Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think we have an infection (or two) [Solved]


  • This topic is locked This topic is locked

#1
Barnys

Barnys

    Member

  • Member
  • PipPip
  • 51 posts
Hi

 

 

We have Norton Internet Security on a Vista Ultimate x32  desktop with 4GB ram.



Our problems started a few days ago at about the same time that shockwave flash failed and started freezing Firefox. Shockwave flash is up to date and is now disabled.

We now have a number of problems including;

The computer will not always hibernate, the screen shuts down but the computer continues to run; 

Norton crashes. We have twice been notified that Norton has stopped because it apparently triggered a process called Data Execution Prevention.

We are seeing periods of significantly slow/disrupted internet;

After closing Firefox the browser maintains some open processes for several minutes;

Some functions are very slow to launch e.g. I just tried to start VLC player and although it was immediately listed in the Task Manager processes list it took several minutes to appear on the screen.

The latest problem is MS Malicious Software Removal tool wont complete a scan, it stalls part way through the scan and wont cancel (I have run a Norton Internet Security Scan which reported a clear system).  The MS Malicious Software Removal Tool is getting stuck on something called C:\System Volume Information\mountpointmanagerremotedatabase whatever that is.

I normally run the MS Malicious Software Removal Tool once a month and it usually takes about 4-5 hours to complete a full scan.
I have tried running it three times, each time the scan started as expected and stopped quite early in the file count, I ended up cancelling it after about 2-2.5 hours.
The only way to cancel the scan was to use Task Manager and once canceled the computer was sluggish because of high CPU load (70-90%) and unusually high ram use. We normally see 40-60% ram usage, once the scans stalled and closed with task manager the ram usage rises to above 80%.

I don't know what to do now, any suggestions/ideas are welcome :-)

 

Regards


Edited by Barnys, 30 January 2015 - 10:08 PM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Welcome!!

 

Let's have a look. Since you didn't mention Operating System there are two scans below. Try the first, if that doesn't work, the second will. They are the same tool, just one aimed at 32 bit OS's and the other at 64 bit OS's.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 


  • 0

#3
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Hi

Thanks for the reply, the system is 32 bit, I have addred this to my initial post.

 

Running the Farbar scan tool was not easy.  Norton intercepted the download and removed it, then when I tried to get Norton to return the download, Norton crashed and locked things up for a while.... I had to dissable Norton Just to get the download and then leave it diaasbled to run the scan... It took a while :-).

 

Here is a copy of the Addition and then the FRST files.

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Siggi at 2015-01-31 05:04:43
Running from C:\Users\Siggi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DriverNavigator 3.4.5 (HKLM\...\DriverNavigator_is1) (Version: 3.4.5.0 - Easeware)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.20 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.20 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-GB) (Version: 10.0.4600.20 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-01-2015 14:35:23 Installiert Motorola Device Manager
27-01-2015 14:47:59 Removed Windows 7 USB/DVD Download Tool
27-01-2015 14:49:56 Removed Windows 7 Upgrade Advisor
27-01-2015 14:57:08 Installiert Motorola Device Manager
27-01-2015 15:11:21 Entfernt Motorola Device Manager
28-01-2015 05:39:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {026DAB5C-7B7D-414E-ABFA-004A5C7A4904} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {2F20F7BD-4A96-479B-8351-6D6C2952023D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {6A0844CA-8F71-4EE7-8046-C053FE70B6C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2012-02-13] (TuneUp Software)
Task: {6E17CC6E-BF42-4AF6-9B3A-5D5E91C66B41} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6} - System32\Tasks\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A} => pcalua.exe -a "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs\VisualBasic6-KB896559-v1-ENU.exe" -d "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs"
Task: {BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe [2013-12-23] (Easeware)
Task: {C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D} - System32\Tasks\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0} => pcalua.exe -a C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver\install_driver.exe -d C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver
Task: {D8602925-8654-48C3-815C-676E550EE430} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F900BE6D-F432-4F0E-9A29-91294DB7AD26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FAB7A746-36D9-41B6-BEA6-930E66490098} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe

==================== Loaded Modules (whitelisted) =============

2013-09-29 02:14 - 2013-09-29 02:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 10:46 - 2014-11-17 10:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 08:36 - 2014-11-05 08:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 08:37 - 2014-11-05 08:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 11:53 - 2014-11-14 11:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2014-06-30 03:05 - 2014-06-30 03:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2014-11-07 10:13 - 2014-11-07 10:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 21:27 - 2012-10-15 21:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 08:00 - 2014-11-17 08:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 09:39 - 2014-09-11 09:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 08:51 - 2014-11-05 08:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 07:21 - 2014-11-17 07:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 07:18 - 2014-11-17 07:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 10:39 - 2014-11-06 10:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 08:58 - 2014-11-05 08:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 09:00 - 2014-11-05 09:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 09:23 - 2014-11-03 09:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-19 03:22 - 2014-06-19 03:22 - 02177405 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 08:59 - 2014-11-05 08:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 09:01 - 2014-11-05 09:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-30 03:33 - 2014-06-30 03:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2014-11-06 16:28 - 2014-11-06 16:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2015-01-27 04:16 - 2015-01-27 04:16 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-25 08:26 - 2015-01-25 08:26 - 16844976 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00113171 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 02396691 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00268307 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00066579 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 02043411 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00100371 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00244243 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00076307 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00045587 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00060947 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00531475 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00708627 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00114195 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00040467 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00133139 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 01512467 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00296979 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 01248787 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00054291 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 11148307 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00383507 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00118803 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00116755 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00336403 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00016403 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00146451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00733203 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00015891 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00030739 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00063507 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00036883 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00064531 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00292371 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 01280019 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00344595 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00198675 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00027155 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 01393171 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00013843 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00130579 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00168979 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00058899 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 01496083 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00013331 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00049683 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00072211 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00189971 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00036371 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00026131 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00171027 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 10447379 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00746515 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00026643 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00587283 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00113683 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00053779 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00016915 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00032275 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00020499 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00013843 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-07-23 00:29 - 2014-07-23 00:29 - 00068115 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2012-05-27 04:14 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2689138593-1012205953-2850960868-500 - Administrator - Disabled)
Gast (S-1-5-21-2689138593-1012205953-2850960868-501 - Limited - Disabled)
Siggi (S-1-5-21-2689138593-1012205953-2850960868-1000 - Administrator - Enabled) => C:\Users\Siggi

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 04:58:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 44c
Start Time: 01d03b158d4bb862
Termination Time: 0

Error: (01/31/2015 04:55:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NIS.exe version 12.11.4.4 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e60
Start Time: 01d03b1591e82bb2
Termination Time: 13999

Error: (01/30/2015 10:10:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.1.5500, time stamp 0x54c1f9f3, faulting module mozalloc.dll, version 35.0.1.5500, time stamp 0x54c1f224, exception code 0x80000003, fault offset 0x00001425,
process id 0x1758, application start time 0xplugin-container.exe0.

Error: (01/28/2015 05:18:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YHS7JJA5.DEFAULT-1421840432195\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Kontext:  Anwendung, SystemIndex Katalog


Details:
    Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/28/2015 05:18:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\YHS7JJA5.DEFAULT-1421840432195\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Kontext:  Anwendung, SystemIndex Katalog


Details:
    Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (01/28/2015 05:16:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (01/28/2015 05:16:54 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (01/28/2015 05:16:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (01/28/2015 05:16:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2015 09:31:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/31/2015 02:28:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (01/30/2015 02:08:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (01/29/2015 02:17:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000NIS

Error: (01/29/2015 02:15:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (01/28/2015 05:17:23 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (01/28/2015 05:16:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon

Error: (01/28/2015 05:16:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Online Armor Helper Service%%3

Error: (01/28/2015 05:14:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:35:48 a.m. on 28/01/2015 was unexpected.

Error: (01/28/2015 09:31:55 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (01/28/2015 09:31:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon


Microsoft Office Sessions:
=========================
Error: (10/22/2014 01:52:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 107 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/13/2014 05:46:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 90 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/24/2013 09:48:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-01-31 05:04:01.842
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 05:04:01.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 05:04:00.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 05:03:59.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 05:03:43.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 05:03:42.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 05:03:42.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 05:03:41.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 02:30:24.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-31 02:30:23.468
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 71%
Total physical RAM: 3316.27 MB
Available physical RAM: 942.45 MB
Total Pagefile: 6826.53 MB
Available Pagefile: 4038.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.28 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:187.74 GB) (Free:36.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.92 GB) (Free:1.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.2 GB) - (Type=05)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Siggi (administrator) on A-PROBLEM on 31-01-2015 05:03:07
Running from C:\Users\Siggi\Desktop
Loaded Profiles: Siggi (Available profiles: Siggi)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: German (Germany)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2689138593-1012205953-2850960868-1000] => localhost:8080
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> DefaultScope {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://de.search.yah...}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF99C9F5-B28A-4BB4-9500-B9F69C08AB23}: [NameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195
FF Homepage: https://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NetVideoHunter - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Flashblock - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-01-27]
FF Extension: FoxClocks - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2015-01-21]
FF Extension: Ghostery - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Self-Destructing Cookies - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Status-4-Evar - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Video WithOut Flash - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-22]
FF Extension: Adblock Plus - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]
FF Extension: BetterPrivacy - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-01]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-01-28]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-24]
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 OAcat; "C:\Program Files\Online Armor\OAcat.exe" [X]
S3 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-15] (GFI Software)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvix86.sys [503000 2015-01-14] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150130.001\NAVENG.SYS [95704 2015-01-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150130.001\NAVEX15.SYS [1636696 2015-01-29] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2015-01-14] (CACE Technologies, Inc.)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-08-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1506000.020\SYMTDIV.SYS [384728 2014-07-23] (Symantec Corporation)
S3 w200bus; C:\Windows\System32\DRIVERS\w200bus.sys [61504 2006-11-07] (MCCI)
S3 w200mdfl; C:\Windows\System32\DRIVERS\w200mdfl.sys [9328 2006-11-07] (MCCI)
S3 w200mdm; C:\Windows\System32\DRIVERS\w200mdm.sys [97056 2006-11-07] (MCCI)
S3 w200mgmt; C:\Windows\System32\DRIVERS\w200mgmt.sys [88560 2006-11-07] (MCCI)
S3 w200obex; C:\Windows\System32\DRIVERS\w200obex.sys [86368 2006-11-07] (MCCI)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OADevice; \??\C:\Windows\system32\drivers\OADriver.sys [X]
S1 oahlpXX; \??\C:\Windows\system32\drivers\oahlp32.sys [X]
S1 OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 05:03 - 2015-01-31 05:04 - 00013044 _____ () C:\Users\Siggi\Desktop\FRST.txt
2015-01-31 04:59 - 2015-01-31 04:59 - 01121792 _____ (Farbar) C:\Users\Siggi\Desktop\FRST.exe
2015-01-28 05:53 - 2015-01-28 11:36 - 00011682 _____ () C:\Users\Siggi\Desktop\Book1.xlsx
2015-01-27 15:05 - 2015-01-27 15:17 - 00000000 ____D () C:\Program Files\Motorola Mobility
2015-01-27 15:05 - 2015-01-27 15:05 - 00000000 ____D () C:\Program Files\Motorola
2015-01-27 15:04 - 2015-01-27 15:04 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-27 15:03 - 2015-01-27 15:03 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2015-01-27 04:16 - 2015-01-27 04:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 09:42 - 2015-01-30 13:41 - 00016025 _____ () C:\Users\Siggi\Desktop\unique list.xlsx
2015-01-24 07:15 - 2015-01-31 04:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 07:15 - 2015-01-25 08:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-24 07:15 - 2015-01-25 08:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-21 13:03 - 2015-01-23 03:41 - 00000000 ____D () C:\Users\Siggi\Desktop\excel rstr
2015-01-21 08:42 - 2015-01-25 09:42 - 00085504 _____ () C:\Users\Siggi\Desktop\Vlookup_modif1.xls
2015-01-19 14:29 - 2015-01-19 14:40 - 497096799 _____ () C:\Users\Siggi\Desktop\Air Crash Investigation DHL Flight 611 'Deadly Crossroads' Horrible Mid Air Crash.mp4
2015-01-19 04:22 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-19 04:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-18 15:15 - 2015-01-18 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-18 06:12 - 2015-01-19 16:04 - 00011154 _____ () C:\Users\Siggi\Desktop\count.xlsx
2015-01-15 18:47 - 2015-01-15 18:47 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Motorola
2015-01-14 13:16 - 2015-01-18 14:44 - 00000000 ____D () C:\Users\Siggi\AppData\Local\NETGEARGenie
2015-01-14 13:16 - 2015-01-14 13:16 - 00001849 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-01-14 13:15 - 2015-01-14 13:15 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2015-01-14 13:15 - 2015-01-14 13:15 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2015-01-14 13:15 - 2015-01-14 13:15 - 00035088 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-01-14 13:15 - 2015-01-14 13:15 - 00000000 ____D () C:\Program Files\NETGEAR Genie

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 05:03 - 2013-12-14 14:18 - 00000000 ____D () C:\FRST
2015-01-31 04:57 - 2014-06-01 13:29 - 01432383 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 04:51 - 2013-04-13 11:11 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\vlc
2015-01-31 04:28 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 04:28 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 03:29 - 2008-01-21 09:24 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 10:11 - 2013-06-02 02:49 - 00000000 ____D () C:\Users\Siggi\AppData\Local\CrashDumps
2015-01-28 17:14 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 17:14 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Registration
2015-01-28 09:28 - 2006-11-02 14:00 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-28 07:44 - 2012-05-01 16:39 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Macromedia
2015-01-27 15:17 - 2012-05-06 06:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-27 15:04 - 2012-05-01 09:07 - 00000000 ____D () C:\Users\Siggi
2015-01-27 12:02 - 2012-05-01 17:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 16:33 - 2014-12-18 14:22 - 00024984 _____ () C:\Users\Siggi\Desktop\lortoy sturrf.xlsx
2015-01-26 11:15 - 2013-09-25 06:32 - 00058196 _____ () C:\Users\Siggi\Desktop\New House water etc.xlsx
2015-01-25 11:41 - 2012-11-11 14:38 - 00000000 ____D () C:\Users\Siggi\Desktop\sigggis bits 2
2015-01-25 08:26 - 2014-07-09 02:58 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-24 07:14 - 2014-08-10 10:17 - 00000000 ____D () C:\Users\Siggi\AppData\Local\Adobe
2015-01-23 03:42 - 2014-03-29 14:49 - 00000000 ____D () C:\Users\Siggi\Desktop\Old Firefox Data 01
2015-01-21 12:30 - 2014-09-30 13:11 - 00000000 ____D () C:\Users\Siggi\Desktop\New Folder
2015-01-19 05:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 04:22 - 2013-08-14 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 15:34 - 2014-12-31 09:50 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-18 15:32 - 2013-05-26 12:03 - 00000271 _____ () C:\Windows\wininit.ini
2015-01-18 15:17 - 2013-06-01 07:39 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Malwarebytes
2015-01-18 15:17 - 2013-05-25 13:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-17 08:48 - 2012-05-01 18:13 - 00000000 ____D () C:\Users\Siggi\Desktop\sturrf
2015-01-17 08:46 - 2014-01-17 12:05 - 00000436 _____ () C:\Windows\Tasks\DriverNavigator Scheduled Scan.job
2015-01-15 18:46 - 2012-06-08 03:18 - 00000000 ___RD () C:\Users\Siggi\Desktop\dwnlds
2015-01-15 14:53 - 2012-05-02 04:11 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2011
2015-01-01 10:44 - 2006-11-02 11:22 - 44826624 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old
2015-01-01 10:44 - 2006-11-02 11:22 - 42991616 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2015-01-01 10:44 - 2006-11-02 11:22 - 22806528 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2015-01-01 10:44 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2015-01-01 10:44 - 2006-11-02 11:22 - 00020480 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2015-01-01 10:39 - 2006-11-02 11:22 - 00065536 _____ () C:\Windows\system32\config\SAM_tureg_old

==================== Files in the root of some directories =======

2013-07-15 10:48 - 2013-07-15 10:49 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2012-05-01 09:07 - 2014-07-01 16:51 - 0000680 _____ () C:\Users\Siggi\AppData\Local\d3d9caps.dat
2012-05-26 19:45 - 2012-06-27 07:55 - 0009216 _____ () C:\Users\Siggi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-01 16:47 - 2012-05-01 16:47 - 0819798 _____ () C:\ProgramData\1335884456.bdinstall.bin
2012-09-10 10:41 - 2012-09-10 10:41 - 0596520 _____ () C:\ProgramData\1347269589.bdinstall.bin
2013-05-25 07:23 - 2013-05-25 07:23 - 0208815 _____ () C:\ProgramData\1369462956.bdinstall.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-29 05:24

==================== End Of Log ============================


Edited by Barnys, 30 January 2015 - 11:27 PM.

  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Ok, let's get started cleaning.
 
You will likely have to disable your protection software for these tools to work.
 
FRST.gif Fix with Farbar Recovery Scan Tool

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} ->  No File
    Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} -  No File
    ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
    CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx [Not Found]
    CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [Not Found]
    EmptyTemp:
    Reboot:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
 
 
JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
Please include the contents of that file in your reply.

Next, you have quite a few system errors in your logs. That would indicate a damaged installation or hard disk issue. Let's try the following and see if it help.

Run this three times in a row. Even if time one or two tells you it fixed everything, run it three times.

Go to a command prompt and type in SFC /SCANNOW and hit Return.

Then reboot
 
Then rerun FRST as you did before and post the logs please.
  • 0

#5
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Thanks for the reply Biscuithd

 

All of the steps proceeded well. 

The first SFC /SCANNOW scan produced a substantial looking report, but the other 2 scans were completed without any repairs/corrections.

 

I see DuckDuckGo is no longer the default browser in Firefox, is there a reason for this, is it ok to return DuckDuckGo to the Firefox start page?

 

Here are the 4 logs Addition, FRST, JRT and ADWVleaner

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by Siggi at 2015-02-03 11:19:34
Running from C:\Users\Siggi\Desktop\Geeks to Go Forum\03.02 exes
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DriverNavigator 3.4.5 (HKLM\...\DriverNavigator_is1) (Version: 3.4.5.0 - Easeware)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.20 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.20 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-GB) (Version: 10.0.4600.20 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-01-2015 14:35:23 Installiert Motorola Device Manager
27-01-2015 14:47:59 Removed Windows 7 USB/DVD Download Tool
27-01-2015 14:49:56 Removed Windows 7 Upgrade Advisor
27-01-2015 14:57:08 Installiert Motorola Device Manager
27-01-2015 15:11:21 Entfernt Motorola Device Manager
28-01-2015 05:39:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {026DAB5C-7B7D-414E-ABFA-004A5C7A4904} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {2F20F7BD-4A96-479B-8351-6D6C2952023D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {6A0844CA-8F71-4EE7-8046-C053FE70B6C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2012-02-13] (TuneUp Software)
Task: {6E17CC6E-BF42-4AF6-9B3A-5D5E91C66B41} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6} - System32\Tasks\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A} => pcalua.exe -a "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs\VisualBasic6-KB896559-v1-ENU.exe" -d "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs"
Task: {BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834} - \DriverNavigator Scheduled Scan No Task File <==== ATTENTION
Task: {C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D} - System32\Tasks\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0} => pcalua.exe -a C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver\install_driver.exe -d C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver
Task: {D8602925-8654-48C3-815C-676E550EE430} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F900BE6D-F432-4F0E-9A29-91294DB7AD26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FAB7A746-36D9-41B6-BEA6-930E66490098} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-05-27 04:14 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 10:46 - 2014-11-17 10:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 08:36 - 2014-11-05 08:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 08:37 - 2014-11-05 08:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 11:53 - 2014-11-14 11:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2014-06-30 03:05 - 2014-06-30 03:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2014-11-07 10:13 - 2014-11-07 10:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 21:27 - 2012-10-15 21:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 08:00 - 2014-11-17 08:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 09:39 - 2014-09-11 09:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 08:51 - 2014-11-05 08:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 07:21 - 2014-11-17 07:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 07:18 - 2014-11-17 07:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 10:39 - 2014-11-06 10:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 08:58 - 2014-11-05 08:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 09:00 - 2014-11-05 09:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 09:23 - 2014-11-03 09:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-19 03:22 - 2014-06-19 03:22 - 02177405 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 08:59 - 2014-11-05 08:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 09:01 - 2014-11-05 09:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-30 03:33 - 2014-06-30 03:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-11-06 16:28 - 2014-11-06 16:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2689138593-1012205953-2850960868-500 - Administrator - Disabled)
Gast (S-1-5-21-2689138593-1012205953-2850960868-501 - Limited - Disabled)
Siggi (S-1-5-21-2689138593-1012205953-2850960868-1000 - Administrator - Enabled) => C:\Users\Siggi

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 11:15:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/03/2015 11:16:59 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (02/03/2015 11:15:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon

Error: (02/03/2015 11:15:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Online Armor Helper Service%%3


Microsoft Office Sessions:
=========================
Error: (10/22/2014 01:52:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 107 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/13/2014 05:46:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 90 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/24/2013 09:48:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-02-03 11:09:16.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 11:09:15.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 11:09:15.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 11:09:14.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 11:09:02.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 11:09:01.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 11:09:01.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 11:09:00.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 04:32:58.542
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-03 04:32:57.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 36%
Total physical RAM: 3316.27 MB
Available physical RAM: 2090.09 MB
Total Pagefile: 6826.54 MB
Available Pagefile: 5666.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.18 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:187.74 GB) (Free:32.97 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.92 GB) (Free:1.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.2 GB) - (Type=05)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Siggi (administrator) on A-PROBLEM on 03-02-2015 11:18:35
Running from C:\Users\Siggi\Desktop\Geeks to Go Forum\03.02 exes
Loaded Profiles: Siggi (Available profiles: Siggi)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: German (Germany)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2689138593-1012205953-2850960868-1000] => localhost:8080
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> DefaultScope {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://de.search.yah...}&fr=chr-comodo
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF99C9F5-B28A-4BB4-9500-B9F69C08AB23}: [NameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NetVideoHunter - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Flashblock - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-01-27]
FF Extension: FoxClocks - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2015-01-21]
FF Extension: Ghostery - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Self-Destructing Cookies - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Status-4-Evar - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Video WithOut Flash - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-22]
FF Extension: Adblock Plus - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]
FF Extension: BetterPrivacy - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-01]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-03]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 OAcat; "C:\Program Files\Online Armor\OAcat.exe" [X]
S3 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-15] (GFI Software)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvix86.sys [503000 2015-01-14] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150202.002\NAVENG.SYS [95704 2015-01-29] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150202.002\NAVEX15.SYS [1636696 2015-01-29] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2015-01-14] (CACE Technologies, Inc.)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-08-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1506000.020\SYMTDIV.SYS [384728 2014-07-23] (Symantec Corporation)
S3 w200bus; C:\Windows\System32\DRIVERS\w200bus.sys [61504 2006-11-07] (MCCI)
S3 w200mdfl; C:\Windows\System32\DRIVERS\w200mdfl.sys [9328 2006-11-07] (MCCI)
S3 w200mdm; C:\Windows\System32\DRIVERS\w200mdm.sys [97056 2006-11-07] (MCCI)
S3 w200mgmt; C:\Windows\System32\DRIVERS\w200mgmt.sys [88560 2006-11-07] (MCCI)
S3 w200obex; C:\Windows\System32\DRIVERS\w200obex.sys [86368 2006-11-07] (MCCI)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OADevice; \??\C:\Windows\system32\drivers\OADriver.sys [X]
S1 oahlpXX; \??\C:\Windows\system32\drivers\oahlp32.sys [X]
S1 OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 11:12 - 2015-02-03 10:08 - 00002196 _____ () C:\Users\Siggi\Desktop\AdwCleaner[R10].txt
2015-02-03 11:12 - 2015-02-03 09:58 - 00001464 _____ () C:\Users\Siggi\Desktop\JRT.txt
2015-02-03 09:44 - 2015-02-03 09:44 - 00000326 _____ () C:\Windows\PFRO.log
2015-02-02 11:56 - 2015-02-03 09:33 - 00000000 ____D () C:\Users\Siggi\Desktop\Zopo
2015-01-31 05:23 - 2015-02-03 11:04 - 00000000 ____D () C:\Users\Siggi\Desktop\Geeks to Go Forum
2015-01-28 05:53 - 2015-01-28 11:36 - 00011682 _____ () C:\Users\Siggi\Desktop\Book1.xlsx
2015-01-27 15:05 - 2015-01-27 15:17 - 00000000 ____D () C:\Program Files\Motorola Mobility
2015-01-27 15:05 - 2015-01-27 15:05 - 00000000 ____D () C:\Program Files\Motorola
2015-01-27 15:04 - 2015-01-27 15:04 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-27 15:03 - 2015-01-27 15:03 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2015-01-27 04:16 - 2015-01-27 04:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 09:42 - 2015-01-30 13:41 - 00016025 _____ () C:\Users\Siggi\Desktop\unique list.xlsx
2015-01-24 07:15 - 2015-02-03 10:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 07:15 - 2015-01-25 08:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-24 07:15 - 2015-01-25 08:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-21 13:03 - 2015-01-23 03:41 - 00000000 ____D () C:\Users\Siggi\Desktop\excel rstr
2015-01-21 08:42 - 2015-01-25 09:42 - 00085504 _____ () C:\Users\Siggi\Desktop\Vlookup_modif1.xls
2015-01-19 14:29 - 2015-01-19 14:40 - 497096799 _____ () C:\Users\Siggi\Desktop\Air Crash Investigation DHL Flight 611 'Deadly Crossroads' Horrible Mid Air Crash.mp4
2015-01-19 04:22 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-19 04:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-18 15:15 - 2015-01-18 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-18 06:12 - 2015-01-19 16:04 - 00011154 _____ () C:\Users\Siggi\Desktop\count.xlsx
2015-01-15 18:47 - 2015-01-15 18:47 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Motorola
2015-01-14 13:16 - 2015-01-18 14:44 - 00000000 ____D () C:\Users\Siggi\AppData\Local\NETGEARGenie
2015-01-14 13:16 - 2015-01-14 13:16 - 00001849 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-01-14 13:15 - 2015-01-14 13:15 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2015-01-14 13:15 - 2015-01-14 13:15 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2015-01-14 13:15 - 2015-01-14 13:15 - 00035088 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-01-14 13:15 - 2015-01-14 13:15 - 00000000 ____D () C:\Program Files\NETGEAR Genie

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 11:18 - 2014-06-01 13:29 - 01506760 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 11:18 - 2013-12-14 14:18 - 00000000 ____D () C:\FRST
2015-02-03 11:15 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 11:15 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 11:15 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 11:15 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Registration
2015-02-03 11:13 - 2006-11-02 14:00 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-03 10:04 - 2013-12-09 13:43 - 00000000 ____D () C:\AdwCleaner
2015-02-03 09:54 - 2008-01-21 09:24 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 09:36 - 2013-04-13 11:11 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\vlc
2015-02-01 10:32 - 2013-09-25 06:32 - 00067056 _____ () C:\Users\Siggi\Desktop\New House water etc.xlsx
2015-01-31 05:24 - 2013-06-02 02:49 - 00000000 ____D () C:\Users\Siggi\AppData\Local\CrashDumps
2015-01-28 07:44 - 2012-05-01 16:39 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Macromedia
2015-01-27 15:17 - 2012-05-06 06:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-27 15:04 - 2012-05-01 09:07 - 00000000 ____D () C:\Users\Siggi
2015-01-27 12:02 - 2012-05-01 17:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 16:33 - 2014-12-18 14:22 - 00024984 _____ () C:\Users\Siggi\Desktop\lortoy sturrf.xlsx
2015-01-25 11:41 - 2012-11-11 14:38 - 00000000 ____D () C:\Users\Siggi\Desktop\sigggis bits 2
2015-01-25 08:26 - 2014-07-09 02:58 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-24 07:14 - 2014-08-10 10:17 - 00000000 ____D () C:\Users\Siggi\AppData\Local\Adobe
2015-01-23 03:42 - 2014-03-29 14:49 - 00000000 ____D () C:\Users\Siggi\Desktop\Old Firefox Data 01
2015-01-21 12:30 - 2014-09-30 13:11 - 00000000 ____D () C:\Users\Siggi\Desktop\New Folder
2015-01-19 05:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 04:22 - 2013-08-14 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 15:34 - 2014-12-31 09:50 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-18 15:17 - 2013-06-01 07:39 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Malwarebytes
2015-01-18 15:17 - 2013-05-25 13:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-17 08:48 - 2012-05-01 18:13 - 00000000 ____D () C:\Users\Siggi\Desktop\sturrf
2015-01-15 18:46 - 2012-06-08 03:18 - 00000000 ___RD () C:\Users\Siggi\Desktop\dwnlds
2015-01-15 14:53 - 2012-05-02 04:11 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2011

==================== Files in the root of some directories =======

2013-07-15 10:48 - 2013-07-15 10:49 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2012-05-01 09:07 - 2014-07-01 16:51 - 0000680 _____ () C:\Users\Siggi\AppData\Local\d3d9caps.dat
2012-05-26 19:45 - 2012-06-27 07:55 - 0009216 _____ () C:\Users\Siggi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-01 16:47 - 2012-05-01 16:47 - 0819798 _____ () C:\ProgramData\1335884456.bdinstall.bin
2012-09-10 10:41 - 2012-09-10 10:41 - 0596520 _____ () C:\ProgramData\1347269589.bdinstall.bin
2013-05-25 07:23 - 2013-05-25 07:23 - 0208815 _____ () C:\ProgramData\1369462956.bdinstall.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 09:50

==================== End Of Log ============================

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows Vista ™ Ultimate x86
Ran by Siggi on 03.02.2015 at  9:54:03,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\DriverNavigator Scheduled Scan
Successfully deleted: [File] C:\Windows\Tasks\DriverNavigator Scheduled Scan.job
Successfully deleted: [File] C:\Windows\prefetch\DRIVERNAVIGATOR.EXE-4C6B1EC4.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Siggi\AppData\Roaming\search protection"



~~~ FireFox

Successfully deleted the following from C:\Users\Siggi\AppData\Roaming\mozilla\firefox\profiles\yhs7jja5.default-1421840432195\prefs.js

user_pref("browser.startup.homepage", "hxxps://duckduckgo.com/");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2015 at  9:58:21,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

# AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 10:01:42
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# Benutzername : Siggi - A-PROBLEM
# Gestartet von : C:\Users\Siggi\Desktop\Geeks to Go Forum\03.02 exes\AdwCleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\Users\Siggi\AppData\Local\FileViewPro
Ordner Gefunden : C:\Users\Siggi\AppData\Roaming\Browser Extensions

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3A787631-66A2-4634-B928-A37E73B58FB6}
Schlüssel Gefunden : HKCU\Software\speedypc software
Schlüssel Gefunden : HKLM\SOFTWARE\speedypc software

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1827 octets] - [09/12/2013 13:44:06]
AdwCleaner[R10].txt - [1215 octets] - [03/02/2015 10:01:42]
AdwCleaner[R1].txt - [956 octets] - [09/12/2013 13:48:07]
AdwCleaner[R2].txt - [1075 octets] - [09/12/2013 13:53:18]
AdwCleaner[R3].txt - [1196 octets] - [09/12/2013 13:56:37]
AdwCleaner[R4].txt - [1143 octets] - [09/12/2013 13:58:30]
AdwCleaner[R5].txt - [1203 octets] - [09/12/2013 14:04:30]
AdwCleaner[R6].txt - [1377 octets] - [09/12/2013 14:27:26]
AdwCleaner[R7].txt - [1384 octets] - [09/12/2013 17:19:25]
AdwCleaner[R8].txt - [1557 octets] - [09/12/2013 17:23:55]
AdwCleaner[R9].txt - [1677 octets] - [10/12/2013 06:27:31]
AdwCleaner[S0].txt - [1894 octets] - [09/12/2013 13:45:48]
AdwCleaner[S1].txt - [1016 octets] - [09/12/2013 13:51:47]
AdwCleaner[S2].txt - [1137 octets] - [09/12/2013 13:54:03]
AdwCleaner[S3].txt - [1438 octets] - [09/12/2013 17:09:48]
AdwCleaner[S4].txt - [1505 octets] - [09/12/2013 17:26:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [2115 octets] ##########
 


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
I will be back with a fix for you today. Apologies for the delay.
  • 0

#7
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Many apologies! We've had snow like crazy here and I've been sick as well. That said, let's continue.

 

uTorrent is causing you a lot of trouble. I'll put a warning below so you know more.

 

The "Duck" home page, yes, put it back if you wish. I wasn't sure if it was legit or not.

 

Last, how has the computer been working?

 

warning.gif P2P warning!
 

  •     uTorrent 


P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

 

 

Also, would you run FRST again so that I can see a fresh scan after uTorrent is gone. Just like you did before. Thank you!! :)


  • 0

#8
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Hi

Hope you are well now, as for the snow...    :no:

I have uninstalled uTorrent and completed another  FRST scan.

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Siggi at 2015-02-09 13:41:46
Running from C:\Users\Siggi\Desktop\Geeks to Go Forum\09.02
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DriverNavigator 3.4.5 (HKLM\...\DriverNavigator_is1) (Version: 3.4.5.0 - Easeware)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.20 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.20 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-GB) (Version: 10.0.4600.20 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {026DAB5C-7B7D-414E-ABFA-004A5C7A4904} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {2F20F7BD-4A96-479B-8351-6D6C2952023D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {6A0844CA-8F71-4EE7-8046-C053FE70B6C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2012-02-13] (TuneUp Software)
Task: {6E17CC6E-BF42-4AF6-9B3A-5D5E91C66B41} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6} - System32\Tasks\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A} => pcalua.exe -a "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs\VisualBasic6-KB896559-v1-ENU.exe" -d "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs"
Task: {BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834} - \DriverNavigator Scheduled Scan No Task File <==== ATTENTION
Task: {C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D} - System32\Tasks\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0} => pcalua.exe -a C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver\install_driver.exe -d C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver
Task: {D8602925-8654-48C3-815C-676E550EE430} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F900BE6D-F432-4F0E-9A29-91294DB7AD26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FAB7A746-36D9-41B6-BEA6-930E66490098} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-27 04:14 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 10:46 - 2014-11-17 10:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 08:36 - 2014-11-05 08:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 08:37 - 2014-11-05 08:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 11:53 - 2014-11-14 11:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2014-06-30 03:05 - 2014-06-30 03:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2014-11-07 10:13 - 2014-11-07 10:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 21:27 - 2012-10-15 21:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 08:00 - 2014-11-17 08:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 09:39 - 2014-09-11 09:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 08:51 - 2014-11-05 08:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 07:21 - 2014-11-17 07:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 07:18 - 2014-11-17 07:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 10:39 - 2014-11-06 10:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 08:58 - 2014-11-05 08:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 09:00 - 2014-11-05 09:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 09:23 - 2014-11-03 09:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-19 03:22 - 2014-06-19 03:22 - 02177405 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 08:59 - 2014-11-05 08:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 09:01 - 2014-11-05 09:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-30 03:33 - 2014-06-30 03:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2014-11-06 16:28 - 2014-11-06 16:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-2689138593-1012205953-2850960868-500 - Administrator - Disabled)
Gast (S-1-5-21-2689138593-1012205953-2850960868-501 - Limited - Disabled)
Siggi (S-1-5-21-2689138593-1012205953-2850960868-1000 - Administrator - Enabled) => C:\Users\Siggi

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 01:33:55 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (02/09/2015 01:33:52 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (02/09/2015 01:33:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (02/09/2015 01:33:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 04:29:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cdc
Start Time: 01d04384044ba7d5
Termination Time: 16817

Error: (02/08/2015 10:47:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (02/08/2015 10:47:18 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (02/08/2015 10:47:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4

Error: (02/08/2015 10:46:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/08/2015 10:40:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe_Eventlog, version 6.0.6001.18000, time stamp 0x47918b89, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x00009b4e,
process id 0x42c, application start time 0xsvchost.exe_Eventlog0.


System errors:
=============
Error: (02/09/2015 01:34:38 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (02/09/2015 01:33:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000NIS

Error: (02/09/2015 01:33:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon

Error: (02/09/2015 01:33:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Online Armor Helper Service%%3

Error: (02/09/2015 00:00:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (02/08/2015 10:47:51 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (02/08/2015 10:46:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon

Error: (02/08/2015 10:46:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Online Armor Helper Service%%3

Error: (02/08/2015 10:45:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:42:58 a.m. on 8/02/2015 was unexpected.

Error: (02/06/2015 01:10:26 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032


Microsoft Office Sessions:
=========================
Error: (10/22/2014 01:52:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 107 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/13/2014 05:46:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 90 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/24/2013 09:48:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-02-09 12:01:34.030
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:33.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:32.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:32.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:31.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:31.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:30.703
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:30.110
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:16.001
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 12:01:15.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 39%
Total physical RAM: 3316.27 MB
Available physical RAM: 2002.43 MB
Total Pagefile: 6826.54 MB
Available Pagefile: 5515.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.15 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:187.74 GB) (Free:45.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.92 GB) (Free:1.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.2 GB) - (Type=05)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Siggi (administrator) on A-PROBLEM on 09-02-2015 13:41:06
Running from C:\Users\Siggi\Desktop\Geeks to Go Forum\09.02
Loaded Profiles: Siggi (Available profiles: Siggi)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: German (Germany)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
Failed to access process -> FRST.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2689138593-1012205953-2850960868-1000] => localhost:8080
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> DefaultScope {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://de.search.yah...}&fr=chr-comodo
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF99C9F5-B28A-4BB4-9500-B9F69C08AB23}: [NameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NetVideoHunter - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Flashblock - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-01-27]
FF Extension: FoxClocks - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2015-01-21]
FF Extension: Ghostery - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Self-Destructing Cookies - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Status-4-Evar - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-21]
FF Extension: Video WithOut Flash - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\[email protected] [2015-01-22]
FF Extension: Adblock Plus - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]
FF Extension: BetterPrivacy - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\yhs7jja5.default-1421840432195\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-01]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-09]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 OAcat; "C:\Program Files\Online Armor\OAcat.exe" [X]
S3 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-15] (GFI Software)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150206.001\IDSvix86.sys [503512 2015-02-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150208.021\NAVENG.SYS [95704 2015-02-05] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150208.021\NAVEX15.SYS [1636696 2015-02-05] (Symantec Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2015-01-14] (CACE Technologies, Inc.)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-08-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1506000.020\SYMTDIV.SYS [384728 2014-07-23] (Symantec Corporation)
S3 w200bus; C:\Windows\System32\DRIVERS\w200bus.sys [61504 2006-11-07] (MCCI)
S3 w200mdfl; C:\Windows\System32\DRIVERS\w200mdfl.sys [9328 2006-11-07] (MCCI)
S3 w200mdm; C:\Windows\System32\DRIVERS\w200mdm.sys [97056 2006-11-07] (MCCI)
S3 w200mgmt; C:\Windows\System32\DRIVERS\w200mgmt.sys [88560 2006-11-07] (MCCI)
S3 w200obex; C:\Windows\System32\DRIVERS\w200obex.sys [86368 2006-11-07] (MCCI)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OADevice; \??\C:\Windows\system32\drivers\OADriver.sys [X]
S1 oahlpXX; \??\C:\Windows\system32\drivers\oahlp32.sys [X]
S1 OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 14:50 - 2015-02-07 10:10 - 00036235 _____ () C:\Users\Siggi\Desktop\Average Formula (Autosaved).xlsx
2015-02-02 11:56 - 2015-02-09 09:58 - 00000000 ____D () C:\Users\Siggi\Desktop\Zopo
2015-01-31 05:23 - 2015-02-09 13:34 - 00000000 ____D () C:\Users\Siggi\Desktop\Geeks to Go Forum
2015-01-28 05:53 - 2015-02-07 10:11 - 00011673 _____ () C:\Users\Siggi\Desktop\Book1.xlsx
2015-01-27 15:05 - 2015-01-27 15:17 - 00000000 ____D () C:\Program Files\Motorola Mobility
2015-01-27 15:05 - 2015-01-27 15:05 - 00000000 ____D () C:\Program Files\Motorola
2015-01-27 15:04 - 2015-01-27 15:04 - 00000000 ____D () C:\Program Files\MSXML 4.0
2015-01-27 15:03 - 2015-01-27 15:03 - 00000000 ____D () C:\Program Files\Common Files\Motorola Shared
2015-01-27 04:16 - 2015-01-27 04:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 09:42 - 2015-01-30 13:41 - 00016025 _____ () C:\Users\Siggi\Desktop\unique list.xlsx
2015-01-24 07:15 - 2015-02-09 13:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 07:15 - 2015-02-05 07:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-24 07:15 - 2015-02-05 07:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-21 13:03 - 2015-01-23 03:41 - 00000000 ____D () C:\Users\Siggi\Desktop\excel rstr
2015-01-21 08:42 - 2015-01-25 09:42 - 00085504 _____ () C:\Users\Siggi\Desktop\Vlookup_modif1.xls
2015-01-19 14:29 - 2015-01-19 14:40 - 497096799 _____ () C:\Users\Siggi\Desktop\Air Crash Investigation DHL Flight 611 'Deadly Crossroads' Horrible Mid Air Crash.mp4
2015-01-19 04:22 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-19 04:01 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-19 04:01 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-18 15:15 - 2015-01-18 15:16 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-01-18 06:12 - 2015-01-19 16:04 - 00011154 _____ () C:\Users\Siggi\Desktop\count.xlsx
2015-01-15 18:47 - 2015-01-15 18:47 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Motorola
2015-01-14 13:16 - 2015-01-18 14:44 - 00000000 ____D () C:\Users\Siggi\AppData\Local\NETGEARGenie
2015-01-14 13:16 - 2015-01-14 13:16 - 00001849 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-01-14 13:15 - 2015-01-14 13:15 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2015-01-14 13:15 - 2015-01-14 13:15 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2015-01-14 13:15 - 2015-01-14 13:15 - 00035088 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-01-14 13:15 - 2015-01-14 13:15 - 00000000 ____D () C:\Program Files\NETGEAR Genie

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 13:41 - 2013-12-14 14:18 - 00000000 ____D () C:\FRST
2015-02-09 13:37 - 2008-01-21 09:24 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 13:35 - 2014-06-01 13:29 - 01641137 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 13:32 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 13:32 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 13:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Registration
2015-02-09 13:31 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 13:30 - 2013-04-13 11:11 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\vlc
2015-02-09 13:30 - 2006-11-02 14:00 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 08:06 - 2012-05-01 16:39 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Macromedia
2015-02-08 02:41 - 2014-08-06 08:42 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\uTorrent
2015-02-05 16:56 - 2014-12-18 14:22 - 00026558 _____ () C:\Users\Siggi\Desktop\lortoy sturrf.xlsx
2015-02-05 08:26 - 2012-05-26 16:43 - 00000000 ____D () C:\Windows\Minidump
2015-02-05 07:02 - 2014-07-09 02:58 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-02-03 10:04 - 2013-12-09 13:43 - 00000000 ____D () C:\AdwCleaner
2015-02-01 10:32 - 2013-09-25 06:32 - 00067056 _____ () C:\Users\Siggi\Desktop\New House water etc.xlsx
2015-01-31 05:24 - 2013-06-02 02:49 - 00000000 ____D () C:\Users\Siggi\AppData\Local\CrashDumps
2015-01-27 15:17 - 2012-05-06 06:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-27 15:04 - 2012-05-01 09:07 - 00000000 ____D () C:\Users\Siggi
2015-01-27 12:02 - 2012-05-01 17:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 11:41 - 2012-11-11 14:38 - 00000000 ____D () C:\Users\Siggi\Desktop\sigggis bits 2
2015-01-24 07:14 - 2014-08-10 10:17 - 00000000 ____D () C:\Users\Siggi\AppData\Local\Adobe
2015-01-23 03:42 - 2014-03-29 14:49 - 00000000 ____D () C:\Users\Siggi\Desktop\Old Firefox Data 01
2015-01-21 12:30 - 2014-09-30 13:11 - 00000000 ____D () C:\Users\Siggi\Desktop\New Folder
2015-01-19 05:03 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-19 04:22 - 2013-08-14 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-18 15:34 - 2014-12-31 09:50 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-18 15:17 - 2013-06-01 07:39 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Malwarebytes
2015-01-18 15:17 - 2013-05-25 13:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-17 08:48 - 2012-05-01 18:13 - 00000000 ____D () C:\Users\Siggi\Desktop\sturrf
2015-01-15 18:46 - 2012-06-08 03:18 - 00000000 ___RD () C:\Users\Siggi\Desktop\dwnlds
2015-01-15 14:53 - 2012-05-02 04:11 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2011

==================== Files in the root of some directories =======

2013-07-15 10:48 - 2013-07-15 10:49 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2012-05-01 09:07 - 2014-07-01 16:51 - 0000680 _____ () C:\Users\Siggi\AppData\Local\d3d9caps.dat
2012-05-26 19:45 - 2012-06-27 07:55 - 0009216 _____ () C:\Users\Siggi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-01 16:47 - 2012-05-01 16:47 - 0819798 _____ () C:\ProgramData\1335884456.bdinstall.bin
2012-09-10 10:41 - 2012-09-10 10:41 - 0596520 _____ () C:\ProgramData\1347269589.bdinstall.bin
2013-05-25 07:23 - 2013-05-25 07:23 - 0208815 _____ () C:\ProgramData\1369462956.bdinstall.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-09 13:38

==================== End Of Log ============================


Edited by Barnys, 09 February 2015 - 06:51 AM.

  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
The log looks good, how is the machine working?
  • 0

#10
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Thanks for the quick reply Biscuithd.

 

From what I can see/figure out your work has significantly cleaned a our buggy seytem, however I am guessing there must be something else wrong.

We are still seeing significant lags. 

Examples include, when opening new processes (e.g. several minutes for VLC to appear on the screen), the hibernate function sometimes hangs leaving the screen blank with the computer running indefinately, periods of very slow net access, firefox freezes and after being closed has some function(s) open for a frw minutes after the browser is closed and then there is the completely dissfunctional shockwave flash problem.

 

So, what to do now... Do you have any suggestions, what to do/where to ask?

 

Thanks for your help to date

 

 

Regards

 

 

 

 
  • 0

Advertisements


#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm going to have you run three more scans just to rule out every conceivable possibility. :)

 

gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

 

 

 

 Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click No.
  • Select Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!

 

 

 

Scan with RogueKiller

 

If you have any issues, let me know :thumbsup:


  • 0

#12
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

HI

The GMER and aswMBR scans worked without a problem (logs pasted below) but Rogue Killer wouldnt get past the initialising stage so no scan from that one.

I waited for about 15 mins and then gave up, once it was started I couldnt stop it without shutting the computer down. I tried re-downloading it but got the same result.

 

Yesterday I tried a test and had a go at running a MS Malicious Software Removal tool scan again.  It stalled at the same point as before; i.e. C:\System Volume Information\mountpointmanagerremotedatabase

 

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-11 16:20:25
-----------------------------
16:20:25.200    OS Version: Windows 6.0.6002 Service Pack 2
16:20:25.200    Number of processors: 2 586 0xF0D
16:20:25.202    ComputerName: A-PROBLEM  UserName: Siggi
16:20:41.191    Initialize success
16:20:41.559    VM: initialized successfully
16:20:41.567    VM: Intel CPU virtualization not supported
16:21:12.242    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:21:12.252    Disk 0 Vendor: ST3250310AS 3.AHA Size: 238475MB BusType: 3
16:21:12.456    Disk 0 MBR read successfully
16:21:12.465    Disk 0 MBR scan
16:21:12.469    Disk 0 unknown MBR code
16:21:12.479    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       192247 MB offset 63
16:21:12.483    Disk 0 Partition - 00     05     Extended             36065 MB offset 393723902
16:21:12.516    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10158 MB offset 467586000
16:21:12.542    Disk 0 Partition 3 00     83        Linux             31981 MB offset 393723904
16:21:12.546    Disk 0 Partition - 00     05     Extended              4084 MB offset 459220992
16:21:12.589    Disk 0 scanning sectors +488391120
16:21:12.824    Disk 0 scanning C:\Windows\system32\drivers
16:21:27.525    Service scanning
16:21:28.893    Service BHDrvx86 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx86.sys **LOCKED** 5
16:21:29.212    Service ccSet_NIS C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys **LOCKED** 5
16:21:30.038    Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
16:21:30.252    Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
16:21:31.400    Service IDSVix86 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150210.001\IDSvix86.sys **LOCKED** 5
16:21:32.809    Service NAVENG C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150210.038\NAVENG.SYS **LOCKED** 5
16:21:32.861    Service NAVEX15 C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150210.038\NAVEX15.SYS **LOCKED** 5
16:21:34.405    Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
16:21:35.498    Service SRTSPX C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS **LOCKED** 5
16:21:35.780    Service SymDS C:\Windows\system32\drivers\NIS\1506000.020\SYMDS.SYS **LOCKED** 5
16:21:35.849    Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
16:21:35.897    Service SymIRON C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS **LOCKED** 5
16:21:35.946    Service SYMTDIv C:\Windows\System32\Drivers\NIS\1506000.020\SYMTDIV.SYS **LOCKED** 5
16:21:38.972    Modules scanning
16:21:38.984    Disk 0 trace - called modules:
16:21:39.012    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
16:21:39.026    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ec60f0]
16:21:39.035    3 CLASSPNP.SYS[8b3c48b3] -> nt!IofCallDriver -> [0x856a58c8]
16:21:39.045    5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8569b528]
16:21:39.055    Disk 0 statistics 64110/0/0 @ 2,13 MB/s
16:21:39.070    Scan finished successfully
16:22:52.540    Disk 0 MBR has been saved successfully to "C:\Users\Siggi\Desktop\MBR.dat"
16:22:52.551    The log file has been saved successfully to "C:\Users\Siggi\Desktop\aswMBR.txt"

 

 

 

 

 

 

 

 

 

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-02-11 16:19:43
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250310AS rev.3.AHA 232,89GB
Running: eeqef0sv.exe; Driver: C:\Users\Siggi\AppData\Local\Temp\fwlyapob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwAdjustPrivilegesToken [0x96541780]
SSDT            86C1B4E8                                 ZwAlertResumeThread
SSDT            86C1B580                                 ZwAlertThread
SSDT            86C1C8A8                                 ZwAllocateVirtualMemory
SSDT            86B0A9D0                                 ZwAlpcConnectPort
SSDT            86C1FB10                                 ZwAssignProcessToJobObject
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwConnectPort [0x96544B20]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwCreateFile [0x96543DA0]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwCreateKey [0x96541410]
SSDT            86C1B310                                 ZwCreateMutant
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwCreatePort [0x96544E70]
SSDT            86C1F908                                 ZwCreateSymbolicLinkObject
SSDT            86C1A548                                 ZwCreateThread
SSDT            86C1FCB8                                 ZwDebugActiveProcess
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwDeleteKey [0x96543620]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwDeleteValueKey [0x96543780]
SSDT            86D7CD80                                 ZwDuplicateObject
SSDT            86C1F130                                 ZwFreeVirtualMemory
SSDT            86C1B3B8                                 ZwImpersonateAnonymousToken
SSDT            86C1B450                                 ZwImpersonateThread
SSDT            86B0A958                                 ZwLoadDriver
SSDT            86C1F078                                 ZwMapViewOfSection
SSDT            86C1B278                                 ZwOpenEvent
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwOpenFile [0x965440A0]
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwOpenKey [0x96541210]
SSDT            86C1D770                                 ZwOpenProcess
SSDT            86C1C930                                 ZwOpenProcessToken
SSDT            86C1B188                                 ZwOpenSection
SSDT            86C1D6E8                                 ZwOpenThread
SSDT            86C1FA68                                 ZwProtectVirtualMemory
SSDT            86C1F860                                 ZwQueueApcThread
SSDT            86C1F7B8                                 ZwReadVirtualMemory
SSDT            86C1B618                                 ZwResumeThread
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwSecureConnectPort [0x96544CC0]
SSDT            86C1B7E0                                 ZwSetContextThread
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwSetInformationFile [0x96544450]
SSDT            86C1B878                                 ZwSetInformationProcess
SSDT            86C1FE70                                 ZwSetSystemInformation
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwSetValueKey [0x96543450]
SSDT            86C1B1E0                                 ZwSuspendProcess
SSDT            86C1B6B0                                 ZwSuspendThread
SSDT            86E979E0                                 ZwTerminateProcess
SSDT            86C1B748                                 ZwTerminateThread
SSDT            86C1B920                                 ZwUnmapViewOfSection
SSDT            86C1F1B8                                 ZwWriteVirtualMemory
SSDT            86C1F9B0                                 ZwCreateThreadEx
SSDT            \SystemRoot\system32\DRIVERS\pwipf6.sys  ZwCreateUserProcess [0x965446B0]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 119            822C4764 12 Bytes  [80, 17, 54, 96, E8, B4, C1, ...]
.text           ntkrnlpa.exe!KeSetEvent + 131            822C477C 4 Bytes  [A8, C8, C1, 86]
.text           ntkrnlpa.exe!KeSetEvent + 13D            822C4788 4 Bytes  [D0, A9, B0, 86]
.text           ntkrnlpa.exe!KeSetEvent + 191            822C47DC 4 Bytes  [10, FB, C1, 86]
.text           ntkrnlpa.exe!KeSetEvent + 1C1            822C480C 4 Bytes  [20, 4B, 54, 96] {AND [EBX+0x54], CL; XCHG ESI, EAX}
.text           ...                                      

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                  SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\Tcp                  pwipf6.sys
AttachedDevice  \Driver\tdx \Device\Udp                  SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\Udp                  pwipf6.sys
AttachedDevice  \Driver\tdx \Device\RawIp                SYMTDIV.SYS
AttachedDevice  \Driver\tdx \Device\RawIp                pwipf6.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                    unknown MBR code

---- EOF - GMER 2.1 ----
 


  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I waited for about 15 mins and then gave up, once it was started I couldnt stop it without shutting the computer down. I tried re-downloading it but got the same result.

It is possible that RK was still working. There are times when it's takes that long or longer to do it's job. It is quite robust and has much to do.

 

Try this...

 

Reboot

Stop all Protection Programs

Run RK as described

If after 30 minutes, there is no progress or activity, then force a reboot and try the same in Safe Mode.


  • 0

#14
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

:smashcomp:  Norton again.. all sorted now.

 

When I dissabled Nortion I gave it an hour before it auto-restarted its Real Time Protection... guess what was causing the problem with Root Killer loading :oops:

 

Anyway... It was a simple task once Norton was not interferring...

 

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Siggi [Administrator]
Mode : Scan -- Date : 02/11/2015  17:25:34

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.Proxy] HKEY_USERS\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 36 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x86df2590
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x86df2628
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x86cb88b0
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x86a0e4f0
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x86c77fd0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x86df23b8
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x86c77dc8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x86c0a040
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x86df20a0
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x86b3e398
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x86df2b18
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x86df2460
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x86df24f8
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x868f1380
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x86df2a60
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x86df2320
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x86b3e468
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x86f0d9f0
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x86df21f0
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x86b3e420
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x86c77f28
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x86c77d20
[SSDT:Addr(Hook.SSDT)] NtReadVirtualMemory[261] : Unknown @ 0x86c77c78
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x86df26c0
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x86df2888
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x86df2920
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x86df2138
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x86df2288
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x86df2758
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x86bdf980
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x86df27f0
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x86df29c8
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x86cb87e8
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x86c77e70
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x87872d50
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x87871308

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] fdff0413f6057589f1bc53ee4051ada8
[BSP] 24803d242441969940a3213fd36f5f35 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 192247 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 393723902 | Size: 36065 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 467586000 | Size: 10158 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 


Edited by Barnys, 11 February 2015 - 10:33 AM.

  • 0

#15
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Excellent!

 

Similar instructions to previous step, but this time you will find a Delete Button. Please delete everything, on all the tabs. When you're done, please reboot and then run it again as previously done (just scan) and post the log for me. Also, re-run FRST and post both of those logs too. xthumbsup.gif.pagespeed.ic.7aXFW0A4z_RIS

 


RogueKiller.png Fix with RogueKiller
 
Please re-run RogueKiller.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Upon completion, the Delete button will become available. Click it.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply. 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP