log:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-11 13:36:55
-----------------------------
13:36:55.196    OS Version: Windows x64 6.1.7601 Service Pack 1
13:36:55.196    Number of processors: 4 586 0x2A07
13:36:55.196    ComputerName: FREDRIK-PC  UserName: Fredrik
13:36:57.848    Initialize success
13:36:57.848    VM: initialized successfully
13:36:57.848    VM: Intel CPU BiosDisabled 
13:37:00.127    VM: supported disk I/O ataport.SYS
13:39:36.594    AVAST engine defs: 14101100
13:40:10.664    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:40:10.664    Disk 0 Vendor: ST320LT000-9VL142 0003LVM1 Size: 305245MB BusType: 11
13:40:10.804    Disk 0 MBR read successfully
13:40:10.804    Disk 0 MBR scan
13:40:10.820    Disk 0 Windows 7 default MBR code
13:40:10.836    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       183145 MB offset 2048
13:40:10.851    Disk 0 default boot code
13:40:10.882    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122098 MB offset 375083008
13:40:10.960    Disk 0 scanning C:\Windows\system32\drivers
13:40:25.219    Service scanning
13:40:50.288    Modules scanning
13:40:50.304    Disk 0 trace - called modules:
13:40:50.319    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
13:40:50.335    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d13060]
13:40:50.350    3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046ff060]
13:40:57.214    AVAST engine scan C:\
15:10:39.427    Scan finished successfully
15:59:18.192    Disk 0 MBR has been saved successfully to "C:\Users\Fredrik\Downloads\MBR.dat"
15:59:18.192    The log file has been saved successfully to "C:\Users\Fredrik\Downloads\aswMBR.txt"

  • 0

Advertisements

#11
Naathim
Posted 11 October 2014 - 08:07 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
This log looks fine. How the removal of AVG & MSE went?
  • 0

#12
atsjo
Posted 11 October 2014 - 08:33 AM

atsjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I only removed AVG as you asked me to only remove one of them, and the removal went pretty smooth.
  • 0

#13
Naathim
Posted 11 October 2014 - 08:35 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Glad to hear that :)

Now please perform a fresh FRST scan and post generated logs.
  • 0

#14
atsjo
Posted 11 October 2014 - 09:21 AM

atsjo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

1. FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014

Ran by Fredrik (administrator) on FREDRIK-PC on 11-10-2014 16:40:11
Running from C:\Users\Fredrik\Downloads
Loaded Profile: Fredrik (Available profiles: Fredrik)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Norsk, bokmål (Norge)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2014-06-16] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7FE3A377478ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-17]
CHR Extension: (Google Drive) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-17]
CHR Extension: (Pop Block Pro - The Ultimate Popup Blocker) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhjmjkdknjeokcmgjmdpkccpmahfmiib [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-17]
CHR Extension: (Adblock Plus) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-17]
CHR Extension: (Google Search) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-17]
CHR Extension: (Google Wallet) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-17]
CHR Extension: (Gmail) - C:\Users\Fredrik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2014-06-16] (Lenovo Group Limited)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 CnxtHdAudService; system32\drivers\CHDRT64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\Fredrik\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Fredrik\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 15:59 - 2014-10-11 15:59 - 00001817 _____ () C:\Users\Fredrik\Downloads\aswMBR.txt
2014-10-11 15:59 - 2014-10-11 15:59 - 00000512 _____ () C:\Users\Fredrik\Downloads\MBR.dat
2014-10-11 13:28 - 2014-10-11 13:28 - 05185536 _____ (AVAST Software) C:\Users\Fredrik\Downloads\aswMBR.exe
2014-10-11 13:28 - 2014-10-11 13:28 - 00001447 _____ () C:\Users\Fredrik\Desktop\aswMBR - Snarvei.lnk
2014-10-05 23:27 - 2014-10-11 11:01 - 00026894 _____ () C:\Users\Fredrik\Downloads\Addition.txt
2014-10-05 23:26 - 2014-10-11 16:41 - 00008935 _____ () C:\Users\Fredrik\Downloads\FRST.txt
2014-10-05 23:14 - 2014-10-05 23:14 - 00001128 _____ () C:\Users\Fredrik\Desktop\FRST64.exe - Snarvei.lnk
2014-10-05 23:14 - 2014-10-05 23:14 - 00001097 _____ () C:\Users\Fredrik\Desktop\OTL.exe - Snarvei.lnk
2014-10-05 23:13 - 2014-10-11 16:40 - 00000000 ____D () C:\FRST
2014-10-05 23:12 - 2014-10-05 23:12 - 02109440 _____ (Farbar) C:\Users\Fredrik\Downloads\FRST64.exe
2014-10-05 22:13 - 2014-10-05 22:13 - 00040732 _____ () C:\Users\Fredrik\Downloads\Extras.Txt
2014-10-05 22:11 - 2014-10-05 22:11 - 00064410 _____ () C:\Users\Fredrik\Downloads\OTL.Txt
2014-10-05 21:50 - 2014-10-05 21:51 - 00602112 _____ (OldTimer Tools) C:\Users\Fredrik\Downloads\OTL.exe
2014-10-02 16:23 - 2014-10-02 16:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-02 16:23 - 2014-10-02 16:23 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-02 16:23 - 2014-10-02 16:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-02 16:22 - 2014-10-02 16:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-02 16:21 - 2014-10-02 16:26 - 00000000 ____D () C:\Users\Fredrik\AppData\Local\Adobe
2014-10-02 16:18 - 2014-10-02 16:18 - 00008333 _____ () C:\Users\Fredrik\Downloads\cpub-WINWORD-Officeapps-CmsRdsh.rdp
2014-10-02 16:18 - 2014-10-02 16:18 - 00008201 _____ () C:\Users\Fredrik\Downloads\cpub-Foxit_PhantomPDF-Officeapps-CmsRdsh.rdp
2014-10-02 16:16 - 2014-10-02 16:16 - 00008184 _____ () C:\Users\Fredrik\Downloads\cpub-AcroRd32-Officeapps-CmsRdsh.rdp
2014-09-12 02:16 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 02:16 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 02:16 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 02:16 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 02:16 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 02:16 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 02:16 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 02:16 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 02:16 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 02:16 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 02:16 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 02:16 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 02:16 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 02:16 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 02:16 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 02:16 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 02:16 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 02:16 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 02:16 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 02:16 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 02:16 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 02:16 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 02:16 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 02:16 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 02:15 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 02:15 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 02:15 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 02:15 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 02:15 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 02:15 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 02:15 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 02:15 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 02:15 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 02:15 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 02:15 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 02:15 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 02:15 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 02:15 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 02:15 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 02:15 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 02:15 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 02:15 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 02:15 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 02:15 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 02:15 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 02:15 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 02:15 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 02:15 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 02:15 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 02:15 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 02:15 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 02:15 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 02:15 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 02:15 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 02:15 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 02:15 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 14:06 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 14:06 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 14:06 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 14:06 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 14:06 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 16:04 - 2014-06-17 12:24 - 01955351 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 15:58 - 2014-06-17 12:53 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 13:33 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 13:33 - 2009-07-14 06:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 13:27 - 2014-08-26 15:17 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2014-10-11 13:26 - 2014-06-17 12:53 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 13:25 - 2014-06-30 02:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-11 13:25 - 2010-11-21 05:47 - 00027014 _____ () C:\Windows\PFRO.log
2014-10-11 13:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 13:25 - 2009-07-14 06:51 - 00062862 _____ () C:\Windows\setupact.log
2014-10-02 16:26 - 2014-06-17 14:54 - 00000000 ____D () C:\Users\Fredrik\AppData\Roaming\Adobe
2014-10-02 14:38 - 2014-08-26 15:28 - 00000000 ____D () C:\Users\Fredrik\Documents\MATLAB
2014-09-25 08:02 - 2014-06-17 12:53 - 00002184 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-22 08:42 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-18 20:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-16 14:08 - 2009-07-14 07:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 21:51 - 2014-06-17 14:06 - 00000000 ____D () C:\Users\Fredrik\AppData\Roaming\Skype
2014-09-12 02:20 - 2011-04-12 14:57 - 00492744 _____ () C:\Windows\system32\perfh014.dat
2014-09-12 02:20 - 2011-04-12 14:57 - 00094502 _____ () C:\Windows\system32\perfc014.dat
2014-09-12 02:20 - 2009-07-14 07:13 - 01375856 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 02:14 - 2014-01-23 10:36 - 01335250 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 14:08 - 2014-06-16 13:58 - 00002124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 14:08 - 2014-06-16 13:58 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-11 14:08 - 2014-06-16 13:58 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 14:08 - 2014-06-16 13:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 14:07 - 2014-01-23 12:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:02 - 2014-01-23 12:19 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Fredrik\AppData\Local\Temp\KUIU.EXE
C:\Users\Fredrik\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-11 15:24
 
==================== End Of Log ============================
 
2. Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Fredrik at 2014-10-11 16:42:05
Running from C:\Users\Fredrik\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.09) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile NOR Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile NOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile NOR Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended NOR Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended NOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended NOR Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.30 - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Visning på skjermen (HKLM\...\OnScreenDisplay) (Version: 6.42.00 - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
19-09-2014 14:18:23 Windows Update
23-09-2014 16:58:44 Windows Update
26-09-2014 18:46:56 Windows Update
30-09-2014 18:03:54 Windows Update
04-10-2014 12:57:52 Windows Update
11-10-2014 11:17:07 Removed AVG 2014
11-10-2014 11:22:38 Removed AVG 2014
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3D1BDDE3-D9D6-4C75-90B0-6B84EC54F101} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {8A0507F4-5FC1-4922-AF27-561B1E56B031} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)
Task: {B9643ABD-8C62-40D5-81FC-4E8A48C70AAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-17] (Google Inc.)
Task: {F47F69FB-5CB1-4FA6-80BE-CDDD37B5C1F8} - System32\Tasks\CCMUninstall => C:\windows\ccmsetup\ccmsetup.exe [2014-06-16] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files\MATLAB\R2013a\bin\win64\MATLABStartupAccelerator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-16 13:18 - 2014-06-16 13:18 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-06-16 13:29 - 2012-01-10 13:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4067389362-361621110-1163700252-500 - Administrator - Disabled)
Fredrik (S-1-5-21-4067389362-361621110-1163700252-1001 - Administrator - Enabled) => C:\Users\Fredrik
Gjest (S-1-5-21-4067389362-361621110-1163700252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4067389362-361621110-1163700252-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/11/2014 01:26:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 01:22:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Tjenesten Cryptographic Services mislyktes under behandling av OnIdentity()-kallet i systemskriverobjektet.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
Systemet finner ikke angitt fil.
.
 
Error: (10/05/2014 08:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 04:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 05:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 03:31:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 06:59:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 10:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 07:52:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 03:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/11/2014 01:36:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/11/2014 01:36:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/11/2014 01:36:10 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET59
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\SYSTEM
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 113.5.0.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:04 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET59
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\SYSTEM
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 113.5.0.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
Error: (10/10/2014 08:41:03 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-MYNDIGHET60 har oppdaget feil ved forsøk på å oppdatere signaturer.
 
Ny signaturversjon: 
 
Forrige signaturversjon: 1.185.2286.0
 
Oppdateringskilde: %NT-MYNDIGHET51
 
Oppdateringsstadium: 4.6.0305.00
 
Kildebane: 4.6.0305.01
 
Signaturtype: %NT-MYNDIGHET602
 
Oppdateringstype: %NT-MYNDIGHET604
 
Bruker: NT-MYNDIGHET\NETTVERKSTJENESTE
 
Aktuell motorversjon: %NT-MYNDIGHET605
 
Forrige motorversjon: %NT-MYNDIGHET606
 
Feilkode: %NT-MYNDIGHET607
 
Feilbeskrivelse: %NT-MYNDIGHET608
 
 
Microsoft Office Sessions:
=========================
Error: (10/11/2014 01:26:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 01:22:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
Systemet finner ikke angitt fil.
 
Error: (10/05/2014 08:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2014 04:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 05:47:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 03:31:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/03/2014 06:59:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/02/2014 10:02:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 07:52:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/30/2014 03:47:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-16 13:26:02.054
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:26:01.976
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:25:23.070
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:25:22.961
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:24:01.891
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:24:01.829
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:48.103
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:47.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:16.108
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-16 13:22:16.045
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 41%
Total physical RAM: 3983.23 MB
Available physical RAM: 2338.83 MB
Total Pagefile: 7964.66 MB
Available Pagefile: 6343.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (STFKSYS) (Fixed) (Total:178.85 GB) (Free:133.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (STFKData) (Fixed) (Total:119.24 GB) (Free:118.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 99D24F7A)
Partition 1: (Active) - (Size=178.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#15
Naathim
Posted 11 October 2014 - 09:29 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Some minor things... Give me some feedback how is the machine performing?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: windows 7*32, adware, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP