Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton removal of Trojan.Gen.2 makes computer unbootable


  • Please log in to reply
39 replies to this topic

#1 akiiki

akiiki

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 01 April 2015 - 01:52 PM

Hi all, so glad to have found this forum and hope you can help me. My computer has been extremely slow at start-up and recently Norton found and removed Trojan.Gen.2. Then it asked me to reboot, but it would get stuck at a black screen and I'd have to turn it off and on again. This would result in system repair and putting it back at an earlier point, which apparently also brought the virus back. I have been through this 2-3 times and also ran Norton Power Eraser, but this also didn't solve the problem. Below are my FRST and additional logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Karin (administrator) on KARIN-PC on 01-04-2015 18:48:16
Running from f:\
Loaded Profiles: Karin (Available profiles: Karin)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\runonceex: [Flags] =>
HKLM\...\runonceex: [Title] => UnHackMe Rootkit Check
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-19\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Run: [Spotify Web Helper] => C:\Users\Karin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-20] (Spotify Ltd)
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\MountPoints2: {6e1e44a2-f86e-11df-a24d-00238b0688f7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\upgrade.htm
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [] => [X]
Startup: C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=83&bd=Pavilion&pf=cnnb
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> DefaultScope {E6568FEB-335D-415F-8776-178C8FDA5229} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> {E6568FEB-335D-415F-8776-178C8FDA5229} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-03] (RealPlayer)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-23] (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-10] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-23] (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-03-16] (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.1.0.9\coIEPlg.dll [2014-12-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game07.zylom.com/activex/zylomgamesplayer.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.46.228.196 62.179.104.196

FireFox:
========
FF ProfilePath: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277
FF Homepage: mail.yahoo.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-23] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-10] (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-04-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-04-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-04-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-07-31] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-128393443-1509664233-60723751-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Karin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-29] (Citrix Online)
FF Plugin HKU\S-1-5-21-128393443-1509664233-60723751-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js [2015-03-24]
FF Extension: Disconnect - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\Extensions\2.0@disconnect.me.xpi [2015-03-23]
FF Extension: Media Hint - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\Extensions\mediahint@jetpack.xpi [2015-03-23]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-04-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-04]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-04-01]
FF HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-03-16]
CHR Extension: (Norton Identity Protection) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-11]
CHR Extension: (Google Wallet) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.1.0.9\Exts\Chrome.crx [2014-12-29]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [73728 2008-02-12] (Andrea Electronics Corporation)
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-06-19] (Cisco Systems, Inc.)
S2 DM1Service; C:\Program Files\Olympus\DeviceDetector\DM1Service.exe [73728 2007-06-11] (OLYMPUS IMAGING CORP.)
S4 gupdate1c9a227a382d48c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard)
S2 NS; C:\Program Files\Norton Security\Engine\22.1.0.9\NS.exe [282528 2014-12-10] (Symantec Corporation)
S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-23] ()
S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-23] ()
S2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
S2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe [221239 2008-04-15] (IDT, Inc.)
S3 MozillaMaintenance; No ImagePath
S2 Util Between Lines; "C:\Program Files\Between Lines\bin\utilBetweenLines.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
S1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NS\1601000.009\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-06-19] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2015-03-30] (Symantec Corporation)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150331.001\IDSvix86.sys [505048 2015-03-26] (Symantec Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-11-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-11-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150331.034\NAVENG.SYS [95704 2015-03-30] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150331.034\NAVEX15.SYS [1636696 2015-03-30] (Symantec Corporation)
S1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-02-24] (IBM Corp.)
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-02-12] (IBM Corp.)
S0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-02-12] (IBM Corp.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-02-12] (IBM Corp.)
S3 RegGuard; C:\Windows\system32\Drivers\regguard.sys [24416 2015-01-13] (Greatis Software)
S1 SRTSP; C:\Windows\system32\drivers\NS\1601000.009\SRTSP.SYS [699608 2014-12-02] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NS\1601000.009\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NS\1601000.009\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1601000.009\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2014-12-29] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NS\1601000.009\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\system32\drivers\NS\1601000.009\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation)
S3 VNUSB; C:\Windows\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.)
S3 catchme; No ImagePath
U1 eabfiltr; No ImagePath
S3 IpInIp; No ImagePath
S3 MREMP50a64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50a64; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U0 Partizan; No ImagePath
S3 RegKernelHelp; No ImagePath
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 18:48 - 2015-04-01 18:48 - 00000000 ____D () C:\FRST
2015-03-31 19:31 - 2015-03-31 19:31 - 00000004 _____ () C:\ProgramData\SMRResults430.dat
2015-03-31 19:09 - 2015-03-31 19:09 - 00000000 ____D () C:\NPE
2015-03-30 23:40 - 2015-03-30 23:40 - 00047234 _____ () C:\Users\Karin\Documents\The.Walking.Dead.S05E16.PROPER.HDTV.x264-KILLERS[rarbg].torrent
2015-03-30 22:26 - 2015-03-30 22:26 - 00033144 _____ () C:\Users\Karin\Documents\The.Walking.Dead.S05E15.PROPER.HDTV.x264-BATV[rarbg].torrent
2015-03-30 21:49 - 2015-03-30 21:54 - 250452562 _____ () C:\Users\Karin\Desktop\videoplayback.MP4
2015-03-30 21:46 - 2015-03-30 21:44 - 07927182 _____ () C:\Users\Karin\Desktop\1-07 Go With the Flow.m4a
2015-03-26 23:21 - 2015-03-31 19:09 - 00002724 _____ () C:\Windows\PFRO.log
2015-03-25 08:09 - 2015-03-25 08:09 - 03023680 _____ () C:\Users\Karin\Downloads\1348_092219.jpeg
2015-03-24 22:30 - 2015-03-24 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
2015-03-24 22:28 - 2015-03-24 22:28 - 00781928 _____ (Software ) C:\Users\Karin\Downloads\FlvPlayerSetup.exe
2015-03-18 23:13 - 2015-03-18 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-18 23:13 - 2015-03-18 23:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-18 12:34 - 2015-03-18 12:34 - 00001315 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting voor ondernemers 2014.lnk
2015-03-17 17:36 - 2015-04-01 18:45 - 00325036 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 08:42 - 2015-03-17 08:42 - 00221184 _____ () C:\Windows\system32\config\default.rhk
2015-03-17 08:42 - 2015-03-17 08:42 - 00053248 _____ () C:\Windows\system32\config\sam.rhk
2015-03-17 08:38 - 2015-03-17 08:42 - 58413056 _____ () C:\Windows\system32\config\software.rhk
2015-03-17 08:38 - 2015-03-17 08:38 - 00024576 _____ () C:\Windows\system32\config\security.rhk
2015-03-17 08:36 - 2015-03-17 08:43 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Wise Registry Cleaner
2015-03-17 08:36 - 2015-03-17 08:36 - 00000000 ____D () C:\Program Files\Wise
2015-03-11 19:59 - 2015-03-12 08:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-11 19:59 - 2015-03-11 19:59 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-11 19:59 - 2015-03-11 19:59 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-11 19:58 - 2015-04-01 14:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-11 19:55 - 2015-03-11 19:55 - 41009512 _____ () C:\Users\Karin\Downloads\Firefox Setup 36.0.1.exe
2015-03-11 10:59 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 10:58 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 10:57 - 2015-02-26 02:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 10:44 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 10:44 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 10:42 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 10:42 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 10:42 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 10:42 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 10:42 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 10:41 - 2015-03-06 06:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 10:40 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 10:39 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 10:23 - 2015-02-21 19:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 10:23 - 2015-02-21 19:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 10:23 - 2015-02-21 19:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 10:23 - 2015-02-21 19:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 10:23 - 2015-02-21 19:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 10:23 - 2015-02-21 19:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 10:23 - 2015-02-21 19:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 10:23 - 2015-02-21 19:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 10:23 - 2015-02-21 19:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 10:23 - 2015-02-21 19:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 10:23 - 2015-02-21 19:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 10:23 - 2015-02-21 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 10:23 - 2015-02-21 19:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 10:23 - 2015-02-21 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 10:23 - 2015-02-21 19:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 10:23 - 2015-02-21 19:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 10:23 - 2015-02-21 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-09 23:08 - 2015-03-09 23:08 - 00000509 _____ () C:\Windows\uninstallstickies.bat

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 18:45 - 2006-11-02 15:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-01 18:45 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 18:45 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 18:45 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 18:44 - 2009-04-06 17:37 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\stickies
2015-04-01 18:29 - 2009-06-30 22:18 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 18:29 - 2008-09-27 01:49 - 00027839 _____ () C:\ProgramData\nvModes.001
2015-04-01 18:29 - 2008-09-27 01:48 - 00027839 _____ () C:\ProgramData\nvModes.dat
2015-04-01 18:05 - 2009-06-30 22:18 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 18:04 - 2008-07-03 08:24 - 00724042 _____ () C:\Windows\system32\perfh013.dat
2015-04-01 18:04 - 2008-07-03 08:24 - 00152434 _____ () C:\Windows\system32\perfc013.dat
2015-04-01 18:04 - 2006-11-02 12:33 - 01632332 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 18:01 - 2013-01-16 15:55 - 00000256 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-04-01 17:54 - 2015-01-30 10:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 14:39 - 2009-08-19 00:03 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-04-01 09:13 - 2008-12-16 14:58 - 00000000 ____D () C:\Users\Karin
2015-04-01 09:13 - 2006-11-02 12:22 - 82837504 _____ () C:\Windows\system32\config\system_previous
2015-04-01 09:13 - 2006-11-02 12:22 - 59768832 _____ () C:\Windows\system32\config\software_previous
2015-04-01 09:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-01 09:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-01 09:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-04-01 09:06 - 2006-11-02 12:22 - 49283072 ____S () C:\Windows\system32\config\components_previous
2015-04-01 09:06 - 2006-11-02 12:22 - 00053248 ____S () C:\Windows\system32\config\sam_previous
2015-04-01 00:50 - 2006-11-02 12:22 - 00524288 ____S () C:\Windows\system32\config\default_previous
2015-04-01 00:50 - 2006-11-02 12:22 - 00262144 ____S () C:\Windows\system32\config\security_previous
2015-03-31 19:29 - 2012-08-17 15:12 - 00000000 ____D () C:\Users\Karin\AppData\Local\NPE
2015-03-31 17:40 - 2013-11-24 16:51 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Spotify
2015-03-31 17:40 - 2009-04-06 17:37 - 00000000 ____D () C:\Program Files\Stickies
2015-03-31 08:38 - 2012-12-18 04:45 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-31 08:38 - 2012-01-19 06:45 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\vlc
2015-03-30 21:51 - 2010-07-28 09:02 - 00000000 ____D () C:\Users\Karin\AppData\Local\CrashDumps
2015-03-30 15:26 - 2012-12-18 04:48 - 00000000 ___RD () C:\Users\Karin\Dropbox
2015-03-30 15:24 - 2012-12-18 04:45 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Dropbox
2015-03-29 13:23 - 2013-11-24 16:53 - 00000000 ____D () C:\Users\Karin\AppData\Local\Spotify
2015-03-29 11:14 - 2010-10-21 20:02 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Corel
2015-03-29 11:13 - 2010-10-21 19:54 - 00003036 ___SH () C:\Windows\system32\KGyGaAvL.sys
2015-03-29 10:12 - 2008-12-16 18:33 - 00000000 ____D () C:\Users\Karin\Documents\Karin
2015-03-24 22:48 - 2012-08-26 02:48 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2015-03-24 22:47 - 2012-08-26 02:49 - 00000000 ____D () C:\Users\Karin\Documents\RegRun2
2015-03-24 22:46 - 2012-08-26 02:49 - 00000000 ____D () C:\ProgramData\RegRun
2015-03-24 22:34 - 2006-11-02 12:23 - 00000326 _____ () C:\Windows\win.ini
2015-03-20 09:31 - 2013-11-24 16:53 - 00001711 _____ () C:\Users\Karin\Desktop\Spotify.lnk
2015-03-20 09:31 - 2013-11-24 16:53 - 00001697 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-18 12:37 - 2009-05-21 11:01 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Belastingdienst
2015-03-18 12:36 - 2009-05-21 11:01 - 00000000 ____D () C:\Users\Karin\Documents\Belastingdienst
2015-03-18 12:34 - 2009-05-21 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst
2015-03-18 12:34 - 2009-05-21 11:00 - 00000000 ____D () C:\Program Files\Belastingdienst
2015-03-17 17:26 - 2012-03-06 00:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 17:26 - 2008-12-16 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-11 19:17 - 2006-11-02 14:47 - 00323024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 10:59 - 2008-12-16 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 10:57 - 2013-08-08 00:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 10:45 - 2006-11-02 12:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-11 09:54 - 2012-04-12 04:42 - 00000000 ____D () C:\Program Files\RegistryNuke 2012
2015-03-11 08:41 - 2009-08-17 06:33 - 00000000 ____D () C:\Program Files\Opera
2015-03-10 17:08 - 2013-02-06 12:17 - 00000000 ____D () C:\Users\Karin\Documents\Mijn scans
2015-03-10 16:03 - 2009-03-04 18:33 - 00000000 ____D () C:\Program Files\Common Files\Motive
2015-03-10 16:03 - 2008-09-27 01:49 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2015-03-10 16:03 - 2008-04-10 12:26 - 00000000 ____D () C:\Windows\SMINST

==================== Files in the root of some directories =======

2013-11-02 18:33 - 2012-06-06 23:15 - 0015086 _____ () C:\Users\Karin\AppData\Roaming\shshortcut.ico
2009-07-21 19:03 - 2011-04-14 18:12 - 0000230 _____ () C:\Users\Karin\AppData\Roaming\wklnhst.dat
2008-12-16 15:12 - 2008-12-16 15:12 - 0000000 _____ () C:\Users\Karin\AppData\Local\AtStart.txt
2009-09-05 06:02 - 2013-12-28 18:29 - 0007592 _____ () C:\Users\Karin\AppData\Local\d3d9caps.dat
2008-12-21 12:14 - 2012-08-26 23:59 - 0023040 _____ () C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-16 15:12 - 2008-12-16 15:12 - 0000000 _____ () C:\Users\Karin\AppData\Local\DSwitch.txt
2011-09-16 19:35 - 2012-11-16 20:22 - 0000000 _____ () C:\Users\Karin\AppData\Local\FnF4.txt
2011-12-20 08:31 - 2011-12-20 08:51 - 0007836 ___SH () C:\Users\Karin\AppData\Local\i6jf67y2pq2kbw
2008-12-16 15:12 - 2008-12-16 15:12 - 0000000 _____ () C:\Users\Karin\AppData\Local\QSwitch.txt
2013-01-16 15:52 - 2013-01-16 15:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-02-10 09:21 - 2009-02-10 09:21 - 0000032 _____ () C:\ProgramData\ezsid.dat
2010-07-25 15:02 - 2013-02-04 11:30 - 0007462 _____ () C:\ProgramData\hpzinstall.log
2011-12-20 08:31 - 2011-12-20 08:51 - 0007836 ___SH () C:\ProgramData\i6jf67y2pq2kbw
2008-09-27 01:49 - 2015-04-01 18:29 - 0027839 _____ () C:\ProgramData\nvModes.001
2008-09-27 01:48 - 2015-04-01 18:29 - 0027839 _____ () C:\ProgramData\nvModes.dat
2014-06-17 16:15 - 2014-06-17 16:15 - 0004920 _____ () C:\ProgramData\onoetiwo.ruy
2015-03-31 19:31 - 2015-03-31 19:31 - 0000004 _____ () C:\ProgramData\SMRResults430.dat

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\SMRResults430.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2015-04-01 18:35

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Karin at 2015-04-01 18:50:37
Running from f:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Aangifte inkomstenbelasting 2009 (HKLM\...\Aangifte inkomstenbelasting 2009) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2010 (HKLM\...\Aangifte inkomstenbelasting 2010) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2011 (HKLM\...\Aangifte inkomstenbelasting 2011) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM\...\Aangifte inkomstenbelasting 2013) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting voor ondernemers 2014 (HKLM\...\Aangifte inkomstenbelasting voor ondernemers 2014) (Version:  - Belastingdienst)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AlphaBeam 3.2 (HKLM\...\AlphaBeam 3.2) (Version:  - )
AOL Toolbar 5.0 (HKLM\...\AOL Toolbar) (Version: 5.2.69.1 - AOL LLC)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 WLAN-adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.2.10218.1 - Cisco Consumer Products LLC)
Cisco Systems VPN Client 5.0.03.0560 (HKLM\...\{A7091E1D-36A4-47F1-A739-173CC341414F}) (Version: 5.0.3 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Corel Paint Shop Pro Photo XI (HKLM\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F4500_SW_MIN (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Elements 10 Organizer (Version: 10.0 - Adobe Systems Incorporated) Hidden
Express Scribe (HKLM\...\Scribe) (Version:  - NCH Software)
F4500 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Free Easy Burner V 3.9 (HKLM\...\Free Easy Burner_is1) (Version:  - Koyote soft)
Free Sound Recorder (HKLM\...\Free Sound Recorder) (Version:  - CoolRecordEdit Inc.)
GameXN GO (HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Game Organizer) (Version:  - GameXN AS)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard Active Check for Health Check (Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.64.0 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 3070 B611 series Basic Device Software (HKLM\...\{E51E24A4-B1E2-4B51-9217-F3FD6F4334D2}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Help (HKLM\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3070 B611 series Product Improvement Study (HKLM\...\{F8D4143B-6DB7-4D9B-8B69-275606FDA269}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Quick Launch Buttons 6.40 D1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D1 - Hewlett-Packard)
HP QuickPlay 3.7 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP QuickTouch 1.00 D2 (HKLM\...\{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}) (Version: 1.0.9 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP User Guides 0102 (HKLM\...\{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Huur- en zorgtoeslag 2009 (HKLM\...\Huur- en zorgtoeslag 2009) (Version:  - Belastingdienst)
Huur- en zorgtoeslag 2011 (HKLM\...\Huur- en zorgtoeslag 2011) (Version:  - Belastingdienst)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5893.0 - IDT)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
JMicron JMB38X Flash Media Controller (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.10.04 - JMicron Technology Corp.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)
LightScribe System Software  1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.43 - WildTangent)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Norton Security (HKLM\...\NS) (Version: 22.1.0.9 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
oDesk Team (HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\oDVT) (Version:  - oDesk Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Olympus Digital Wave Player (HKLM\...\{FB91E774-867B-4567-ACE7-8144EF036068}) (Version:  - )
Olympus DSS Player (HKLM\...\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}) (Version:  - )
OLYMPUS DSS Player-Lite (HKLM\...\{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}) (Version:  - )
Opera 9.64 (HKLM\...\{E1BBBAC5-2857-4155-82A6-54492CE88620}) (Version: 9.64 - Opera Software ASA)
Opera Stable 27.0.1689.69 (HKLM\...\Opera 27.0.1689.69) (Version: 27.0.1689.69 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
PamFax 3.0.0.3 (HKLM\...\{107CDD66-ED13-44C8-B392-D295B66AB6E8}_is1) (Version: 3.0.0.3 - Scendix Software GmbH)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
pomodairo (HKLM\...\pomodairo.1041936B6D0707C313E2E169D771193A7DFBADCC.1) (Version: 1.9 - UNKNOWN)
pomodairo (Version: 1.9 - UNKNOWN) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
PowerGramo Standard (HKLM\...\Powergramo) (Version: 2.0 - Freebird)
PRE10STIInstaller (Version: 1.0 - Adobe Systems Incorporated) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{0960BA8A-8A03-4FB0-9D28-9028F1414827}) (Version: 3.10 A7 - Hewlett-Packard)
PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickPlay SlingPlayer 0.4.6 (HKLM\...\SlingMedia.QPSlingPlayer_is1) (Version: 0.4.6 - SlingMedia)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Rapport (Version: 3.5.1404.75 - Trusteer) Hidden
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
RegistryBooster (HKLM\...\{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1) (Version: 6.1.4.0 - Uniblue Systems Limited)
RegistryNuke 2012 version 2.0.0.86 (HKLM\...\{D9DF8D5A-2160-402B-819F-A5A964215528}_is1) (Version: 2.0.0.86 - RegistryNuke, Inc.)
Safari (HKLM\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Safe Returner version 1.27.9 (HKLM\...\{E5874895-A35A-4EF9-8720-8FA946AF842F}_is1) (Version: 1.27.9 - SafeReturner Anti-Malware Studio)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SecureW2 EAP Suite 2.0.4 for Windows (HKLM\...\SecureW2 EAP Suite) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 Plugin (HKLM\...\{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Stickies 8.0c (HKLM\...\ZhornStickies) (Version:  - Zhorn Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.75 - Trusteer)
UnHackMe 5.99 release (HKLM\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zeepesizer 1.0 (HKLM\...\Zeepesizer) (Version: 1.0 - Mophides)
Zimbra Desktop (HKLM\...\{9945E868-8992-4776-905E-C4B2B43FCA4F}) (Version: 7.2.1.11637 - Zimbra)
Zylom Games Player Plugin (HKLM\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{44057856-4466-1542-2585-244995984230}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (Easybits)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-128393443-1509664233-60723751-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-03-2015 16:21:31 Language Pack Removal
30-03-2015 07:25:10 Language Pack Removal
30-03-2015 13:31:39 Language Pack Removal
30-03-2015 14:48:32 Language Pack Removal
31-03-2015 08:28:18 Language Pack Removal
31-03-2015 19:25:58 Norton_Power_Eraser_20150331192557932
31-03-2015 20:07:58 Language Pack Removal
31-03-2015 20:52:06 Language Pack Removal
01-04-2015 08:31:55 Language Pack Removal
01-04-2015 18:35:08 Language Pack Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02093E78-AAB9-485A-B709-CF5C87F91683} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: {2E349AAF-758D-456D-A3E2-1A577636FDE0} - System32\Tasks\{8598C369-D53E-4B3C-9D02-6B3D80E7906C} => pcalua.exe -a C:\Users\Karin\Downloads\Setup.exe -d C:\Users\Karin\Downloads
Task: {35DA0C3E-2448-4B41-AFFE-FF3BEDEDFEB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-23] (Adobe Systems Incorporated)
Task: {393A204C-1C26-458E-AEFB-A78770A2D17E} - \RegistryBooster Maintenance No Task File <==== ATTENTION
Task: {419E42E0-3360-4791-8895-2B53E79B6B72} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {47294EE1-C810-488C-B1EA-98D2D14CA2CA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {5390FB96-0BFB-4B64-ADB6-C2480EB389BE} - System32\Tasks\{C128704A-CB15-4913-AF4A-399760071041} => pcalua.exe -a "C:\Program Files\AlphaSmart\AlphaSmart IR Setup.exe" -d "C:\Program Files\AlphaSmart"
Task: {5D86EFC3-7A68-4C04-BDD9-5E1F7E68C58A} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-10] (Google)
Task: {6C037EDB-F231-4660-B0AC-AD2DCBB0FC95} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {918E2B70-C473-4B4D-BFBC-654FE2F57636} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation)
Task: {A122C8EF-E712-427D-8127-18093C09CC8D} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-03-30] (Hewlett-Packard Co.)
Task: {C5A1A941-360C-4F02-A874-77526E42BA4C} - System32\Tasks\{1176DD9B-481E-4095-9E8E-33D4D1104759} => pcalua.exe -a C:\Users\Karin\Downloads\DSSV6UPEN.exe -d C:\Users\Karin\Downloads
Task: {DACBAE8D-B151-4E21-811B-DD1B42ABCA7B} - System32\Tasks\AdobeAAMUpdater-1.0-Karin-PC-Karin => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {E3CF7C26-70B0-482D-BCFC-60A61FEA12D0} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.1.0.9\WSCStub.exe [2014-12-10] (Symantec Corporation)
Task: {E4D129DA-0F04-4691-817B-AF8BF26EA102} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {E58E68B6-6AED-482E-8615-3F3F802BCCD8} - System32\Tasks\Opera scheduled Autoupdate 1406613923 => C:\Program Files\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {E5F40778-1901-4495-9E6C-20A8D6E7A0DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {ED78F69D-7EB8-46BC-A030-414EE00C0C3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {EEFF8186-6C84-440E-9A7F-545A1B21DB3D} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.1.0.9\SymErr.exe [2014-12-03] (Symantec Corporation)
Task: {F876628B-B034-4798-9A2F-9B2AB8CDC7A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\$NtUninstallKB62280$:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate1c9a227a382d48c => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: QPCapSvc => 2
MSCONFIG\Services: QPSched => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 3.lnk => C:\Windows\pss\Device Detector 3.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk => C:\Windows\pss\Directrec Configuration Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk => C:\Windows\pss\VPN Client.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Karin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3070 B611 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3070 B611 series.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Karin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

==================== Accounts: =============================

Administrator (S-1-5-21-128393443-1509664233-60723751-500 - Administrator - Disabled)
Guest (S-1-5-21-128393443-1509664233-60723751-501 - Limited - Disabled)
Karin (S-1-5-21-128393443-1509664233-60723751-1000 - Administrator - Enabled) => C:\Users\Karin

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 06:50:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 06:19:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2015 08:18:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 08:37:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 07:59:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 07:17:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2015 08:14:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 09:49:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iTunes.exe, version 12.0.1.26, time stamp 0x543e558b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x72727543,
process id 0xb54, application start time 0xiTunes.exe0.

Error: (03/30/2015 02:41:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2015 01:24:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
BHDrvx86
ccSet_NS
DfsC
eeCtrl
IDSVix86
NetBIOS
netbt
nsiproxy
PSched
RapportKELL
RasAcd
rdbss
Smb
spldr
SRTSP
SRTSPX
SymIRON
SYMTDIv
tdx
Wanarpv6

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: SBSD Security Center Servicewscsvc

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec Policy AgentBFE

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (04/01/2015 06:50:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: SMB MiniRedirector Wrapper and EngineRedirected Buffering Sub Sysytem%%31


Microsoft Office Sessions:
=========================
Error: (02/17/2014 11:47:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4704 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (05/05/2013 08:00:16 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3395 seconds with 2160 seconds of active time.  This session ended with a crash.

Error: (03/14/2013 02:45:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21511 seconds with 8040 seconds of active time.  This session ended with a crash.

Error: (08/23/2012 03:31:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32715 seconds with 6120 seconds of active time.  This session ended with a crash.

Error: (09/27/2011 01:01:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10835 seconds with 960 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-04-01 18:50:03.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:50:02.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:50:01.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:50:00.822
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:49:58.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:49:58.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:49:57.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:49:56.579
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:49:55.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-01 18:49:55.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz
Percentage of memory in use: 18%
Total physical RAM: 3068.45 MB
Available physical RAM: 2501.95 MB
Total Pagefile: 6341.04 MB
Available Pagefile: 6016.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289 GB) (Free:130.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:9.09 GB) (Free:1.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:1.91 GB) (Free:1.7 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 68B15F77)
Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 02 April 2015 - 07:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\runonceex: [Flags] =>
HKLM\...\runonceex: [Title] => UnHackMe Rootkit Check
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
FF user.js: detected! => C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js [2015-03-24]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
CHR Extension: (Ask Toolbar) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-03-16]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
S3 MozillaMaintenance; No ImagePath
S2 Util Between Lines; "C:\Program Files\Between Lines\bin\utilBetweenLines.exe" [X]
S3 catchme; No ImagePath
U1 eabfiltr; No ImagePath
S3 IpInIp; No ImagePath
S3 MREMP50a64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50a64; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U0 Partizan; No ImagePath
S3 RegKernelHelp; No ImagePath
U2 wuaserv; No ImagePath
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
Task: {02093E78-AAB9-485A-B709-CF5C87F91683} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: {393A204C-1C26-458E-AEFB-A78770A2D17E} - \RegistryBooster Maintenance No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows\$NtUninstallKB62280$:SummaryInformation
C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer running now?

#3 akiiki

akiiki
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 02 April 2015 - 09:22 AM

Hi nasdaq, thanks for your reply! I ran the fix and AdwCleaner, but when I hit Clean, the program got stuck and I had to force it to close and rerun. Then it finished and asked to restart. Upon restarting the computer got stuck at a black screen not doing anything for 5-10 minutes. I shut it down and turned it on again and it asked my to run startup repair and then system recovery. Repairing and starting the computer again took about an hour (generally these days restarting takes about 20-30 minutes and it's especially slow connecting to the internet and opening Mozilla). Now the AdwCleaner is gone. Should I rerun everything? Here's the fix log though I guess that was also undone:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Karin at 2015-04-02 15:01:59 Run:1
Running from f:\
Loaded Profiles: Karin (Available profiles: Karin)
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\runonceex: [Flags] =>
HKLM\...\runonceex: [Title] => UnHackMe Rootkit Check
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
FF user.js: detected! => C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js [2015-03-24]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
CHR Extension: (Ask Toolbar) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-03-16]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
S3 MozillaMaintenance; No ImagePath
S2 Util Between Lines; "C:\Program Files\Between Lines\bin\utilBetweenLines.exe" [X]
S3 catchme; No ImagePath
U1 eabfiltr; No ImagePath
S3 IpInIp; No ImagePath
S3 MREMP50a64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50a64; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U0 Partizan; No ImagePath
S3 RegKernelHelp; No ImagePath
U2 wuaserv; No ImagePath
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION
Task: {02093E78-AAB9-485A-B709-CF5C87F91683} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-02-08] () <==== ATTENTION
Task: {393A204C-1C26-458E-AEFB-A78770A2D17E} - \RegistryBooster Maintenance No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows\$NtUninstallKB62280$:SummaryInformation
C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\Flags => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\Title => value deleted successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully.
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\SCRNSAVE.EXE => Value was restored successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value deleted successfully.
"HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => Key deleted successfully.
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => value deleted successfully.
HKCR\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value deleted successfully.
C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => Key deleted successfully.
MozillaMaintenance => Service deleted successfully.
Util Between Lines => Service deleted successfully.
catchme => Service deleted successfully.
eabfiltr => Service deleted successfully.
IpInIp => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
Partizan => Service deleted successfully.
RegKernelHelp => Service deleted successfully.
wuaserv => Service deleted successfully.
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.15.0 - Ask.com) <==== ATTENTION => Error: No automatic fix found for this entry.
Ask Toolbar Updater (HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.36191 - Ask.com) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02093E78-AAB9-485A-B709-CF5C87F91683}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02093E78-AAB9-485A-B709-CF5C87F91683}" => Key deleted successfully.
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{393A204C-1C26-458E-AEFB-A78770A2D17E}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryBooster Maintenance => Key not found.
C:\Windows\$NtUninstallKB62280$ => ":SummaryInformation" ADS removed successfully.
"C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 15:02:01 ====



#4 akiiki

akiiki
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 02 April 2015 - 09:23 AM

Btw once the computer is running it seems completely fine, so the problems only appear at startup.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 02 April 2015 - 01:01 PM

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.


I had kept a mental note to check further on this.
Now that you still have some issues lets check it out.

I taught that the repair of the restrictions would fix it.

Before you do download requested, run the Microsoft Update.
Click the Start button and type Check for Updates in the search field.

Run the application that you will see in the top pane.

If any error please post the exact message for my review.

===

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#6 akiiki

akiiki
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 02 April 2015 - 03:07 PM

Ok, I did the updates (only eight optional updates) and got the error 800705b4. Then I restarted and ran FSS. Here's the log:

 

Farbar Service Scanner Version: 17-01-2015
Ran by Karin (administrator) on 02-04-2015 at 22:05:43
Running from "C:\Users\Karin\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig"="0"


Security Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Security Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.



File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 03 April 2015 - 07:07 AM

Navigate to this vista registry files for Vista.
http://download.bleepingcomputer.com/win-services/vista/

Download the following files to your Desktop

iphlpsvc.reg
WinDefend.reg
wscsvc.reg


Double click each file and merge the information to the registry.

Restart the computer normally.

Next download to your Desktop the win-vista-action-center-notification-icon-missing.reg file from this link.

http://www.bleepstatic.com/fhost/uploads/1/win-vista-action-center-notification-icon-missing.reg

Double click the file and merge it to the registry.

Restart the computer normally.

====

Please run the Farbar Service Scanner again and post a fresh FSS log for my review.

How is the computer running now?

#8 akiiki

akiiki
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 03 April 2015 - 01:43 PM

I merged the three files and then hit restart, but the computer again got stuck at a black screen and I had to force shut down. Then of course it went back to repair and restore... Starting my computer, norton found errors 3035,6 and 3038,104; apparently fixed the first but not the second; says my computer is at risk, but live update and fix it don't help. Any idea why my computer keeps getting stuck on shut down?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 04 April 2015 - 07:00 AM

Before you shutdown you computer next time close all the running programs.

If the shutdown goes well it means that a running program is causing this.
By trial and error you may be able to identify the culprit by not closing one of the running programs at shutdown.

Take a note of the program that was left running and if all is well then next time check an other running program until you find out which is the culprit.
===

Can you please run the Farbar Service Scanner again and post a fresh FSS log for my review.

#10 akiiki

akiiki
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 08 April 2015 - 02:23 AM

Hi again, sorry for the delay. I always close all programs before shut down, except stickies. I uninstalled it but I am not sure whether it helped. It seems the problems shutting down happen when I make changes like installing or uninstalling a program or the changes you suggested above. Other than that Norton hasn't identified any viruses in the last few days but still the computer start-up is extremely slow, especially connecting to the internet and starting firefox, which takes 10-15 minutes (I can open and use other programs in the meantime). Here's the FRST log. Thanks for your patience!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Karin (administrator) on KARIN-PC on 08-04-2015 08:43:30
Running from f:\
Loaded Profiles: Karin (Available profiles: Karin)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\runonceex: [Flags] =>
HKLM\...\runonceex: [Title] => UnHackMe Rootkit Check
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-19\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Run: [Spotify Web Helper] => C:\Users\Karin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1964088 2015-03-20] (Spotify Ltd)
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\MountPoints2: {6e1e44a2-f86e-11df-a24d-00238b0688f7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\upgrade.htm
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [] => [X]
Startup: C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=83&bd=Pavilion&pf=cnnb
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> DefaultScope {E6568FEB-335D-415F-8776-178C8FDA5229} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> {E6568FEB-335D-415F-8776-178C8FDA5229} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-03] (RealPlayer)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-23] (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-10] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-23] (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-03-16] (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.2.0.31\coIEPlg.dll [2015-03-30] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-128393443-1509664233-60723751-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game07.zylom.com/activex/zylomgamesplayer.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.46.228.196 62.179.104.196

FireFox:
========
FF ProfilePath: C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277
FF Homepage: mail.yahoo.com
FF NetworkProxy: "autoconfig_url", "http://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-05-23] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-10] (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2009-04-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2009-04-03] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2009-04-03] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-07-31] (Zylom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-128393443-1509664233-60723751-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Karin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-29] (Citrix Online)
FF Plugin HKU\S-1-5-21-128393443-1509664233-60723751-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [1999-12-31] (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js [2015-03-24]
FF Extension: Disconnect - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\Extensions\2.0@disconnect.me.xpi [2015-03-23]
FF Extension: Media Hint - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\Extensions\mediahint@jetpack.xpi [2015-03-23]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord [2009-04-03]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-11]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-04]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.1.0.9\coFFPlgn [2015-04-08]
FF HKU\S-1-5-21-128393443-1509664233-60723751-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-03-16]
CHR Extension: (Norton Identity Protection) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-11]
CHR Extension: (Google Wallet) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.2.0.31\Exts\Chrome.crx [2015-04-08]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

S2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [73728 2008-02-12] (Andrea Electronics Corporation)
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2008-06-19] (Cisco Systems, Inc.)
S2 DM1Service; C:\Program Files\Olympus\DeviceDetector\DM1Service.exe [73728 2007-06-11] (OLYMPUS IMAGING CORP.)
S4 gupdate1c9a227a382d48c; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard)
S2 NS; C:\Program Files\Norton Security\Engine\22.2.0.31\NS.exe [282528 2015-04-01] (Symantec Corporation)
S4 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-23] ()
S4 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-23] ()
S2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2015-02-12] (IBM Corp.)
S2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe [221239 2008-04-15] (IDT, Inc.)
S3 MozillaMaintenance; No ImagePath
S2 Util Between Lines; "C:\Program Files\Between Lines\bin\utilBetweenLines.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [45696 2008-01-21] (Microsoft Corporation)
S1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NS\1602000.01F\ccSetx86.sys [128728 2014-09-09] (Symantec Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2008-06-19] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [125328 2008-03-29] (Deterministic Networks, Inc.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-11-25] (Symantec Corporation)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
S1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150407.001_fdd\IDSvix86.sys [505048 2015-04-07] (Symantec Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2008-11-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2008-11-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NAVENG; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150407.001\NAVENG.SYS [95704 2015-03-30] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Security\NortonData\22.1.0.9\Definitions\VirusDefs\20150407.001\NAVEX15.SYS [1636696 2015-03-30] (Symantec Corporation)
S1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys [472152 2015-02-24] (IBM Corp.)
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2015-02-12] (IBM Corp.)
S0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208856 2015-02-12] (IBM Corp.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2015-02-12] (IBM Corp.)
S3 RegGuard; C:\Windows\system32\Drivers\regguard.sys [24416 2015-01-13] (Greatis Software)
S1 SRTSP; C:\Windows\System32\Drivers\NS\1602000.01F\SRTSP.SYS [702168 2015-03-27] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NS\1602000.01F\SRTSPX.SYS [36056 2014-12-02] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NS\1602000.01F\SYMDS.SYS [364760 2014-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NS\1602000.01F\SYMEFA.SYS [939224 2014-09-09] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [94424 2014-12-29] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NS\1602000.01F\Ironx86.SYS [212696 2014-09-09] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NS\1602000.01F\SYMTDIV.SYS [358104 2014-09-09] (Symantec Corporation)
S3 VNUSB; C:\Windows\System32\DRIVERS\VNUSB.sys [38496 2006-04-07] (OLYMPUS IMAGING CORP.)
S3 catchme; No ImagePath
U1 eabfiltr; No ImagePath
S3 IpInIp; No ImagePath
S3 MREMP50a64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50a64; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U0 Partizan; No ImagePath
S3 RegKernelHelp; No ImagePath
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-07 18:50 - 2015-04-07 19:10 - 00032768 ____H () C:\Users\Karin\Desktop\~WRL0003.tmp
2015-04-02 21:01 - 2015-04-02 21:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-04-02 20:48 - 2015-04-02 21:01 - 00000818 _____ () C:\Windows\setupact.log
2015-04-02 20:48 - 2015-04-02 20:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-02 20:45 - 2015-04-02 20:45 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-04-02 20:33 - 2015-04-02 20:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-02 20:16 - 2015-04-02 20:16 - 00415232 _____ (Farbar) C:\Users\Karin\Downloads\FSS.exe
2015-04-02 15:25 - 2015-04-02 15:43 - 00000000 ____D () C:\AdwCleaner
2015-04-02 13:40 - 2015-03-12 11:16 - 1040914432 _____ () C:\Users\Karin\Desktop\zeep.mpg
2015-04-01 18:48 - 2015-04-08 08:43 - 00000000 ____D () C:\FRST
2015-03-31 19:31 - 2015-03-31 19:31 - 00000004 _____ () C:\ProgramData\SMRResults430.dat
2015-03-31 19:09 - 2015-03-31 19:09 - 00000000 ____D () C:\NPE
2015-03-30 21:46 - 2015-03-30 21:44 - 07927182 _____ () C:\Users\Karin\Desktop\1-07 Go With the Flow.m4a
2015-03-26 23:21 - 2015-03-31 19:09 - 00002724 _____ () C:\Windows\PFRO.log
2015-03-25 08:09 - 2015-03-25 08:09 - 03023680 _____ () C:\Users\Karin\Downloads\1348_092219.jpeg
2015-03-24 22:28 - 2015-03-24 22:28 - 00781928 _____ (Software ) C:\Users\Karin\Downloads\FlvPlayerSetup.exe
2015-03-18 23:13 - 2015-03-18 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-18 23:13 - 2015-03-18 23:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-18 12:34 - 2015-03-18 12:34 - 00001315 _____ () C:\Users\Public\Desktop\Aangifte inkomstenbelasting voor ondernemers 2014.lnk
2015-03-17 17:36 - 2015-04-08 08:21 - 00511620 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 08:42 - 2015-03-17 08:42 - 00221184 _____ () C:\Windows\system32\config\default.rhk
2015-03-17 08:42 - 2015-03-17 08:42 - 00053248 _____ () C:\Windows\system32\config\sam.rhk
2015-03-17 08:38 - 2015-03-17 08:42 - 58413056 _____ () C:\Windows\system32\config\software.rhk
2015-03-17 08:38 - 2015-03-17 08:38 - 00024576 _____ () C:\Windows\system32\config\security.rhk
2015-03-17 08:36 - 2015-03-17 08:43 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Wise Registry Cleaner
2015-03-17 08:36 - 2015-03-17 08:36 - 00000000 ____D () C:\Program Files\Wise
2015-03-11 19:59 - 2015-03-12 08:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-11 19:59 - 2015-03-11 19:59 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-11 19:59 - 2015-03-11 19:59 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-11 19:58 - 2015-04-07 10:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-11 19:55 - 2015-03-11 19:55 - 41009512 _____ () C:\Users\Karin\Downloads\Firefox Setup 36.0.1.exe
2015-03-11 10:59 - 2015-01-29 03:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 10:58 - 2015-01-29 03:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 10:57 - 2015-02-26 02:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 10:44 - 2015-02-20 04:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 10:44 - 2015-02-20 02:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 10:42 - 2015-02-26 04:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 10:42 - 2015-02-26 04:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 10:42 - 2015-01-21 04:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 10:42 - 2015-01-09 04:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 10:42 - 2015-01-09 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 10:41 - 2015-03-06 06:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 10:40 - 2014-10-13 03:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-11 10:39 - 2015-02-18 04:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 10:23 - 2015-02-21 19:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 10:23 - 2015-02-21 19:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 10:23 - 2015-02-21 19:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 10:23 - 2015-02-21 19:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 10:23 - 2015-02-21 19:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 10:23 - 2015-02-21 19:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 10:23 - 2015-02-21 19:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 10:23 - 2015-02-21 19:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 10:23 - 2015-02-21 19:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 10:23 - 2015-02-21 19:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 10:23 - 2015-02-21 19:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 10:23 - 2015-02-21 19:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 10:23 - 2015-02-21 19:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 10:23 - 2015-02-21 19:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 10:23 - 2015-02-21 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 10:23 - 2015-02-21 19:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 10:23 - 2015-02-21 19:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 10:23 - 2015-02-21 19:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 08:43 - 2006-11-02 12:22 - 82837504 _____ () C:\Windows\system32\config\system_previous
2015-04-08 08:43 - 2006-11-02 12:22 - 59768832 _____ () C:\Windows\system32\config\software_previous
2015-04-08 08:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-08 08:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-08 08:42 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-04-08 08:36 - 2006-11-02 15:01 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-08 08:36 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 08:36 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 08:36 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 08:33 - 2014-12-29 23:27 - 00000000 ____D () C:\Windows\system32\Drivers\NS
2015-04-08 08:33 - 2006-11-02 12:22 - 49283072 ____S () C:\Windows\system32\config\components_previous
2015-04-08 08:33 - 2006-11-02 12:22 - 00053248 ____S () C:\Windows\system32\config\sam_previous
2015-04-08 08:30 - 2014-12-29 23:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-04-08 08:29 - 2008-09-27 01:48 - 00027839 _____ () C:\ProgramData\nvModes.dat
2015-04-08 08:27 - 2009-06-30 22:18 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-08 08:27 - 2008-09-27 01:49 - 00027839 _____ () C:\ProgramData\nvModes.001
2015-04-08 08:20 - 2008-07-03 08:24 - 00724042 _____ () C:\Windows\system32\perfh013.dat
2015-04-08 08:20 - 2008-07-03 08:24 - 00152434 _____ () C:\Windows\system32\perfc013.dat
2015-04-08 08:20 - 2006-11-02 12:33 - 01632332 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 08:13 - 2009-06-30 22:18 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-08 08:00 - 2009-04-06 17:37 - 00000000 ____D () C:\Program Files\Stickies
2015-04-08 07:57 - 2015-01-30 10:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 07:56 - 2009-04-06 17:37 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\stickies
2015-04-08 07:46 - 2008-12-16 14:58 - 00000000 ____D () C:\Users\Karin
2015-04-08 07:27 - 2006-11-02 12:22 - 00524288 ____S () C:\Windows\system32\config\default_previous
2015-04-08 07:27 - 2006-11-02 12:22 - 00262144 ____S () C:\Windows\system32\config\security_previous
2015-04-08 01:09 - 2013-11-24 16:51 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Spotify
2015-04-05 23:01 - 2013-01-16 15:55 - 00000256 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2015-04-05 19:48 - 2009-08-19 00:03 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-04-04 20:11 - 2010-10-21 19:54 - 00003036 ___SH () C:\Windows\system32\KGyGaAvL.sys
2015-04-04 08:27 - 2009-03-11 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-02 21:06 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-04-02 20:40 - 2009-05-21 11:01 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Belastingdienst
2015-04-02 18:41 - 2013-11-24 16:53 - 00000000 ____D () C:\Users\Karin\AppData\Local\Spotify
2015-04-02 17:25 - 2010-07-28 09:02 - 00000000 ____D () C:\Users\Karin\AppData\Local\CrashDumps
2015-04-02 16:54 - 2015-02-15 04:24 - 00000000 ____D () C:\Windows\system32\store
2015-04-02 16:54 - 2014-09-22 08:04 - 00000000 ____D () C:\Users\Karin\AppData\Local\GameXN
2015-04-02 16:54 - 2013-06-14 07:53 - 00000000 ____D () C:\Users\Karin\AppData\Local\oDesk
2015-04-02 16:54 - 2013-02-22 08:24 - 00000000 ____D () C:\Program Files\Ask.com
2015-04-02 16:54 - 2013-01-16 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-04-02 16:54 - 2013-01-16 15:54 - 00000000 ____D () C:\Program Files\Coupons
2015-04-02 16:54 - 2012-12-18 04:45 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-02 16:54 - 2012-10-07 06:38 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-02 16:54 - 2012-03-02 15:38 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-04-02 16:54 - 2012-01-19 06:45 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\vlc
2015-04-02 16:54 - 2010-09-01 13:41 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PamFax
2015-04-02 16:54 - 2010-02-04 12:49 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WLAN Software
2015-04-02 16:54 - 2009-06-29 16:58 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
2015-04-02 16:54 - 2009-04-18 08:30 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2015-04-02 16:54 - 2009-02-10 09:10 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Skype
2015-04-02 16:54 - 2008-12-16 15:12 - 00000000 ____D () C:\Users\Karin\AppData\Local\QuickPlay
2015-04-02 16:54 - 2008-12-16 15:03 - 00000000 ____D () C:\Users\Karin\AppData\Local\Microsoft Help
2015-04-02 16:54 - 2008-12-16 14:58 - 00000000 ___RD () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-02 16:54 - 2008-12-16 14:58 - 00000000 ___RD () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 16:54 - 2008-12-16 14:58 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2015-04-02 16:54 - 2008-12-16 14:58 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-04-02 12:24 - 2013-02-06 12:17 - 00000000 ____D () C:\Users\Karin\Documents\Mijn scans
2015-04-01 21:19 - 2009-01-25 09:46 - 00000000 ____D () C:\Users\Karin\Documents\Youcam
2015-03-31 19:29 - 2012-08-17 15:12 - 00000000 ____D () C:\Users\Karin\AppData\Local\NPE
2015-03-30 15:26 - 2012-12-18 04:48 - 00000000 ___RD () C:\Users\Karin\Dropbox
2015-03-30 15:24 - 2012-12-18 04:45 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Dropbox
2015-03-29 11:14 - 2010-10-21 20:02 - 00000000 ____D () C:\Users\Karin\AppData\Roaming\Corel
2015-03-29 10:12 - 2008-12-16 18:33 - 00000000 ____D () C:\Users\Karin\Documents\Karin
2015-03-24 22:48 - 2012-08-26 02:48 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2015-03-24 22:47 - 2012-08-26 02:49 - 00000000 ____D () C:\Users\Karin\Documents\RegRun2
2015-03-24 22:46 - 2012-08-26 02:49 - 00000000 ____D () C:\ProgramData\RegRun
2015-03-24 22:34 - 2006-11-02 12:23 - 00000326 _____ () C:\Windows\win.ini
2015-03-20 09:31 - 2013-11-24 16:53 - 00001711 _____ () C:\Users\Karin\Desktop\Spotify.lnk
2015-03-20 09:31 - 2013-11-24 16:53 - 00001697 _____ () C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-18 12:36 - 2009-05-21 11:01 - 00000000 ____D () C:\Users\Karin\Documents\Belastingdienst
2015-03-18 12:34 - 2009-05-21 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst
2015-03-18 12:34 - 2009-05-21 11:00 - 00000000 ____D () C:\Program Files\Belastingdienst
2015-03-17 17:26 - 2012-03-06 00:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-17 17:26 - 2008-12-16 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-11 19:17 - 2006-11-02 14:47 - 00323024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 10:59 - 2008-12-16 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 10:57 - 2013-08-08 00:14 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 10:45 - 2006-11-02 12:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-11 09:54 - 2012-04-12 04:42 - 00000000 ____D () C:\Program Files\RegistryNuke 2012
2015-03-11 08:41 - 2009-08-17 06:33 - 00000000 ____D () C:\Program Files\Opera
2015-03-10 16:03 - 2009-03-04 18:33 - 00000000 ____D () C:\Program Files\Common Files\Motive
2015-03-10 16:03 - 2008-09-27 01:49 - 00000000 ____D () C:\Program Files\Common Files\LightScribe
2015-03-10 16:03 - 2008-04-10 12:26 - 00000000 ____D () C:\Windows\SMINST

==================== Files in the root of some directories =======

2013-11-02 18:33 - 2012-06-06 23:15 - 0015086 _____ () C:\Users\Karin\AppData\Roaming\shshortcut.ico
2009-07-21 19:03 - 2011-04-14 18:12 - 0000230 _____ () C:\Users\Karin\AppData\Roaming\wklnhst.dat
2008-12-16 15:12 - 2008-12-16 15:12 - 0000000 _____ () C:\Users\Karin\AppData\Local\AtStart.txt
2009-09-05 06:02 - 2013-12-28 18:29 - 0007592 _____ () C:\Users\Karin\AppData\Local\d3d9caps.dat
2008-12-21 12:14 - 2012-08-26 23:59 - 0023040 _____ () C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-16 15:12 - 2008-12-16 15:12 - 0000000 _____ () C:\Users\Karin\AppData\Local\DSwitch.txt
2011-09-16 19:35 - 2012-11-16 20:22 - 0000000 _____ () C:\Users\Karin\AppData\Local\FnF4.txt
2011-12-20 08:31 - 2011-12-20 08:51 - 0007836 ___SH () C:\Users\Karin\AppData\Local\i6jf67y2pq2kbw
2008-12-16 15:12 - 2008-12-16 15:12 - 0000000 _____ () C:\Users\Karin\AppData\Local\QSwitch.txt
2013-01-16 15:52 - 2013-01-16 15:52 - 0000057 _____ () C:\ProgramData\Ament.ini
2009-02-10 09:21 - 2009-02-10 09:21 - 0000032 _____ () C:\ProgramData\ezsid.dat
2010-07-25 15:02 - 2013-02-04 11:30 - 0007462 _____ () C:\ProgramData\hpzinstall.log
2011-12-20 08:31 - 2011-12-20 08:51 - 0007836 ___SH () C:\ProgramData\i6jf67y2pq2kbw
2008-09-27 01:49 - 2015-04-08 08:27 - 0027839 _____ () C:\ProgramData\nvModes.001
2008-09-27 01:48 - 2015-04-08 08:29 - 0027839 _____ () C:\ProgramData\nvModes.dat
2014-06-17 16:15 - 2014-06-17 16:15 - 0004920 _____ () C:\ProgramData\onoetiwo.ruy
2015-03-31 19:31 - 2015-03-31 19:31 - 0000004 _____ () C:\ProgramData\SMRResults430.dat

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\SMRResults430.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2015-04-08 08:21

==================== End Of Log ============================



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 08 April 2015 - 07:42 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\runonceex: [Flags] =>
HKLM\...\runonceex: [Title] => UnHackMe Rootkit Check
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
FF user.js: detected! => C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js [2015-03-24]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
CHR Extension: (No Name) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-03-16]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 MozillaMaintenance; No ImagePath
S2 Util Between Lines; "C:\Program Files\Between Lines\bin\utilBetweenLines.exe" [X]
S3 catchme; No ImagePath
U1 eabfiltr; No ImagePath
S3 IpInIp; No ImagePath
S3 MREMP50a64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50a64; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U0 Partizan; No ImagePath
S3 RegKernelHelp; No ImagePath
U2 wuaserv; No ImagePath

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===


ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.


To investigate this further please run this tool. You may still have it on your computer.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

How is the computer running now?

#12 akiiki

akiiki
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 08 April 2015 - 03:25 PM

This time I was able to complete all the steps without the computer crashing, yay! But it's still extremely slow on start-up. Here are all the logs.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Karin at 2015-04-08 18:56:23 Run:2
Running from f:\
Loaded Profiles: Karin (Available profiles: Karin)
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\runonceex: [Flags] =>
HKLM\...\runonceex: [Title] => UnHackMe Rootkit Check
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-128393443-1509664233-60723751-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2012-06-11] (Yahoo! Inc.)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2013-02-08] (Ask)
FF user.js: detected! => C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js [2015-03-24]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
CHR Extension: (No Name) - C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [2013-03-16]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 MozillaMaintenance; No ImagePath
S2 Util Between Lines; "C:\Program Files\Between Lines\bin\utilBetweenLines.exe" [X]
S3 catchme; No ImagePath
U1 eabfiltr; No ImagePath
S3 IpInIp; No ImagePath
S3 MREMP50a64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50a64; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
U0 Partizan; No ImagePath
S3 RegKernelHelp; No ImagePath
U2 wuaserv; No ImagePath

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\Flags => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\Title => value deleted successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully.
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Control Panel\Desktop\\SCRNSAVE.EXE => Value was restored successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value deleted successfully.
"HKCR\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => Key deleted successfully.
HKU\S-1-5-21-128393443-1509664233-60723751-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} => value deleted successfully.
HKCR\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\uo56mov4.default-1427097168277\user.js => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} => value deleted successfully.
C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
MozillaMaintenance => Service deleted successfully.
Util Between Lines => Service deleted successfully.
catchme => Service deleted successfully.
eabfiltr => Service deleted successfully.
IpInIp => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
Partizan => Service deleted successfully.
RegKernelHelp => Service deleted successfully.
wuaserv => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 18:56:24 ====

 

 

 

# AdwCleaner v4.200 - Logfile created 02/04/2015 at 15:29:47
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Karin - KARIN-PC
# Running from : C:\Users\Karin\Desktop\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Windows\system32\Store
Folder Deleted : C:\Users\Karin\AppData\Local\apn
Folder Deleted : C:\Users\Karin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Karin\AppData\LocalLow\AskToolbar
# AdwCleaner v4.201 - Logfile created 08/04/2015 at 19:24:27
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Karin - KARIN-PC
# Running from : C:\Users\Karin\Desktop\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Windows\system32\Store

***** [ Scheduled tasks ] *****

Task Deleted : RunAsStdUser Task for VeohWebPlayer
Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\5dedc8be135e948
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\FlvPlayer
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v41.0.2272.118


-\\ Opera v27.0.1689.76


*************************

AdwCleaner[R0].txt - [23444 bytes] - [02/04/2015 15:25:34]
AdwCleaner[R1].txt - [11731 bytes] - [02/04/2015 15:40:26]
AdwCleaner[S0].txt - [11973 bytes] - [02/04/2015 15:29:47]
AdwCleaner[S1].txt - [11936 bytes] - [02/04/2015 15:43:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12093  bytes] ##########
 

 

 

<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log> -<header> <date>2015/04/08 19:48:10 +0200</date> <logfile>mbam-log-2015-04-08 (19-48-07).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.01.4.1018</version> <malware-database>v2015.04.08.05</malware-database> <rootkit-database>v2015.03.31.01</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows Vista Service Pack 2</osversion> <arch>x86</arch> <username>Karin</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>337107</objects> <time>1465</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>1</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<file><path>C:\Users\Karin\Downloads\FlvPlayerSetup.exe</path><vendor>PUP.Optional.InstallCore.SID.A</vendor><action>success</action><hash>54d1f476008a5bdbf2a62b0b9f67ba46</hash></file> </items> </mbam-log>

 

 

<?xml version="1.0" encoding="UTF-16"?>
-<mbam-log> -<header> <date>2015/04/08 20:28:35 +0200</date> <logfile>mbam-log-2015-04-08 (20-28-20).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.01.4.1018</version> <malware-database>v2015.04.08.06</malware-database> <rootkit-database>v2015.03.31.01</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows Vista Service Pack 2</osversion> <arch>x86</arch> <username>Karin</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>337681</objects> <time>1617</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>3</folders> <files>0</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>enabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<folder><path>C:\Windows\$NtUninstallKB62280$\485945278\L</path><vendor>Backdoor.0Access</vendor><action>success</action><hash>3aec99d167232d092ac29a66ea1601ff</hash></folder> -<folder><path>C:\Windows\$NtUninstallKB62280$\485945278\U</path><vendor>Backdoor.0Access</vendor><action>success</action><hash>2bfb65051b6fc96d935a936d45bbc937</hash></folder> -<folder><path>C:\Windows\$NtUninstallKB62280$\485945278</path><vendor>Backdoor.0Access</vendor><action>success</action><hash>6db978f21773ad891ed17b85a45c718f</hash></folder> </items> </mbam-log>

 

<?xml version="1.0" encoding="UTF-8"?>
-<logs> <record subtype="Malware Protection" result="Starting" last_modified_tag="3a99558b-a4a5-4f7d-90a6-901b647f4653" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T19:47:37.725169+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malware Protection" result="Started" last_modified_tag="c966b099-08db-4605-b178-758468257ac5" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T19:47:37.807169+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="30e270ad-9f86-4716-89ff-1179f904068c" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T19:47:37.953169+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Failed" last_modified_tag="47f35b5d-efc7-4386-b527-8ab4ad3d7fca" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T19:47:38.078169+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="7eee0be3-863d-4607-bd02-085542dd1503" systemname="KARIN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-08T19:47:38.092169+02:00" LoggingEventType="4" severity="debug" message="MWAC::CreateList - Rules IP Block List" code="3221225473"/> <record last_modified_tag="b5cf2b98-7189-4a9b-9b9d-76e5372c2187" systemname="KARIN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-08T19:47:45.092169+02:00" LoggingEventType="1" severity="debug" toVersion="2015.4.6.2" name="Remediation Database" fromVersion="2015.3.9.1"/> <record last_modified_tag="f9ae67da-b0d8-4416-b516-4486b07ed6db" systemname="KARIN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-08T19:47:45.142169+02:00" LoggingEventType="1" severity="debug" toVersion="2015.3.31.1" name="Rootkit Database" fromVersion="2015.2.25.1"/> <record last_modified_tag="81e3c899-2890-49c8-891e-fb80c2c02c0a" systemname="KARIN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-08T19:47:57.532169+02:00" LoggingEventType="1" severity="debug" toVersion="2015.4.8.5" name="Malware Database" fromVersion="2015.3.9.5"/> <record subtype="Refresh" result="Starting" last_modified_tag="021fb1c2-93fb-4f17-b0f9-7aed3e4b5538" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T19:47:57.633169+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Refresh" result="Success" last_modified_tag="31d7b896-cda2-4dcf-845c-5e709e67aee9" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T19:48:11.802169+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="56629e59-bd5c-429d-894b-5e6a6f4cdcee" systemname="KARIN-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2015-04-08T20:12:48.706169+02:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="1" malwaredetections="0" duration="1465" starttime="2015-04-08T19:48:10+02:00" scantype="threat"/> <record subtype="Malware Protection" result="Starting" last_modified_tag="ce8fbad7-2ad7-43ce-a072-2df31722b216" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:18:28.181136+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malware Protection" result="Started" last_modified_tag="a8c6ddcf-f594-4d25-925b-fedb20de5495" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:18:28.212336+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="0a964354-9b4c-4548-9fcf-949ea6f218e0" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:18:28.321536+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Failed" last_modified_tag="0df248fb-9ffe-4322-b5ba-313b6a65a086" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:23:22.989936+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="20da9137-8651-40c4-9b60-fb2e9be5f163" systemname="KARIN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-08T20:23:23.005536+02:00" LoggingEventType="4" severity="debug" message="MWAC::CreateList - Rules IP Block List" code="3221225473"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="57bfe5a2-04de-462b-a085-d9ba7832d3ad" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:24:45.315136+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Failed" last_modified_tag="35f15adf-9e79-4d60-b7b2-74447ffd847f" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:24:45.486736+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="6e67d113-c854-46a0-ab88-8fa7d9a5d163" systemname="KARIN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-08T20:24:45.580336+02:00" LoggingEventType="4" severity="debug" message="MWAC::CreateList - Rules IP Block List" code="3221225473"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="818af4c6-0653-47c7-802e-fc81789fe991" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:24:53.096736+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Failed" last_modified_tag="6fd5664f-1f6e-42c9-8782-596527b93f3d" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:24:53.237136+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="d6f7e9fd-f192-46e1-8ef0-0265698a2b61" systemname="KARIN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-08T20:24:53.252736+02:00" LoggingEventType="4" severity="debug" message="MWAC::CreateList - Rules IP Block List" code="3221225473"/> <record last_modified_tag="546afec6-2a9d-46ce-9ab8-bcfafb57e8d3" systemname="KARIN-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-08T20:28:33.851336+02:00" LoggingEventType="1" severity="debug" toVersion="2015.4.8.6" name="Malware Database" fromVersion="2015.4.8.5"/> <record subtype="Refresh" result="Starting" last_modified_tag="01872a74-44a6-4a2d-a924-26a86df67482" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:28:33.976136+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Refresh" result="Success" last_modified_tag="7e8050be-8000-4322-8526-50161da59973" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T20:28:49.544936+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="654e98e2-4f35-444c-9722-89a30a355aab" systemname="KARIN-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2015-04-08T20:59:54.804336+02:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="3" duration="1617" starttime="2015-04-08T20:28:35+02:00" scantype="threat"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="a85919f4-14b7-4b8e-9b8d-e7dba1eb9a31" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:00:28.188336+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Failed" last_modified_tag="265647a3-384f-4303-9bbe-3a551fdaa943" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:00:28.469136+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="b6e51cae-e01f-4183-ab61-5a583d9e5a3f" systemname="KARIN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-08T21:00:28.484736+02:00" LoggingEventType="4" severity="debug" message="MWAC::CreateList - Rules IP Block List" code="3221225473"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="3ad273d7-cf87-4b88-ace5-ac9f4c3782a5" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:02:33.830736+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Failed" last_modified_tag="3ce456ab-49b1-4bd5-b967-b65a0e73f096" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:02:35.047536+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="829c0f94-4a2b-4fe3-9b16-a7bdc2364d60" systemname="KARIN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-08T21:02:35.063136+02:00" LoggingEventType="4" severity="debug" message="MWAC::CreateList - Rules IP Block List" code="3221225473"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="b1e81e02-6376-4fae-b561-a44e648a4d36" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:02:35.219136+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Failed" last_modified_tag="53744465-efe4-4ac3-9277-37f19e69b121" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:02:35.375136+02:00" LoggingEventType="2" severity="debug"/> <record last_modified_tag="a3967fe3-e15b-4a33-b1da-651b61c4fa69" systemname="KARIN-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-08T21:02:35.390736+02:00" LoggingEventType="4" severity="debug" message="MWAC::CreateList - Rules IP Block List" code="3221225473"/> <record subtype="Malware Protection" result="Starting" last_modified_tag="aa8d177d-8a37-4145-8e57-c43cd95ba7ca" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:07:48.556464+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malware Protection" result="Started" last_modified_tag="c9ba9269-b2b1-4ea9-bf79-ddbda0733b68" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:07:48.729464+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="f3c889e4-fd4f-4b79-8901-aa90d7fbc4db" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:07:48.846464+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Started" last_modified_tag="be5021cd-1c0f-40dc-84a3-3cb5a4afc435" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:16:48.553464+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malware Protection" result="Starting" last_modified_tag="26f333bb-1f2c-4d6e-bf73-c22a43a750c7" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:39:40.992858+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malware Protection" result="Started" last_modified_tag="48a6bff2-b94f-42fe-9682-b0ebfb952164" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:39:41.055258+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Starting" last_modified_tag="2f98d711-3474-4176-ae51-8324416c89cc" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:39:41.164458+02:00" LoggingEventType="2" severity="debug"/> <record subtype="Malicious Website Protection" result="Started" last_modified_tag="8f00abb3-466f-4d17-a6c4-c0e343f21b81" systemname="KARIN-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-08T21:48:15.903058+02:00" LoggingEventType="2" severity="debug"/> </logs>

 

 

Farbar Service Scanner Version: 17-01-2015
Ran by Karin (administrator) on 08-04-2015 at 21:32:46
Running from "C:\Users\Karin\Desktop\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 09 April 2015 - 07:24 AM

How is the computer running now?

If any problems please run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#14 akiiki

akiiki
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 09 April 2015 - 11:39 AM

It's still extremely slow on start-up and quite slow overall, no more crashes though. Here's the log.

 

 

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Karin (administrator) on 09-04-2015 at 17:29:00
Running from "C:\Users\Karin\Desktop\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Model: HP Pavilion dv5 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 3 (Disconnected)
Broadcom 802.11g-netwerkadapter = Wireless Network Connection (Connected)
Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
add address name="Local Area Connection 3" address=0.0.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Karin-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 802.11g-netwerkadapter
   Physical Address. . . . . . . . . : 00-21-00-76-51-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c4b8:5f29:d2b2:921e%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : donderdag 9 april 2015 16:50:58
   Lease Expires . . . . . . . . . . : donderdag 9 april 2015 18:21:00
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 285221120
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-6F-26-7C-00-23-8B-06-88-F7
   DNS Servers . . . . . . . . . . . : 213.46.228.196
                                       62.179.104.196
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC
   Physical Address. . . . . . . . . : 00-23-8B-06-88-F7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 55:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  ns02.upclive.nl
Address:  213.46.228.196

Name:    google.com
Addresses:  2a00:1450:4013:c01::65
      173.194.65.101
      173.194.65.113
      173.194.65.100
      173.194.65.102
      173.194.65.138
      173.194.65.139



Pinging google.com [173.194.65.101] with 32 bytes of data:

Reply from 173.194.65.101: bytes=32 time=12ms TTL=48

Reply from 173.194.65.101: bytes=32 time=13ms TTL=48



Ping statistics for 173.194.65.101:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 12ms, Maximum = 13ms, Average = 12ms

Server:  ns02.upclive.nl
Address:  213.46.228.196

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

General failure.

Reply from 206.190.36.45: bytes=32 time=177ms TTL=50



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

    Minimum = 177ms, Maximum = 177ms, Average = 177ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 21 00 76 51 0c ...... Broadcom 802.11g-netwerkadapter
 10 ...00 23 8b 06 88 f7 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC
  1 ........................... Software Loopback Interface 1
 52 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    281
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::c4b8:5f29:d2b2:921e/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/09/2015 07:19:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 09:46:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 09:15:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 08:23:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 07:38:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 07:11:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 08:59:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 08:33:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 08:13:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 07:57:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/09/2015 05:25:49 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/09/2015 05:06:31 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/09/2015 04:56:52 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/09/2015 09:03:38 AM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/09/2015 08:31:49 AM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/09/2015 08:08:22 AM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/09/2015 07:39:11 AM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/09/2015 07:33:09 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT AUTHORITY)
Description: 0x800f0825nl-NL

Error: (04/09/2015 07:23:12 AM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

Error: (04/09/2015 07:19:56 AM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center Service%%1053


Microsoft Office Sessions:
=========================
Error: (02/17/2014 11:47:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4704 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (05/05/2013 08:00:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3395 seconds with 2160 seconds of active time.  This session ended with a crash.

Error: (03/14/2013 02:45:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21511 seconds with 8040 seconds of active time.  This session ended with a crash.

Error: (08/23/2012 03:31:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32715 seconds with 6120 seconds of active time.  This session ended with a crash.

Error: (09/27/2011 01:01:32 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10835 seconds with 960 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-04-09 16:51:04.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 16:51:02.424
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 16:51:00.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 16:50:58.534
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 09:25:31.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 09:25:30.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 09:25:29.085
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 09:25:27.509
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Trusteer\Rapport\bin\RapportEI.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 08:32:11.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-09 08:32:10.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


**** End of log ****
 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:14 AM

Posted 10 April 2015 - 06:44 AM

Lets check on this error listed a few times in your log.

Error: (04/09/2015 05:25:49 PM) (Source: VDS Dynamic Provider) (User: )
Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505


Navigate to this Microsoft page.
https://support.microsoft.com/en-us/kb/948275

Execute the command suggested in the Resolution Section

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users