Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Something is filling our C drive [Solved]

Started by Barnys , Mar 27 2015 08:37 PM

This topic is locked

#1
Barnys

Posted 27 March 2015 - 08:37 PM

Member

Member
51 posts

Hi
We have a Vista Ultimate x32 desktop with 4GB of ram.

We have trying to resolve some issues with our computer. For the complete history please see the thread "I think we have an infection (or two)" http://www.geekstogo...fection-or-two/

The person helping us suggested the Hard Drive may be failing and/or there is a problem with the Windows installation so I posted The question titled Potential Hard Disk issues http://www.geekstogo.com/forum/topic/349243-potential-hard-disk-issues/
The result being our Hard Drive is not critical, but is in danger of failing.

So it appears we need an upgrade :-), however there appears to be a more pressing issue of our C drive progressively filling with "something".
A couple of weeks ago I noticed the C drive didn’t have the free space I thought I should have and so I intermittently checked its free capacity. Long story made short, we have lost many GBs of capacity to the extent we now only have 1.6Gbs of free space.
I have started tracking the loss as best as I can and we have (somehow) lost 6-6.5Gbs since Tuesday the 24th.

I don’t know if this is relevant but on 17.03 we had a blue screen, when the computer was restarted and Firefox recovered all the open tabs there was another/new tab which connected to an address but didn’t load any text/images and there was an attempt to download something. I don’t know what was happening but the address the tab connected to was http://kingsdowns.co...f0-4071afff3374 and the download was coming from the helpfully named http://axhjaxwjz.kze4hrhh.com

Any Suggestions appreciated.

Regards.

#2
Essexboy

Posted 28 March 2015 - 07:28 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi, I have changed the links to make them non-clickable as one tried to download a bad boy

So lets have a look see at what is there

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG

On completion of the scan click save log, save it to your desktop and post in your next reply

#3
Barnys

Posted 28 March 2015 - 08:56 AM

Member

Topic Starter
Member
51 posts

Thanks for the reply.

ooopss, it might be a good idea to also change the links post 51 to also make them non-clickable http://www.geekstogo...n-or-two/page-4

The aswMBR scan was a quick scan, was that what you needed?

Here are the reports;

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Siggi (administrator) on A-PROBLEM on 28-03-2015 15:26:38
Running from C:\Users\Siggi\Desktop\geeks to go 2\FRST 28.03
Loaded Profiles: Siggi (Available profiles: Siggi)
Platform: Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86) OS Language: German (Germany)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
(Ruiware LLC) C:\Program Files\WinPatrol\WinPatrol\WinPatrol.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Users\Siggi\Desktop\FRST 28.03\FRST.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\...\Run: [WinPatrol] => C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk /p \??\G:autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2689138593-1012205953-2850960868-1000] => localhost:8080
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> DefaultScope {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {2EEBF53F-DE57-4693-9176-5932F3208BBC} URL = https://de.search.ya...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2689138593-1012205953-2850960868-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://de.search.yah...}&fr=chr-comodo
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-05] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF99C9F5-B28A-4BB4-9500-B9F69C08AB23}: [NameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://duckduckgo.com/
FF Keyword.URL: https://de.search.ya...&type=523482&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: NetVideoHunter - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\[email protected] [2015-03-16]
FF Extension: FoxClocks - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2015-02-26]
FF Extension: Ghostery - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\[email protected] [2015-02-26]
FF Extension: Self-Destructing Cookies - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\[email protected] [2015-02-26]
FF Extension: Status-4-Evar - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\[email protected] [2015-02-26]
FF Extension: Adblock Plus - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-26]
FF Extension: BetterPrivacy - C:\Users\Siggi\AppData\Roaming\Mozilla\Firefox\Profiles\b9wt8fzb.default-1424953480022\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-05]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-05] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-05] (Avast Software)
S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 OAcat; "C:\Program Files\Online Armor\OAcat.exe" [X]
S3 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-05] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-05] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-05] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-05] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-05] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-05] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-15] (GFI Software)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-05] (Avast Software)
S3 w200bus; C:\Windows\System32\DRIVERS\w200bus.sys [61504 2006-11-07] (MCCI)
S3 w200mdfl; C:\Windows\System32\DRIVERS\w200mdfl.sys [9328 2006-11-07] (MCCI)
S3 w200mdm; C:\Windows\System32\DRIVERS\w200mdm.sys [97056 2006-11-07] (MCCI)
S3 w200mgmt; C:\Windows\System32\DRIVERS\w200mgmt.sys [88560 2006-11-07] (MCCI)
S3 w200obex; C:\Windows\System32\DRIVERS\w200obex.sys [86368 2006-11-07] (MCCI)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OADevice; \??\C:\Windows\system32\drivers\OADriver.sys [X]
S1 oahlpXX; \??\C:\Windows\system32\drivers\oahlp32.sys [X]
S1 OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 15:24 - 2015-03-28 15:24 - 00000000 ____D () C:\Users\Siggi\Desktop\geeks to go 2
2015-03-28 10:52 - 2015-03-28 10:52 - 00000000 ____D () C:\Users\Siggi\AppData\Local\Apps\2.0
2015-03-27 20:09 - 2015-03-27 20:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-27 17:37 - 2015-03-27 17:37 - 00000218 _____ () C:\Users\Siggi\.recently-used.xbel
2015-03-27 14:10 - 2015-03-27 14:14 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\gtk-2.0
2015-03-27 12:51 - 2015-03-27 17:37 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\gsmartcontrol
2015-03-26 17:27 - 2015-03-26 17:27 - 00000000 ____D () C:\Users\Siggi\Desktop\GSartcontrol
2015-03-25 03:41 - 2015-03-28 15:26 - 00000000 ____D () C:\FRST
2015-03-19 10:28 - 2015-03-19 10:31 - 00000000 ____D () C:\Users\Siggi\Desktop\MTK-TWRP
2015-03-18 13:31 - 2015-03-28 15:23 - 00000000 ____D () C:\Users\Siggi\Desktop\CWM Magic
2015-03-17 14:34 - 2015-03-28 10:30 - 00000000 ____D () C:\Users\Siggi\Desktop\flash stuff
2015-03-17 14:28 - 2015-03-18 14:09 - 00000000 ____D () C:\Users\Siggi\Desktop\ehel
2015-03-17 08:10 - 2011-11-25 00:26 - 00013440 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys
2015-03-14 06:00 - 2015-03-14 06:00 - 00000000 ____D () C:\Program Files\ESET
2015-03-11 02:35 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 02:33 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 02:32 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 02:22 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 02:22 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 02:21 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 02:21 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 02:21 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 02:21 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 02:20 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 02:19 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 02:19 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 02:18 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 02:13 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 02:13 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 02:13 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 02:13 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 02:13 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 02:13 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 02:13 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 02:13 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 02:13 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 02:13 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 02:13 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 02:13 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 02:13 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 02:13 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 02:13 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 02:13 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 02:13 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 02:13 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-08 19:00 - 2015-03-08 19:03 - 00000000 ____D () C:\AdwCleaner
2015-03-08 09:55 - 2015-03-08 09:55 - 00000165 ____H () C:\Users\Siggi\Desktop\~$Checklist Test.xlsx
2015-03-08 05:33 - 2015-03-08 05:59 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\WinPatrol
2015-03-08 05:33 - 2015-03-08 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-03-08 05:33 - 2015-03-08 05:33 - 00000000 ____D () C:\Program Files\WinPatrol
2015-03-08 05:29 - 2015-03-22 10:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-08 05:29 - 2015-03-21 05:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-08 05:29 - 2015-03-21 05:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-08 05:29 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-08 05:29 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-08 05:29 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 04:54 - 2015-03-08 04:54 - 00001804 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-08 04:53 - 2015-03-08 04:53 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-08 04:53 - 2015-03-08 04:53 - 00000000 ____D () C:\Program Files\Adobe
2015-03-08 04:45 - 2015-03-08 04:45 - 00001839 _____ () C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-03-08 04:45 - 2015-03-08 04:45 - 00000000 ____D () C:\Program Files\FileHippo.com
2015-03-05 03:54 - 2015-03-05 03:55 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-05 03:54 - 2015-03-05 03:54 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\AVAST Software
2015-03-05 03:54 - 2015-03-05 03:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-05 03:53 - 2015-03-05 03:53 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-05 03:53 - 2015-03-05 03:53 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-05 03:53 - 2015-03-05 03:53 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-05 03:53 - 2015-03-05 03:53 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-05 03:49 - 2015-03-05 03:49 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-05 03:47 - 2015-03-05 03:48 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-03 05:25 - 2015-03-03 05:25 - 00001977 _____ () C:\DelFix.txt
2015-02-28 05:46 - 2015-02-28 05:46 - 00000000 ____D () C:\Users\Siggi\AppData\Local\SkinSoft
2015-02-28 05:45 - 2015-03-22 13:17 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Search Protection
2015-02-28 03:05 - 2014-11-26 03:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-28 03:01 - 2015-01-15 05:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-28 03:01 - 2014-12-08 02:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-26 13:31 - 2015-03-12 13:19 - 00000000 ____D () C:\Users\Siggi\Desktop\dwnldr
2015-02-26 13:24 - 2015-02-26 14:00 - 00000000 ____D () C:\Users\Siggi\Desktop\Old Firefox Data
2015-02-26 04:44 - 2015-03-04 17:57 - 00000000 ____D () C:\Users\Siggi\dwhelper

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 15:26 - 2015-01-24 07:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 15:20 - 2013-04-13 11:11 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\vlc
2015-03-28 13:41 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 13:41 - 2006-11-02 13:46 - 00004000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 11:47 - 2014-06-01 13:29 - 01440270 ____N () C:\Windows\WindowsUpdate.log
2015-03-28 11:46 - 2012-05-01 17:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-28 11:41 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 11:38 - 2006-11-02 14:00 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-28 11:36 - 2012-05-01 16:39 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Macromedia
2015-03-28 10:32 - 2015-02-02 11:56 - 00000000 ____D () C:\Users\Siggi\Desktop\Zopo
2015-03-27 17:37 - 2012-05-01 09:07 - 00000000 ____D () C:\Users\Siggi
2015-03-27 08:57 - 2014-07-30 05:51 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Browser Extensions
2015-03-26 10:12 - 2014-12-18 14:22 - 00051043 _____ () C:\Users\Siggi\Desktop\lortoy sturrf.xlsx
2015-03-25 19:27 - 2012-11-11 14:38 - 00000000 ____D () C:\Users\Siggi\Desktop\sigggis bits 2
2015-03-25 19:09 - 2013-06-02 02:49 - 00000000 ____D () C:\Users\Siggi\AppData\Local\CrashDumps
2015-03-23 05:21 - 2008-01-21 09:24 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 11:25 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2015-03-21 09:59 - 2012-05-26 16:43 - 00000000 ____D () C:\Windows\Minidump
2015-03-14 04:38 - 2015-01-24 07:15 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-14 04:38 - 2015-01-24 07:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-14 04:32 - 2012-05-01 18:10 - 00000000 ____D () C:\Users\Siggi\AppData\Local\Thunderbird
2015-03-14 04:32 - 2012-05-01 18:09 - 00001808 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-03-14 04:31 - 2014-06-18 15:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-03-11 18:48 - 2006-11-02 11:24 - 119837704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-11 02:40 - 2006-11-02 13:46 - 00397080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 02:34 - 2012-05-02 03:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 02:32 - 2013-08-14 15:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-08 05:59 - 2015-01-14 13:16 - 00000000 ____D () C:\Users\Siggi\AppData\Local\NETGEARGenie
2015-03-08 05:57 - 2012-05-27 04:14 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-08 05:33 - 2012-12-17 05:45 - 00000000 ____D () C:\ProgramData\InstallMate
2015-03-08 05:22 - 2012-05-27 04:15 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-08 05:22 - 2012-05-27 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-08 05:16 - 2012-05-01 17:01 - 00000864 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-08 05:04 - 2012-05-04 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-08 05:04 - 2012-05-04 06:54 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-08 05:01 - 2012-05-02 02:58 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\Audacity
2015-03-08 05:00 - 2012-05-02 11:08 - 00000822 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-08 05:00 - 2012-05-02 11:08 - 00000000 ____D () C:\Program Files\Audacity
2015-03-08 04:53 - 2012-05-01 19:29 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-08 04:33 - 2014-08-10 10:17 - 00000000 ____D () C:\Users\Siggi\AppData\Local\Adobe
2015-03-05 07:02 - 2015-01-21 13:03 - 00000000 ____D () C:\Users\Siggi\Desktop\excel rstr
2015-03-01 14:42 - 2012-05-01 18:13 - 00000000 ____D () C:\Users\Siggi\Desktop\sturrf
2015-03-01 09:32 - 2012-05-06 06:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-01 05:23 - 2013-09-25 06:32 - 00067333 _____ () C:\Users\Siggi\Desktop\New House water etc.xlsx
2015-02-28 11:16 - 2014-04-23 02:47 - 00000000 ____D () C:\Users\dub_cm_auto
2015-02-28 11:16 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-02-28 11:16 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-02-28 11:15 - 2015-02-13 12:30 - 00000000 ____D () C:\Windows\erdnt
2015-02-28 11:11 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-02-28 11:09 - 2006-11-02 11:22 - 43515904 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 42729472 _____ () C:\Windows\system32\config\COMPON~2.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 22544384 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 00065536 _____ () C:\Windows\system32\config\SAM.bak
2015-02-28 11:09 - 2006-11-02 11:22 - 00020480 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-27 11:32 - 2015-02-11 16:24 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-27 10:27 - 2013-05-26 12:22 - 00000000 ____D () C:\ProgramData\Norton
2015-02-26 12:51 - 2014-08-06 08:42 - 00000000 ____D () C:\Users\Siggi\AppData\Roaming\uTorrent

==================== Files in the root of some directories =======

2013-07-15 10:48 - 2013-07-15 10:49 - 9842040 _____ (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe
2012-05-01 09:07 - 2014-07-01 16:51 - 0000680 _____ () C:\Users\Siggi\AppData\Local\d3d9caps.dat
2012-05-26 19:45 - 2012-06-27 07:55 - 0009216 _____ () C:\Users\Siggi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-28 11:48

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Siggi at 2015-03-28 15:27:32
Running from C:\Users\Siggi\Desktop\geeks to go 2\FRST 28.03
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DriverNavigator 3.4.5 (HKLM\...\DriverNavigator_is1) (Version: 3.4.5.0 - Easeware)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FileHippo App Manager (HKLM\...\FileHippo.com) (Version: - FileHippo.com)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 en-GB)) (Version: 31.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Nokia Connectivity Cable Driver (HKLM\...\{D4BF151C-70A8-4CE2-906F-4173A575BAD9}) (Version: 7.1.182.0 - Nokia)
Norton Bootable Recovery Tool Wizard (HKLM\...\NBRTWizard) (Version: 6.0.0.74 - Symantec Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.20 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.20 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-GB) (Version: 10.0.4600.20 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

03-03-2015 05:25:45 Ende der Bereinigung
05-03-2015 03:49:13 avast! antivirus system restore point
05-03-2015 08:37:41 Windows Update
08-03-2015 04:51:31 Installed Adobe Reader XI.
11-03-2015 01:59:04 Windows Update
11-03-2015 02:13:49 Windows Update
17-03-2015 08:11:45 Gerätetreiber-Paketinstallation: June Fabrics Technology Inc. Netzwerkadapter
17-03-2015 13:23:29 Gerätetreiber-Paketinstallation: Google USB Android Device
18-03-2015 03:47:11 Windows Update
21-03-2015 06:20:22 Windows Update
24-03-2015 07:59:17 Geplanter Prüfpunkt
25-03-2015 01:12:30 Windows Update
28-03-2015 02:26:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2015-02-28 11:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {026DAB5C-7B7D-414E-ABFA-004A5C7A4904} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe
Task: {2F05D630-5494-49E9-A901-9AEA75A9EE2E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-05] (Avast Software s.r.o.)
Task: {2F20F7BD-4A96-479B-8351-6D6C2952023D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {6A0844CA-8F71-4EE7-8046-C053FE70B6C5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2012-02-13] (TuneUp Software)
Task: {6E17CC6E-BF42-4AF6-9B3A-5D5E91C66B41} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B4BCD434-D544-49E5-A3BB-623C8FCBF638} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {B71D39B3-FCB1-4C87-8489-201AA074BB4D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6} - System32\Tasks\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A} => pcalua.exe -a "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs\VisualBasic6-KB896559-v1-ENU.exe" -d "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs"
Task: {BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834} - \DriverNavigator Scheduled Scan No Task File <==== ATTENTION
Task: {C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D} - System32\Tasks\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0} => pcalua.exe -a C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver\install_driver.exe -d C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver
Task: {D8602925-8654-48C3-815C-676E550EE430} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F900BE6D-F432-4F0E-9A29-91294DB7AD26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {FAB7A746-36D9-41B6-BEA6-930E66490098} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-05 03:53 - 2015-03-05 03:53 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-05 03:53 - 2015-03-05 03:53 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-28 10:26 - 2015-03-28 10:26 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15032800\algo.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2015-03-05 03:53 - 2015-03-05 03:53 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-29 02:14 - 2013-09-29 02:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 10:46 - 2014-11-17 10:46 - 00639488 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2014-11-10 10:55 - 2014-11-10 10:55 - 01686016 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 08:36 - 2014-11-05 08:36 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 08:37 - 2014-11-05 08:37 - 00632832 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 11:53 - 2014-11-14 11:53 - 06499840 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2014-06-30 03:05 - 2014-06-30 03:05 - 01183232 _____ () C:\Program Files\NETGEAR Genie\bin\qwt.dll
2014-11-07 10:13 - 2014-11-07 10:13 - 02475520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 21:27 - 2012-10-15 21:27 - 00111616 _____ () C:\Program Files\NETGEAR Genie\bin\libvlc.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 02286592 _____ () C:\Program Files\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 08:00 - 2014-11-17 08:00 - 01056768 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 09:39 - 2014-09-11 09:39 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 08:51 - 2014-11-05 08:51 - 01191424 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 07:21 - 2014-11-17 07:21 - 10374656 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 07:18 - 2014-11-17 07:18 - 02496512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 10:39 - 2014-11-06 10:39 - 00200192 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 08:58 - 2014-11-05 08:58 - 00889344 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 09:00 - 2014-11-05 09:00 - 00435712 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-30 02:55 - 2014-06-30 02:55 - 00081408 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 09:23 - 2014-11-03 09:23 - 00143360 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00074240 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00219648 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00049664 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 21:28 - 2012-10-15 21:28 - 00070144 _____ () C:\Program Files\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-29 02:13 - 2013-09-29 02:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 08:59 - 2014-11-05 08:59 - 00642048 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 09:01 - 2014-11-05 09:01 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-30 03:33 - 2014-06-30 03:33 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 07:00 - 2014-09-04 07:00 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2015-01-27 13:18 - 2015-01-27 13:18 - 02926800 _____ () C:\Program Files\FileHippo.com\FileHippo.AppManager.exe
2014-11-06 16:28 - 2014-11-06 16:28 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2015-02-27 15:21 - 2015-02-27 15:21 - 00140568 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 02628888 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00551192 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00039192 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00037144 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00083736 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00075544 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 02155800 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00111384 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00240920 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00086808 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00053016 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00069400 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00591128 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00768792 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00128792 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00049944 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00020760 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00137496 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01563928 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00330008 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01261336 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00066840 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00045848 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 11994904 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00678680 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00134424 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00027416 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00023832 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00020760 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00125208 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00043800 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00034072 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00341784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00154904 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00751896 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00028952 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00086296 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00029464 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00037656 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00027416 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00075544 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00042264 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00023320 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025880 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00032536 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00034584 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00022808 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00258328 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00024344 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00301848 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01288472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025880 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00034072 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00049432 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00448792 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00033048 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01546520 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00353560 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00019736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00024344 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00137496 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00173848 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00064792 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 01501976 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00025368 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00019736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00020248 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00026904 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00019736 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00021784 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00031512 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2015-02-27 15:21 - 2015-02-27 15:21 - 00057112 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Siggi\Pictures\New Picture.bmp
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Search Protection => "C:\Users\Siggi\AppData\Roaming\Search Protection\SP.EXE" /autostart

==================== Accounts: =============================

Administrator (S-1-5-21-2689138593-1012205953-2850960868-500 - Administrator - Disabled)
Gast (S-1-5-21-2689138593-1012205953-2850960868-501 - Limited - Disabled)
Siggi (S-1-5-21-2689138593-1012205953-2850960868-1000 - Administrator - Enabled) => C:\Users\Siggi

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 11:42:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/27/2015 00:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2015 07:19:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2015 04:41:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2015 01:02:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2015 00:28:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2015 09:38:12 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/23/2015 09:38:11 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (03/23/2015 00:55:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\DESKTOP\FOLDERS\ORISHAS\WWWWWWWWWWWWW.WWW> in the hash map cannot be updated.

Kontext: Anwendung, SystemIndex Katalog

Details:
   Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (03/23/2015 00:55:55 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SIGGI\DESKTOP\FOLDERS\ORISHAS\VVVVVVVVVVVVV.VVV> in the hash map cannot be updated.

Kontext: Anwendung, SystemIndex Katalog

Details:
   Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

System errors:
=============
Error: (03/28/2015 11:44:35 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/28/2015 11:42:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon

Error: (03/28/2015 11:42:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NETGEARGenieDaemon%%1053

Error: (03/28/2015 11:42:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000NETGEARGenieDaemon

Error: (03/28/2015 11:42:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Online Armor Helper Service%%3

Error: (03/28/2015 02:25:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (03/27/2015 05:21:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000IPBusEnum

Error: (03/27/2015 00:53:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (03/27/2015 00:48:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: OADevice
oahlpXX
OAmon

Error: (03/27/2015 00:48:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NETGEARGenieDaemon%%1053

Microsoft Office Sessions:
=========================
Error: (10/22/2014 01:52:25 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 107 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/13/2014 05:46:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 90 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/24/2013 09:48:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2015-03-28 15:27:25.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 15:27:25.121
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 15:27:24.350
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 15:27:23.582
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 15:27:22.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 15:27:21.756
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 15:27:21.021
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-28 15:27:20.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 03:42:17.590
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-25 03:42:16.645
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 46%
Total physical RAM: 3316.27 MB
Available physical RAM: 1769.55 MB
Total Pagefile: 6868.53 MB
Available Pagefile: 5401.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:187.74 GB) (Free:1.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.92 GB) (Free:1.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.2 GB) - (Type=05)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-03-28 15:29:46
-----------------------------
15:29:46.258    OS Version: Windows 6.0.6002 Service Pack 2
15:29:46.258    Number of processors: 2 586 0xF0D
15:29:46.260    ComputerName: A-PROBLEM UserName: Siggi
15:29:47.147    Initialize success
15:29:47.179    VM: initialized successfully
15:29:47.181    VM: Intel CPU virtualization not supported
15:29:51.159    AVAST engine defs: 15032800
15:31:03.925    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:31:03.933    Disk 0 Vendor: ST3250310AS 3.AHA Size: 238475MB BusType: 3
15:31:04.032    Disk 0 MBR read successfully
15:31:04.036    Disk 0 MBR scan
15:31:04.041    Disk 0 unknown MBR code
15:31:04.846    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       192247 MB offset 63
15:31:04.852    Disk 0 Partition - 00     05       Extended             36065 MB offset 393723902
15:31:04.888    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        10158 MB offset 467586000
15:31:04.911    Disk 0 Partition 3 00     83          Linux             31981 MB offset 393723904
15:31:04.919    Disk 0 Partition - 00     05       Extended              4084 MB offset 459220992
15:31:04.949    Disk 0 scanning sectors +488391120
15:31:05.106    Disk 0 scanning C:\Windows\system32\drivers
15:31:13.338    Service scanning
15:31:29.269    Modules scanning
15:31:29.278    Disk 0 trace - called modules:
15:31:29.302    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys tcpip.sys NETIO.SYS dxgkrnl.sys igdkmd32.sys
15:31:29.310    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86226ac8]
15:31:29.319    3 CLASSPNP.SYS[8b5cb8b3] -> nt!IofCallDriver -> [0x85abe918]
15:31:29.334    5 acpi.sys[806a16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85a9a820]
15:31:29.860    AVAST engine scan C:\Windows
15:31:31.466    AVAST engine scan C:\Windows\system32
15:34:10.706    AVAST engine scan C:\Windows\system32\drivers
15:34:30.021    AVAST engine scan C:\Users\Siggi
15:47:38.774    AVAST engine scan C:\ProgramData
15:48:44.964    Disk 0 statistics 3188846/0/0 @ 1,72 MB/s
15:48:44.973    Scan finished successfully
15:49:03.654    Disk 0 MBR has been saved successfully to "C:\Users\Siggi\Desktop\MBR.dat"
15:49:03.669    The log file has been saved successfully to "C:\Users\Siggi\Desktop\aswMBR.txt"

#4
Essexboy

Posted 28 March 2015 - 09:15 AM

GeekU Moderator

Retired Staff
69,964 posts

Drive c: (COMPAQ) (Fixed) (Total:187.74 GB) (Free:1.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Hmm you are a bit tight on your C drive, the next task will be to see what is taking all the room

First set Avast to detect PUP's (potentially unwanted programmes)
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2689138593-1012205953-2850960868-1000] => localhost:8080
Task: {BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6} - System32\Tasks\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A} => pcalua.exe -a "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs\VisualBasic6-KB896559-v1-ENU.exe" -d "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs"
Task: {BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834} - \DriverNavigator Scheduled Scan No Task File <==== ATTENTION
Task: {C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D} - System32\Tasks\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0} => pcalua.exe -a C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver\install_driver.exe -d C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver
Task: {F900BE6D-F432-4F0E-9A29-91294DB7AD26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download and install WinDirStat.

Click on the desktop icon to run the program.
Click on Individual Drives and then click on C: (or whichever drive is your Main Drive)
Click on OK
When the pacmen have finished there will be a graphic display of your drive]
Place your cursor on the divider line between the text above and the color graph below and drag downwards to expand the upper portion of the resultant image produced
Please create a screen shot and attach or upload the image to your next post so I can have a look

It will look something like this

Which Folder is taking the greatest space ? You can add a screen shot if you wish

#5
Barnys

Posted 28 March 2015 - 10:18 AM

Member

Topic Starter
Member
51 posts

Yes, the C drive is becoming a problem, I took 2 GB out today to keep it running. I think we have lost about 25GB of free space over the last 2 weeks.

Avast was already set to detect PUP's.

When I ran FRST with fixlist.txt, a recovered Excel file appeared on the desktop (probably a remnant from an earlier blue screen) then after the restart following the FRST Fix process the Excel file was gone again.

The screen shot of WinDirStat is attached

Here is the Fixlog;

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Siggi at 2015-03-28 16:41:06 Run:1
Running from C:\Users\Siggi\Desktop\geeks to go 2\FRST 28.03
Loaded Profiles: Siggi (Available profiles: Siggi)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2689138593-1012205953-2850960868-1000] => localhost:8080
Task: {BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6} - System32\Tasks\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A} => pcalua.exe -a "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs\VisualBasic6-KB896559-v1-ENU.exe" -d "C:\Users\Siggi\Desktop\dwnlds\dwnlds\dwnlds\puta probs"
Task: {BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834} - \DriverNavigator Scheduled Scan No Task File <==== ATTENTION
Task: {C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
Task: {D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D} - System32\Tasks\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0} => pcalua.exe -a C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver\install_driver.exe -d C:\Users\Siggi\Desktop\twerp\zopo\driver\2\Driver
Task: {F900BE6D-F432-4F0E-9A29-91294DB7AD26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BACCE739-E8AB-48DD-B6FD-6F84CEC6F4D6}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6D9F0267-FA04-4C96-A0A2-519CEE74B89A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFD51F6E-1CAE-4FA8-98FC-BBC69AB7C834}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverNavigator Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5AA221E-9BAD-4BEB-86D0-9C655AF97C1C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D79B8FFC-5FC4-4E8D-A2C5-EC02361A883D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{697AAB8D-C624-46B9-A6A4-72180CC7E2E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F900BE6D-F432-4F0E-9A29-91294DB7AD26}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F900BE6D-F432-4F0E-9A29-91294DB7AD26}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC" => Key deleted successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2689138593-1012205953-2850960868-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

An error occurred contacting the firewall. Make sure that the Windows Firewall service is running and try your request again.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

An error occurred contacting the firewall. Make sure that the Windows Firewall service is running and try your request again.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset c:\resetlog.txt =========

Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.

========= End of CMD: =========

========= ipconfig /release =========

Windows IP Configuration

Ethernet adapter LAN-Verbindung:

   Connection-specific DNS Suffix . :
   Link-local IPv6 Address . . . . . : fe80::59f8:e34d:ab8e:658d%10
   Default Gateway . . . . . . . . . :

Tunnel adapter LAN-Verbindung*:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :

Tunnel adapter LAN-Verbindung* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :

========= End of CMD: =========

========= ipconfig /renew =========

Windows IP Configuration

Ethernet adapter LAN-Verbindung:

   Connection-specific DNS Suffix . :
   Link-local IPv6 Address . . . . . : fe80::59f8:e34d:ab8e:658d%10
   IPv4 Address. . . . . . . . . . . : 192.168.1.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter LAN-Verbindung*:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :

Tunnel adapter LAN-Verbindung* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :

========= End of CMD: =========

========= netsh int ipv4 reset =========

Reseting Interface, OK!
A reboot is required to complete this action.

========= End of CMD: =========

========= netsh int ipv6 reset =========

Reseting Echo Request, OK!
A reboot is required to complete this action.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 86.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:43:17 ====

Attached Thumbnails

#6
Essexboy

Posted 28 March 2015 - 11:25 AM

GeekU Moderator

Retired Staff
69,964 posts

OK Users is the biggest problem area (110 Gb) run Windirstat again and press the + sign next to users
That will then show you where the greatest amount is

I would suspect it is probably music or pictures. (Both file types consume 51Gb)

You can dig down and it should show you exactly what it is

How is firefox behaving now, is it opening random tabs ?

#7
Barnys

Posted 28 March 2015 - 12:24 PM

Member

Topic Starter
Member
51 posts

We haven’t had a "mysterious" download for a while, fingers crossed :-)

For some reason I had to uninstall, restart and reinstall WinDirStat, I kept getting messages telling me it didnt install correctly after I first ran it.

I am chipping away at it, I now see that working through all of these folders will take a while. This is an incentive stop the drives filling up with rubbish...

I will get back into it tomorrow and thanks for your help so far.

Regards.

Edited by Barnys, 28 March 2015 - 12:26 PM.

#8
Essexboy

Posted 28 March 2015 - 12:47 PM

GeekU Moderator

Retired Staff
69,964 posts

My pleasure, any questions just shout

#9
Barnys

Posted 28 March 2015 - 11:16 PM

Member

Topic Starter
Member
51 posts

I have realised there may be something wrong with the HDrive GB values we are seeing.

The C Drive values produced by BCD indicating a total space of 187.74 GB with:1.46 GB free is in line with what I am seeing displayed for the C drive in the Start>Computer window. However, I think the current total GBs value of 187.74 is about 16-17GB short of what should be there.

In Jan 2010 I upgraded the machines ram from 2GB to 4GB and because I hadn’t done this before to find out what ram was needed I produced a Computer Profile Summary which I kept.

When I compare the Then with Now C Drive GB values it is apparent there is a difference of around 16.5GBs which is in line with the amount of C drive free space loss I had been seeing over the last 2 weeks(ish).

So how does a C drive progressively shrink by 1-2Gbs a day? Have I got this wrong, is it possible this is simply a mechanical fault, if so why/how did it manage to fail at a constant daily rate over a couple of weeks?

Regards.

Edited by Barnys, 28 March 2015 - 11:20 PM.

#10
Essexboy

Posted 29 March 2015 - 03:12 AM

GeekU Moderator

Retired Staff
69,964 posts

It depends how the GB is reported as there are different measures for this believe it or not

This is what is showing now, how does it compare to your previous data

Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=35.2 GB) - (Type=05)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

#11
Barnys

Posted 29 March 2015 - 03:51 AM

Member

Topic Starter
Member
51 posts

Hmmm, "It depends how the GB is reported as there are different measures for this..." well of course, why would it be easy :-)

I have looked at the Computer Management>Disk Management window, when the capacity of all HD partitions are added the total is 232,88 GB which matches "Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)"

The reason I was wondering was that the Computer Profile summary records the disk capacity at 250 GB giving a difference of around 17 GB which is very similar to the space we have lost.

This is from the 2010 summary

Local Drive Volumes

c: (NTFS on drive 0) 239,40 GB 140,16 GB free

d: (NTFS on drive 0) 10,65 GB 1,14 GB free

The coincidence caught my attention, is it likely this difference is the result of different measures?

Regards.

Attached Thumbnails

Edited by Barnys, 29 March 2015 - 03:53 AM.

#12
Essexboy

Posted 29 March 2015 - 04:20 AM

GeekU Moderator

Retired Staff
69,964 posts

You appear to have two additional partitions there of 31 and 4 GB respectively with no drive letters. Have you partitioned the drive at any stage ?
As those two partitions will not reflect in the C drive space

#13
Barnys

Posted 29 March 2015 - 05:06 AM

Member

Topic Starter
Member
51 posts

Sorry for the confusion.

I forgot to cover the other partitions, they have both been there for some time, one is Linux and the other is an encrypted partition with nothing in it :-).

My thoughts were that if we take the Computer Profile Summary which indicates a combined available capacity of 250GB and subtract the D drive @ 10GB and minus my two partitions @ 35GB then I should see a C drive capacity of 205GB.

However, both the tests we have done and the Computer Management window are indicating a C drive capacity of 187.7GB leaving a discrepancy of around 17GB which is in line with the amount of space we have lost.

Is it possible this is the result of differing measurement processes?

#14
Essexboy

Posted 29 March 2015 - 05:27 AM

GeekU Moderator

Retired Staff
69,964 posts

A few quotes on disc drive size and why they are confusing

How is the computer behaving otherwise ?

One link that tries to explain it http://www.pcmech.co...ad.php?t=118330

Modern hard disk drives appear to their interface as a contiguous set of logical blocks, so the gross drive capacity may be calculated by multiplying the number of blocks by the block size. This information is available from the manufacturer's specification and from the drive itself through use of special utilities invoking low level commands.[66][67]
The gross capacity of older HDDs may be calculated as the product of the number of cylinders per zone, the number of bytes per sector (most commonly 512), and the count of zones of the drive. Some modern SATA drives also report cylinder-head-sector (CHS) values, but these are not actual physical parameters since the reported numbers are constrained by historic operating system interfaces. The C/H/S scheme has been replaced by logical block addressing. In some cases, to try to "force-fit" the CHS scheme to large-capacity drives, the number of heads was given as 64, although no modern drive has anywhere near 32 platters: the typical 2 TB hard disk as of 2013 has two 1 TB platters, and 4 TB drives use four platters.

If youve paid attention to hard drives, USB flash drives, and other storage devices, you may have noticed that they always have less space than promised once theyre formatted. The reason for this difference lies in the way hard drive manufacturers advertise their devices, versus the way Windows computers actually use the storage devices. Theres also some overhead required when Windows formats your drive, for the file system and boot data, though in comparison to todays large hard drives, its not a lot.
To a hard disk manufacturer, one KB is 1000 bytes, one MB is 1000 KB, and one GB is 1000 MB. Essentially, if a hard disk is advertised as 500GB, it contains 500 * 1000 * 1000 * 1000 = 500,000,000,000 bytes of space. The hard disk manufacturer thus advertises the disk as a 500 GB hard disk.
However, manufacturers of RAM dont sell it in even groups of 1000 they use groups of 1024. When youre buying memory, a KB is 1024 bytes, a MB is 1024 KB, and a GB is 1024 MB. To work back from the 500,000,000,000 bytes above:

Keep in mind that the hard drive manufacturers are using the accurate description of the terms the prefix giga, for instance, means a power of 1000, whereas the correct term for powers of 1024 is gibibyte, though it isnt often used. Unfortunately, Windows has always calculated hard drives as powers of 1024 while hard drive manufacturers use powers of 1000.

#15
Barnys

Posted 29 March 2015 - 06:40 AM

Member

Topic Starter
Member
51 posts

Thanks for the quotes and your work.

The computer is, running. It is doing everything it should do but it is a bit slow and a little buggy. On a positive note, I freed up about 10GBs on the C drive today and so far there isn’t any indication that anything is filling the free space :-).

I am wondering if the problems are, in part, the result of the machine being old and “well” used. It is taking more and more time and effort to keep it running.

We have decided that as long as it is safe to transfer our files, it is time to cut our losses and upgrade to a new box (and perhaps replace the HD and install Linux on this one then use it to get more familiar with that system).

So I will monitor the computers behavior and look for a replacement.

Thank you for your help, the forums and those who contribute are a real asset to those of us who need assistance.

Regards.