Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think we have an infection (or two) [Solved]


  • This topic is locked This topic is locked

#46
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

The Java was a precaution. Good that you don't have it. Java is almost always the #1 exploited item on PC's. Home users as well as in the work place.

 

Sounds like everything else is good? Anything else I do for you? :)


  • 0

Advertisements


#47
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Hi

Things appear to be working well, thanks for your efforts.

WinPatrol alerted me to a change which turned out to be connected to some nonsense associated with something called SPIGOT.  I uninstalled search protection, hopefully that has dealt with it :-)

Now I think I will look at ways to clean the machine.  I had a look at the options in CCleaner and there is rubbish dating back years.  Unfortunately I will need some more knowledge; I don’t know how far I can go with CCleaners settings. Do you have any suggestions about where to start?

 

Again, thank you for taking the time to help

 

Regards.


  • 0

#48
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I would not recommend cccleaner. Not a fan at all!

 

I'm not connecting the dots here, what exactly are your looking to "clean"? Are you looking for a general purpose scanner that will remove low lever nonsense and browser left overs, etc.? If so try  ESET. If I've completely missed what you are asking, please ask me again ;)

 

Here are the canned with general instructions.

 

ESET Online Scanner

 

 

 


  • 0

#49
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi
I have used cleaner to remove the nonsense left from day to day use, mostly browser related rubbish.
In never changed the settings and used it about once a week.
A couple of days ago I scanned the registry (but didn't do anything more) and saw a huge list of what ccleaner considered rubbish. Most didn't mean anything to me but i did recognise some which included norton, bitdefender (which hasnt been installed for many years) and some other files that i have no memory of installing. So I was wondering about cleaning all the computer flotsam and jetsam

I am now trying ESET, it has only just started and has already found 4 threats.

I am not using the computer while it is scanning, Smartphones are usefully :-)

Regards.
  • 0

#50
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

And, the results of ESET? :)


  • 0

#51
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi
Sorry for the delay.
We recently had another blue screen §$%&ß.  While that is annoying enough when the computer was restarted and Firefox recovered all the open tabs there was another/new tab which connected to an address but didn’t load any text/images. Also when the new tab opened something attempted a download.  I don’t know what was happening but the address the tab connected to was  http://kingsdowns.com/hehe/js/de/index.html?kw1=xad220-gbusdeca-300-js-ln&kw2=flv-de-apx&id=94&q=b5fb7561-f040-47bb-a7f0-4071afff3374 and the download was coming from the helpfully named       http://axhjaxwjz.kze4hrhh.com
 
 
I have since rerun ESET and when compared to the first scan it found one more threat. Here is the second scans log.
 
 
C:\ProgramData\InstallMate\{9164A648-D0E0-42F6-A01D-98C24A8784BE}\_Setupx.dll    a variant of Win32/InstalleRex.U potentially unwanted application
C:\ProgramData\InstallMate\{C468F44B-7AE0-4EC3-AC28-32C21F8BD6BD}\_Setupx.dll    a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\All Users\InstallMate\{9164A648-D0E0-42F6-A01D-98C24A8784BE}\_Setupx.dll    a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\All Users\InstallMate\{C468F44B-7AE0-4EC3-AC28-32C21F8BD6BD}\_Setupx.dll    a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\Button.exe    Win32/Toolbar.Widgi.H potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\Button64.exe    Win64/Toolbar.Widgi.D potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\ButtonWrap.dll    Win32/Toolbar.Widgi.H potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\ButtonWrap64.dll    Win64/Toolbar.Widgi.D potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\Coupons64.dll    a variant of Win64/Toolbar.Widgi.D potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\coupons_3.2.xpi    JS/Adware.Spigot.A application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\saamazon_1.7.xpi    JS/Adware.Spigot.A application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\saebay_1.7.xpi    JS/Adware.Spigot.A application
C:\Users\Siggi\AppData\Roaming\Search Protection\SP.exe    a variant of Win32/Toolbar.Widgi.J potentially unwanted application
C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\CCleaner\ccsetup503.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\flv to mp3\flvtomp3_setup-26569489.exe    a variant of Win32/WinWrapper.A potentially unwanted application
C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\flv to mp3\flvtomp3_setup.exe    a variant of Win32/InstallCore.UN potentially unwanted application
C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\Realtek\cnet2_32bit_Vista_Win7_R268_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Siggi\Desktop\znalrm firewall\zafwSetupWeb_133_209_000.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Siggi\Desktop\Zopo\aroma installer rom\MIUI_ZOPO_4.8.29_multilang.zip    a variant of Android/Umpay.F potentially unsafe application
C:\Users\Siggi\Desktop\Zopo\Zp990 4.4.2\zopo_kitkat_1.0.7.zip    Android/KingRoot.B potentially unsafe application
 
 
 
Regards
  • 0

#52
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Sorry, I've been very I'll. Will try and respond tonite or tomorrow.
  • 0

#53
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Hi

Sorry to hear you have been ill.

 

I thought a more recent scan may be more helpful, I have rerun ESET

 

 

C:\ProgramData\InstallMate\{9164A648-D0E0-42F6-A01D-98C24A8784BE}\_Setupx.dll    a variant of Win32/InstalleRex.U potentially unwanted application
C:\ProgramData\InstallMate\{C468F44B-7AE0-4EC3-AC28-32C21F8BD6BD}\_Setupx.dll    a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\All Users\InstallMate\{9164A648-D0E0-42F6-A01D-98C24A8784BE}\_Setupx.dll    a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\All Users\InstallMate\{C468F44B-7AE0-4EC3-AC28-32C21F8BD6BD}\_Setupx.dll    a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\Button.exe    Win32/Toolbar.Widgi.H potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\Button64.exe    Win64/Toolbar.Widgi.D potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\ButtonWrap.dll    Win32/Toolbar.Widgi.H potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\ButtonWrap64.dll    Win64/Toolbar.Widgi.D potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\Coupons64.dll    a variant of Win64/Toolbar.Widgi.D potentially unwanted application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\coupons_3.2.xpi    JS/Adware.Spigot.A application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\saamazon_1.7.xpi    JS/Adware.Spigot.A application
C:\Users\Siggi\AppData\Roaming\Browser Extensions\saebay_1.7.xpi    JS/Adware.Spigot.A application
C:\Users\Siggi\Desktop\flash stuff\mtkdroidtools\MtkDroidTools_v253.exe    multiple threats
C:\Users\Siggi\Desktop\flash stuff\mtkdroidtools\MTK_Droid_Tools_253.rar    multiple threats
C:\Users\Siggi\Desktop\flash stuff\mtkdroidtools\MtkDroidTools\files\pwn    Android/Exploit.Lotoor.EP trojan
C:\Users\Siggi\Desktop\flash stuff\mtkdroidtools\MtkDroidTools\files\zR    Android/Exploit.Lotoor.DH trojan
C:\Users\Siggi\Desktop\Geeks to Go Forum\znalrm firewall\zafwSetupWeb_133_209_000.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\CCleaner\ccsetup503.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\flv to mp3\flvtomp3_setup-26569489.exe    a variant of Win32/WinWrapper.A potentially unwanted application
C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\flv to mp3\flvtomp3_setup.exe    a variant of Win32/InstallCore.UN potentially unwanted application
C:\Users\Siggi\Desktop\sturrf\This computer and related stuff\Realtek\cnet2_32bit_Vista_Win7_R268_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Siggi\Desktop\Zopo\aroma installer rom\MIUI_ZOPO_4.8.29_multilang.zip    a variant of Android/Umpay.F potentially unsafe application
C:\Users\Siggi\Desktop\Zopo\Zp990 4.4.2\zopo_kitkat_1.0.7.zip    Android/KingRoot.B potentially unsafe application
 

 

 

Regards


Edited by Barnys, 24 March 2015 - 01:39 AM.

  • 0

#54
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

It looks like something is filling up our C drive.

My poor brain is struggling a bit but I am fairly certain we have somehow gained more than 20gb of... something.

I can’t figure what’s happening but we are now down to about 6GB free space.

 

Regards.


Edited by Barnys, 24 March 2015 - 05:39 AM.

  • 0

#55
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's have a look at a scan with this tool.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


  • 0

Advertisements


#56
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Hi

Here are the results of the Farbar scan.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Siggi (administrator) on A-PROBLEM on 25-03-2015 03:41:25
Running from C:\Users\Siggi\Desktop\frst 25.03
Loaded Profiles: Siggi (Available profiles: Siggi)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: German (Germany)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Ruiware LLC) C:\Program Files\WinPatrol\WinPatrol\WinPatrol.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [WinPatrol] => C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
Startup: C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2689138593-1012205953-2850960868-1000] => localhost:8080
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> DefaultScope {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://de.search.yah...}&fr=chr-comodo
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-05] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF99C9F5-B28A-4BB4-9500-B9F69C08AB23}: [NameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://duckduckgo.com/
FF Keyword.URL: https://de.search.ya...&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: NetVideoHunter - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\[email protected] [2015-03-16]
FF Extension: FoxClocks - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2015-02-26]
FF Extension: Ghostery - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\[email protected] [2015-02-26]
FF Extension: Self-Destructing Cookies - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\[email protected] [2015-02-26]
FF Extension: Status-4-Evar - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\[email protected] [2015-02-26]
FF Extension: Adblock Plus - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26]
FF Extension: BetterPrivacy - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-05]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-05] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-05] (Avast Software)
S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 OAcat; "C:\Program Files\Online Armor\OAcat.exe" [X]
S3 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-05] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-05] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-15] (GFI Software)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-05] (Avast Software)
S3 w200bus; C:\Windows\System32\DRIVERS\w200bus.sys [61504 2006-11-07] (MCCI)
S3 w200mdfl; C:\Windows\System32\DRIVERS\w200mdfl.sys [9328 2006-11-07] (MCCI)
S3 w200mdm; C:\Windows\System32\DRIVERS\w200mdm.sys [97056 2006-11-07] (MCCI)
S3 w200mgmt; C:\Windows\System32\DRIVERS\w200mgmt.sys [88560 2006-11-07] (MCCI)
S3 w200obex; C:\Windows\System32\DRIVERS\w200obex.sys [86368 2006-11-07] (MCCI)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OADevice; \??\C:\Windows\system32\drivers\OADriver.sys [X]
S1 oahlpXX; \??\C:\Windows\system32\drivers\oahlp32.sys [X]
S1 OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 03:41 - 2015-03-25 03:41 - 00000000 ____D () C:\FRST
2015-03-25 02:53 - 2015-03-25 03:41 - 00000000 ____D () C:\Users\Siggi\Desktop\frst 25.03
2015-03-21 05:44 - 2015-03-21 05:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-19 10:28 - 2015-03-19 10:31 - 00000000 ____D () C:\Users\Siggi\Desktop\MTK-TWRP
2015-03-18 13:31 - 2015-03-18 13:31 - 00000000 ____D () C:\Users\Siggi\Desktop\CWM Magic
2015-03-17 14:34 - 2015-03-19 10:31 - 00000000 ____D () C:\Users\Siggi\Desktop\flash stuff
2015-03-17 14:28 - 2015-03-18 14:09 - 00000000 ____D () C:\Users\Siggi\Desktop\ehel
2015-03-17 13:21 - 2015-03-17 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2015-03-17 13:21 - 2015-03-17 13:21 - 00000000 ____D () C:\Program Files\PdaNet for Android
2015-03-17 09:08 - 2015-03-17 09:08 - 01344510 _____ () C:\Users\Siggi\Desktop\Desktop Background2.bmp
2015-03-17 09:05 - 2015-03-17 09:05 - 01344510 _____ () C:\Users\Siggi\Desktop\Desktop Background1.bmp
2015-03-17 08:10 - 2011-11-25 00:26 - 00013440 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys
2015-03-14 06:00 - 2015-03-14 06:00 - 00000000 ____D () C:\Program Files\ESET
2015-03-14 04:30 - 2015-03-14 04:30 - 00077784 _____ () C:\Users\Siggi\Desktop\registry.txt
2015-03-11 02:35 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 02:33 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 02:32 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 02:22 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 02:22 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 02:21 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 02:21 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 02:21 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 02:21 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 02:20 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 02:19 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 02:19 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 02:18 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 02:13 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 02:13 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 02:13 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 02:13 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 02:13 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 02:13 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 02:13 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 02:13 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 02:13 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 02:13 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 02:13 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 02:13 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 02:13 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 02:13 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 02:13 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 02:13 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 02:13 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-08 19:00 - 2015-03-08 19:03 - 00000000 ____D () C:\AdwCleaner
2015-03-08 09:55 - 2015-03-08 09:55 - 00000165 ____H () C:\Users\Siggi\Desktop\~$Checklist Test.xlsx
2015-03-08 05:33 - 2015-03-08 05:59 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\WinPatrol
2015-03-08 05:33 - 2015-03-08 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-03-08 05:33 - 2015-03-08 05:33 - 00000000 ____D () C:\Program Files\WinPatrol
2015-03-08 05:29 - 2015-03-22 10:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 05:29 - 2015-03-21 05:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 05:29 - 2015-03-21 05:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-08 05:29 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 05:29 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 05:29 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 04:54 - 2015-03-08 04:54 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-08 04:53 - 2015-03-08 04:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-08 04:53 - 2015-03-08 04:53 - 00000000 ____D () C:\Program Files\Adobe
2015-03-08 04:45 - 2015-03-08 04:45 - 00001839 _____ () C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-03-08 04:45 - 2015-03-08 04:45 - 00000000 ____D () C:\Program Files\FileHippo.com
2015-03-05 03:54 - 2015-03-05 03:55 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-05 03:54 - 2015-03-05 03:54 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\AVAST Software
2015-03-05 03:54 - 2015-03-05 03:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-05 03:53 - 2015-03-05 03:53 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-05 03:53 - 2015-03-05 03:53 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-05 03:53 - 2015-03-05 03:53 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-05 03:49 - 2015-03-05 03:49 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-05 03:47 - 2015-03-05 03:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-03 05:25 - 2015-03-03 05:25 - 00001977 _____ () C:\DelFix.txt
2015-02-28 05:46 - 2015-02-28 05:46 - 00000000 ____D () C:\Users\Siggi\AppData\Local\SkinSoft
2015-02-28 05:45 - 2015-03-22 13:17 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Search Protection
2015-02-28 05:45 - 2015-02-28 05:45 - 04224745 _____ ( ) C:\Users\Siggi\Downloads\flvtomp3_setup [1].exe
2015-02-28 03:05 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-28 03:01 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-28 03:01 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-26 13:31 - 2015-03-12 13:19 - 00000000 ____D () C:\Users\Siggi\Desktop\dwnldr
2015-02-26 13:24 - 2015-02-26 14:00 - 00000000 ____D () C:\Users\Siggi\Desktop\Old Firefox Data
2015-02-26 12:27 - 2015-02-26 12:27 - 00000000 ____D () C:\Users\Siggi\Downloads\The Munsters Season 2(Dvd)
2015-02-26 12:17 - 2015-02-26 12:17 - 00000000 ____D () C:\Users\Siggi\Downloads\The Waltons Season 3
2015-02-26 04:44 - 2015-03-04 17:57 - 00000000 ____D () C:\Users\Siggi\dwhelper

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 03:26 - 2015-01-24 07:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 03:02 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 03:02 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 02:02 - 2014-06-01 13:29 - 01325295 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 01:02 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 18:17 - 2013-04-13 11:11 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\vlc
2015-03-24 12:27 - 2006-11-02 14:00 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-24 10:18 - 2015-01-31 05:23 - 00000000 ____D () C:\Users\Siggi\Desktop\Geeks to Go Forum
2015-03-23 05:21 - 2008-01-21 09:24 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 16:43 - 2014-12-18 14:22 - 00050987 _____ () C:\Users\Siggi\Desktop\lortoy sturrf.xlsx
2015-03-22 11:25 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2015-03-21 10:35 - 2012-05-01 16:39 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Macromedia
2015-03-21 10:26 - 2012-05-01 17:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-21 09:59 - 2012-05-26 16:43 - 00000000 ____D () C:\Windows\Minidump
2015-03-17 13:24 - 2012-05-01 09:07 - 00000000 ____D () C:\Users\Siggi
2015-03-14 04:38 - 2015-01-24 07:15 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 04:38 - 2015-01-24 07:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-14 04:32 - 2012-05-01 18:10 - 00000000 ____D () C:\Users\Siggi\AppData\Local\Thunderbird
2015-03-14 04:32 - 2012-05-01 18:09 - 00001808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-14 04:31 - 2014-06-18 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-11 18:48 - 2006-11-02 11:24 - 119837704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-11 02:40 - 2006-11-02 13:46 - 00397080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 02:34 - 2012-05-02 03:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 02:32 - 2013-08-14 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-08 18:52 - 2013-06-02 02:49 - 00000000 ____D () C:\Users\Siggi\AppData\Local\CrashDumps
2015-03-08 06:00 - 2015-02-02 11:56 - 00000000 ____D () C:\Users\Siggi\Desktop\Zopo
2015-03-08 05:59 - 2015-01-14 13:16 - 00000000 ____D () C:\Users\Siggi\AppData\Local\NETGEARGenie
2015-03-08 05:57 - 2012-05-27 04:14 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-08 05:33 - 2012-12-17 05:45 - 00000000 ____D () C:\ProgramData\InstallMate
2015-03-08 05:22 - 2012-05-27 04:15 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-08 05:22 - 2012-05-27 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-08 05:16 - 2012-05-01 17:01 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-08 05:04 - 2012-05-04 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-08 05:04 - 2012-05-04 06:54 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-08 05:01 - 2012-05-02 02:58 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Audacity
2015-03-08 05:00 - 2012-05-02 11:08 - 00000822 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-08 05:00 - 2012-05-02 11:08 - 00000000 ____D () C:\Program Files\Audacity
2015-03-08 04:53 - 2012-05-01 19:29 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-08 04:33 - 2014-08-10 10:17 - 00000000 ____D () C:\Users\Siggi\AppData\Local\Adobe
2015-03-05 07:02 - 2015-01-21 13:03 - 00000000 ____D () C:\Users\Siggi\Desktop\excel rstr
2015-03-01 14:42 - 2012-05-01 18:13 - 00000000 ____D () C:\Users\Siggi\Desktop\sturrf
2015-03-01 09:32 - 2012-05-06 06:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-01 05:23 - 2013-09-25 06:32 - 00067333 _____ () C:\Users\Siggi\Desktop\New House water etc.xlsx
2015-02-28 11:16 - 2014-04-23 02:47 - 00000000 ____D () C:\Users\dub_cm_auto
2015-02-28 11:16 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-02-28 11:16 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-28 11:15 - 2015-02-13 12:30 - 00000000 ____D () C:\Windows\erdnt
2015-02-28 11:11 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-02-28 11:09 - 2006-11-02 11:22 - 43515904 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 42729472 _____ () C:\Windows\system32\config\COMPON~2.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 22544384 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 00065536 _____ () C:\Windows\system32\config\SAM.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 00020480 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-28 05:59 - 2012-11-11 14:38 - 00000000 ____D () C:\Users\Siggi\Desktop\sigggis bits 2
2015-02-27 11:32 - 2015-02-11 16:24 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-27 10:27 - 2013-05-26 12:22 - 00000000 ____D () C:\ProgramData\Norton
2015-02-26 12:51 - 2014-08-06 08:42 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\uTorrent
2015-02-24 10:01 - 2013-08-14 14:55 - 00000028 _____ () C:\Windows\ODBC.INI
2015-02-24 04:23 - 2012-05-01 11:19 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-07-15 10:48 - 2013-07-15 10:49 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2012-05-01 09:07 - 2014-07-01 16:51 - 0000680 _____ () C:\Users\Siggi\AppData\Local\d3d9caps.dat
2012-05-26 19:45 - 2012-06-27 07:55 - 0009216 _____ () C:\Users\Siggi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 01:11

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Siggi at 2015-03-25 03:42:25
Running from C:\Users\Siggi\Desktop\frst 25.03
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DriverNavigator 3.4.5 (HKLM\...\DriverNavigator_is1) (Version: 3.4.5.0 - Easeware)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 en-GB)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
PdaNet+ for Android 4.17 (HKLM\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.20 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.20 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-GB) (Version: 10.0.4600.20 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

03-03-2015 05:25:45 Ende der Bereinigung
05-03-2015 03:49:13 avast! antivirus system restore point
05-03-2015 08:37:41 Windows Update
08-03-2015 04:51:31 Installed Adobe Reader XI.
11-03-2015 01:59:04 Windows Update
11-03-2015 02:13:49 Windows Update
17-03-2015 08:11:45 Gerätetreiber-Paketinstallation: June Fabrics Technology Inc. Netzwerkadapter
17-03-2015 13:23:29 Gerätetreiber-Paketinstallation: Google USB Android Device
18-03-2015 03:47:11 Windows Update
21-03-2015 06:20:22 Windows Update
24-03-2015 07:59:17 Geplanter Prüfpunkt
25-03-2015 01:12:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2015-02-28 11:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {026DAB5C-7B7D-414E-ABFA-004A5C7A4904} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe
Task: {2F05D630-5494-49E9-A901-9AEA75A9EE2E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-05] (Avast Software s.r.o.)
Task: {2F20F7BD-4A96-479B-8351-6D6C2952023D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {6A0844CA-8F71-4EE7-8046-C053FE70B6C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2012-02-13] (TuneUp Software)
Task: {6E17CC6E-BF42-4AF6-9B3A-5D5E91C66B41} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {84FE9520-67D7-4B21-A7F8-B2E772A0AA83} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {B71D39B3-FCB1-4C87-8489-201AA074BB4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6} - System32\Tasks\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A} => pcalua.exe -a "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs\VisualBasic6-KB896559-v1-ENU.exe" -d "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs"
Task: {BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834} - \DriverNavigator Scheduled Scan No Task File <==== ATTENTION
Task: {C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D} - System32\Tasks\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0} => pcalua.exe -a C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver\install_driver.exe -d C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver
Task: {D8602925-8654-48C3-815C-676E550EE430} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F900BE6D-F432-4F0E-9A29-91294DB7AD26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {FAB7A746-36D9-41B6-BEA6-930E66490098} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-05 03:53 - 2015-03-05 03:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-05 03:53 - 2015-03-05 03:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-24 10:43 - 2015-03-24 10:43 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032400\algo.dll
2015-03-25 01:03 - 2015-03-25 01:03 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\15032401\algo.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2015-03-05 03:53 - 2015-03-05 03:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 10:46 - 2014-11-17 10:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 08:36 - 2014-11-05 08:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 08:37 - 2014-11-05 08:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 11:53 - 2014-11-14 11:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2014-06-30 03:05 - 2014-06-30 03:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2014-11-07 10:13 - 2014-11-07 10:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 21:27 - 2012-10-15 21:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 08:00 - 2014-11-17 08:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 09:39 - 2014-09-11 09:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 08:51 - 2014-11-05 08:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 07:21 - 2014-11-17 07:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 07:18 - 2014-11-17 07:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 10:39 - 2014-11-06 10:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 08:58 - 2014-11-05 08:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 09:00 - 2014-11-05 09:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 09:23 - 2014-11-03 09:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 08:59 - 2014-11-05 08:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 09:01 - 2014-11-05 09:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-30 03:33 - 2014-06-30 03:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2015-01-27 13:18 - 2015-01-27 13:18 - 02926800 _____ () C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
2015-03-17 13:21 - 2015-01-02 10:19 - 01054520 _____ () C:\Program Files\PdaNet for Android\PdaNetPC.exe
2014-11-06 16:28 - 2014-11-06 16:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2015-02-27 15:21 - 2015-02-27 15:21 - 00140568 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 02628888 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00551192 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00039192 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00037144 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00083736 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00075544 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 02155800 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00111384 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00240920 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00086808 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00053016 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00069400 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00591128 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00768792 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00128792 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00049944 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00020760 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00137496 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01563928 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00330008 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01261336 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00066840 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00045848 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 11994904 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00125208 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00678680 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00134424 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00027416 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00023832 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00020760 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00043800 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00034072 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00341784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00154904 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00751896 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00028952 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00086296 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00029464 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00037656 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00027416 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00075544 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00042264 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00023320 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025880 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00032536 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00034584 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00022808 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00258328 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00024344 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00301848 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01288472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025880 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00034072 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00049432 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00448792 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00033048 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01546520 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00353560 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00019736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00024344 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00137496 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00173848 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00064792 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01501976 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00019736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00020248 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00026904 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00019736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00031512 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00057112 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
2015-03-14 04:38 - 2015-03-14 04:38 - 16858288 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00236824 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Siggi\Pictures\New Picture.bmp
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Search Protection => "C:\Users\Siggi\AppData\Roaming\Search Protection\SP.EXE" /autostart

==================== Accounts: =============================

Administrator (S-1-5-21-2689138593-1012205953-2850960868-500 - Administrator - Disabled)
Gast (S-1-5-21-2689138593-1012205953-2850960868-501 - Limited - Disabled)
Siggi (S-1-5-21-2689138593-1012205953-2850960868-1000 - Administrator - Enabled) => C:\Users\Siggi

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2015 01:02:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2015 00:28:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2015 09:38:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/23/2015 09:38:11 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/23/2015 00:55:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\DESKTOP\FOLDERS\ORISHAS\WWWWWWWWWWWWW.WWW> in the hash map cannot be updated.

Kontext:  Anwendung, SystemIndex Katalog


Details:
    Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 00:55:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\DESKTOP\FOLDERS\ORISHAS\VVVVVVVVVVVVV.VVV> in the hash map cannot be updated.

Kontext:  Anwendung, SystemIndex Katalog


Details:
    Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 00:55:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\DESKTOP\FOLDERS\ORISHAS\SSSSSSSSSSSSS.SSS> in the hash map cannot be updated.

Kontext:  Anwendung, SystemIndex Katalog


Details:
    Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 00:55:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\DESKTOP\FOLDERS\ORISHAS\RRRRRRRRRRRRR.RRR> in the hash map cannot be updated.

Kontext:  Anwendung, SystemIndex Katalog


Details:
    Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 00:55:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\DESKTOP\FOLDERS\ORISHAS\QQQQQQQQQQQQQ.QQQ> in the hash map cannot be updated.

Kontext:  Anwendung, SystemIndex Katalog


Details:
    Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 00:55:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\DESKTOP\FOLDERS\ORISHAS\PPPPPPPPPPPPP.PPP> in the hash map cannot be updated.

Kontext:  Anwendung, SystemIndex Katalog


Details:
    Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (03/25/2015 01:04:46 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/25/2015 01:02:30 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon

Error: (03/25/2015 01:02:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NETGEARGenieDaemon%%1053

Error: (03/25/2015 01:02:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000NETGEARGenieDaemon

Error: (03/25/2015 01:02:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Online Armor Helper Service%%3

Error: (03/25/2015 01:02:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:17:36 p.m. on 24/03/2015 was unexpected.

Error: (03/24/2015 00:32:21 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/24/2015 00:28:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon

Error: (03/24/2015 00:28:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NETGEARGenieDaemon%%1053

Error: (03/24/2015 00:28:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000NETGEARGenieDaemon


Microsoft Office Sessions:
=========================
Error: (10/22/2014 01:52:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 107 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/13/2014 05:46:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 90 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/24/2013 09:48:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-03-25 03:42:17.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-25 03:42:16.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-25 03:42:15.648
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-25 03:42:14.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-25 03:42:13.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-25 03:42:12.739
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-25 03:42:11.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-25 03:42:10.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 11:06:57.136
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-22 11:06:56.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 57%
Total physical RAM: 3316.27 MB
Available physical RAM: 1402.1 MB
Total Pagefile: 6876.52 MB
Available Pagefile: 4811.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.54 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:187.74 GB) (Free:5.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.92 GB) (Free:0.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.2 GB) - (Type=05)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#57
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi there :)

 

Ok, there are a number of things going on with your computer. Some are concerning and some not at all. Let me see if I can separate them and explain them.

 

First, from a Malware perspective I do not believe that you have anything Active and Running on your computer. Let me clarify. In general (keep in mind there are always exceptions to what I'm about to write) you need two "pieces" to make Malware work. The first is the Malware itself and the second is a "loading point". Generally, the loading point is in the Registry. So, if I have Malware "A" which is a file on your computer, unless and until something "invokes it", it's nothing but an inert file of potential problems. Same with a Malware Registry entry. Absent the file of Malware, the Registry entry can't do much.

 

In your ESET scans you are seeing what we call Remnants of infections. Inert leftovers. Feel free to run ESET again and when it detects these Remnants, instruct ESET to Remove them. 

 

Next, I am still seeing errors that lead me to believe that your Hard Drive is starting to fail or you have an issue with your Windows installation. You and I previously chased the Disk Issue and frankly I don't think I helped you much there. So, I'd like you to open a Topic on the Hardware Board here. If your disk and hardware checks out ok there, your next stop should be the Operating System Board here.

 

Last, CCLeaner or any Registry Cleaner. You and I have chatted before about this. Let me clip in some sage wisdom from my peers here at G2G. Honestly, I've seen more broken Registry's from Cleaners than I have Registry's that have been helped.

 

A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.
We do not suggest the use of any registry cleaner for the reason stated above. There are programs that can do the job better without touching the registry. 

 

If you have any questions, let me know. :)


  • 0

#58
Barnys

Barnys

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts

Hi Biscuithd

 

Thanks for the Malware clarification/explanation and cleaning input.

I have posted in the Hardware, components and Peripherals page under the title  Potential Hard Disk Issues.

 

I have always been careful to not fossick about in the registry (either manually or with any installed process) and I don’t think I will start now :-) . 

 

Regards.


Edited by Barnys, 26 March 2015 - 12:13 AM.

  • 0

#59
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP