Need help to Farbar recovery scab tool log

hjml · May 31, 2013

Hello

Hope someone can help.

I have an older Vista PC which has come UKAS ransomeware on.

Here is the log from navigable Recovery Scan Tool so hope you can help me clean the PC.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-05-2013 01
Ran by Linda (administrator) on 31-05-2013 19:23:52
Running from F:\
Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: Danish
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Farbar) f:\FRST.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [464168 2007-02-07] (HiTRUST)
HKLM\...\Run: [Acer Tour] [x]
HKLM\...\Run: [NMSSupport] “C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe” /startup [423424 2006-09-26] (Intel Corporation)
HKLM\...\Run: [eRecoveryService] [x]
HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1683456 2009-05-07] (D-Link Corp.)
HKLM\...\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej [187696 2011-12-16] (Blabbers Communications LTD)
HKLM\...\Run: [APSDaemon] “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe” [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” [152392 2013-02-20] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Acer Tour Reminder] [x]
HKCU\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKCU\...\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [39408 2011-04-29] (Google Inc.)
HKCU\...\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /minimized /regrun [18643560 2013-03-01] (Skype Technologies S.A.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Linda\AppData\Roaming\skype.dat <==== ATTENTION
MountPoints2: {7b6f8324-9192-11df-9dfb-001e900a9af1} - M:\PMBP_Win.exe
MountPoints2: {ece689e0-e831-11dc-8ff3-001e900a9af1} - K:\setupSNK.exe
HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()
HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [ 2007-04-19] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.toggle.com/?lang=da&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.toggle.com/?lang=da
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.toggle.com/?lang=da&q={searchTerms}
URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
HKLM SearchScopes: DefaultScope {3B2CD8F9-5A4B-44EC-A002-246B2D697F19} URL = http://search.toggle.com/?lang=da&q={searchTerms}
SearchScopes: HKLM - {3B2CD8F9-5A4B-44EC-A002-246B2D697F19} URL = http://search.toggle.com/?lang=da&q={searchTerms}
SearchScopes: HKLM - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
HKCU SearchScopes: DefaultScope {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&q={searchTerms}
SearchScopes: HKCU - {3B2CD8F9-5A4B-44EC-A002-246B2D697F19} URL = http://search.toggle.com/?lang=da&q={searchTerms}
SearchScopes: HKCU - {87EE0FD6-1D65-4651-A91A-027BC60B8FEF} URL = http://flvdirect.iamwired.net/websearch.php?src=tops&search;={SearchTerms}
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&q={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKCU - {E6336A76-2FBE-4148-8E3A-12D5504C1B9C} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta;=&rlz=1I7ADRA_daDK429
BHO: Chatvibes Browser Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Surf Canyon Search Engine Assistant - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Chatvibes Browser Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “C:\Program Files\Microsoft\BingBar\BingExt.dll” No File
BHO: BandooIEPlugin Class - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
Toolbar: HKLM - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - “C:\Program Files\Microsoft\BingBar\BingExt.dll” No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKCU -uTorrentBar Toolbar - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
PDF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [62464] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

========================== Services (Whitelisted) =================

S2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [266343 2007-04-04] (CyberLink)
S2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-12-29] ()
S2 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [195032 2006-11-18] (Intel(R) Corporation)
S2 ANIWConnService; C:\Windows\system32\ANIWConnService.exe [147456 2009-02-26] ()
S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service)
S2 appdrvrem01; C:\Windows\System32\appdrvrem01.exe [316888 2012-09-03] (Protection Technology)
S2 Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [1937344 2010-05-16] (Discordia Limited)
S2 CrossLoopService; C:\Users\Linda\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop)
S2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-10-29] ()
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-02-07] (HiTRSUT)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-01-31] (Acer Inc.)
S3 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [36312 2006-11-18] (Intel(R) Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [81880 2006-11-18] (Intel(R) Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [32216 2006-11-18] ()
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [174552 2006-11-18] (Intel(R) Corporation)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll [309688 2012-04-13] (Symantec Corporation)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2010-04-19] ()
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [550872 2006-11-18] (Intel(R) Corporation)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [143360 2007-04-09] ()
S3 tvnserver; C:\Users\Linda\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.)
S3 msiserver; %systemroot%\system32\msiexec /V [x]

==================== Drivers (Whitelisted) ====================

S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
S1 appdrv01; C:\Windows\System32\Drivers\appdrv01.sys [3332784 2012-09-03] (Protection Technology)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [997464 2013-03-22] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-01-21] (Symantec Corporation)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-05-16] (HP)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130412.001\IDSvix86.sys [386720 2012-09-01] (Symantec Corporation)
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5504 2007-12-27] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130413.016\NAVENG.SYS [93296 2013-02-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130413.016\NAVEX15.SYS [1603824 2013-02-18] (Symantec Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [722944 2009-04-17] (Ralink Technology Corp.)
S2 nmsgopro; C:\Windows\System32\DRIVERS\nmsgopro.sys [28672 2006-09-27] (Gteko Ltd.)
S2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [7424 2006-10-19] (Gteko Ltd.)
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20264 2007-02-07] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-02-07] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-02-07] (HiTRUST)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-04-13] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMTDIV.SYS [345208 2012-04-18] (Symantec Corporation)
S3 TSHWMDTCP; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [18904 2006-11-18] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 igfx; system32\DRIVERS\igdkmd32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 navapsvc;
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 SAVRT;
U1 SAVRTPEL;
S3 SDDMI2; \??\C:\Windows\system32\DDMI2.sys [x]
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-31 19:23 - 2013-05-31 19:23 - 00000000 ____D C:\FRST
2013-05-31 19:21 - 2013-05-31 19:21 - 00000000 ____D C:\Windows\LastGood
2013-05-15 14:15 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 14:15 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 14:06 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 14:06 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 14:06 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 14:06 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 14:06 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 14:06 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 14:06 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 14:06 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 14:06 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 14:06 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 14:06 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 14:06 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 14:06 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 14:06 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 13:27 - 2013-04-15 16:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 13:27 - 2013-04-13 12:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 13:27 - 2013-04-09 03:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 12:55 - 2013-05-26 16:00 - 00000004 ____A C:\Users\Linda\AppData\Roaming\skype.ini
2013-05-12 11:12 - 2013-05-12 11:12 - 00001668 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-12 11:11 - 2013-05-12 11:12 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-12 11:11 - 2013-05-12 11:12 - 00000000 ____D C:\Program Files\iTunes
2013-05-12 11:11 - 2013-05-12 11:11 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders ========

2013-05-31 19:23 - 2013-05-31 19:23 - 00000000 ____D C:\FRST
2013-05-31 19:21 - 2013-05-31 19:21 - 00000000 ____D C:\Windows\LastGood
2013-05-31 19:21 - 2006-11-02 14:52 - 00111541 ____A C:\Windows\setupact.log
2013-05-26 16:00 - 2013-05-15 12:55 - 00000004 ____A C:\Users\Linda\AppData\Roaming\skype.ini
2013-05-26 15:59 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-26 15:59 - 2006-11-02 14:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-26 15:58 - 2012-04-03 14:48 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Skype
2013-05-26 15:57 - 2013-01-19 11:10 - 00001316 ____A C:\Users\Linda\Desktop\Gratis! Rens din Registry.lnk
2013-05-26 15:56 - 2012-11-11 10:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-26 15:56 - 2011-04-29 21:42 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-26 15:56 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 15:47 - 2006-11-02 15:01 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-15 16:04 - 2007-12-27 12:43 - 01619812 ____A C:\Windows\WindowsUpdate.log
2013-05-15 16:04 - 2006-11-02 12:33 - 01243496 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-15 16:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 14:26 - 2010-01-21 15:17 - 00008160 ____A C:\Users\Linda\AppData\Local\d3d9caps.dat
2013-05-15 14:20 - 2006-11-02 14:47 - 00374568 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 14:07 - 2006-11-02 12:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-15 13:33 - 2011-04-29 21:42 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-15 12:56 - 2012-04-03 15:46 - 00000962 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1415850476-3807315314-1841492833-1001UA.job
2013-05-15 12:01 - 2010-10-24 11:52 - 00275480 ____A C:\Users\Linda\danid.log
2013-05-15 11:59 - 2013-02-12 16:30 - 00000000 ____D C:\Users\Linda\AppData\Local\PokerStars.DK
2013-05-14 15:56 - 2012-04-03 15:46 - 00000940 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1415850476-3807315314-1841492833-1001Core.job
2013-05-14 15:02 - 2013-01-12 11:20 - 00000264 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-05-12 11:12 - 2013-05-12 11:12 - 00001668 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-12 11:12 - 2013-05-12 11:11 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-12 11:12 - 2013-05-12 11:11 - 00000000 ____D C:\Program Files\iTunes
2013-05-12 11:11 - 2013-05-12 11:11 - 00000000 ____D C:\Program Files\iPod
2013-05-12 11:11 - 2009-09-12 22:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-12 11:05 - 2008-01-28 21:06 - 00000000 ____D C:\users\Linda
2013-05-05 21:25 - 2013-05-15 14:15 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 21:12 - 2013-05-15 14:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 18:30 - 2010-10-24 11:52 - 01056915 ____A C:\Users\Linda\danid.log.1
2013-05-01 22:01 - 2013-01-12 11:20 - 00000272 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job

Other Malware:
===========
C:\Users\Linda\AppData\Roaming\skype.dat
C:\Users\Linda\AppData\Roaming\skype.ini
C:\Users\Linda\Application Data\skype.dat
C:\Users\Linda\Application Data\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-15 16:06

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-05-2013 01
Ran by Linda at 2013-05-31 19:25:54 Run:
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Installed Programs =======================

Acer Arcade Live Main Page (Version: 1.0.4010)
Acer DV Magician (Version: 1.2.2810)
Acer DVDivine (Version: 3.1.1610)
Acer eDataSecurity Management (Version: 2.5.3032)
Acer Empowering Technology (Version: 2.5.3005)
Acer ePerformance Management (Version: 2.5.3002)
Acer HomeMedia (Version: 1.3.4010)
Acer HomeMedia Connect (Version: 1.4.4010)
Acer ScreenSaver (Version: 4.01.20070419)
Acer SlideShow DVD (Version: 1.2.2810)
Acer Tour (Version: 2.0.1001)
Acer VideoMagician (Version: 1.3.1610)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveX sikkerhedssoftware (Version: 1.20)
ActiveX sikkerhedssoftware (Version: 1.30)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Reader X (10.1.3) - Dansk (Version: 10.1.3)
Adobe Shockwave Player (Version: 11)
Advanced System Protector (Version: 2.1.1000.10493)
ANIWZCS2 Service
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Apple-programunderstøttelse (Version: 2.3.3)
ATI Catalyst Install Manager (Version: 3.0.641.0)
Bandoo
Battlefield Heroes
Bing Bar (Version: 7.0.619.0)
Bonjour (Version: 3.0.0.10)
BrowserCompanion
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool (Version: 3.1.0)
Canon IJ Scan Utility
Canon MG6300 series Brugerregistrering
Canon MG6300 series MP Drivers (Version: 1.00)
Canon MG6300 series On-screen Manual (Version: 7.5.0)
Canon My Image Garden (Version: 1.0.0)
Canon My Image Garden Design Files (Version: 1.0.0)
Canon My Printer (Version: 3.0.0)
Canon Quick Menu (Version: 2.0.0)
Catalyst Control Center Core Implementation (Version: 2007.0727.2307.39475)
Catalyst Control Center Graphics Full Existing (Version: 2007.0727.2307.39475)
Catalyst Control Center Graphics Full New (Version: 2007.0727.2307.39475)
Catalyst Control Center Graphics Light (Version: 2007.0727.2307.39475)
Catalyst Control Center Graphics Previews Vista (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization Danish (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization Dutch (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization Finnish (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization French (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization German (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization Italian (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization Japanese (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization Norwegian (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization Spanish (Version: 2007.0727.2307.39475)
Catalyst Control Center Localization Swedish (Version: 2007.0727.2307.39475)
CCC Help Danish (Version: 2007.0727.2306.39475)
CCC Help Dutch (Version: 2007.0727.2306.39475)
CCC Help English (Version: 2007.0727.2306.39475)
CCC Help Finnish (Version: 2007.0727.2306.39475)
CCC Help French (Version: 2007.0727.2306.39475)
CCC Help German (Version: 2007.0727.2306.39475)
CCC Help Italian (Version: 2007.0727.2306.39475)
CCC Help Japanese (Version: 2007.0727.2306.39475)
CCC Help Norwegian (Version: 2007.0727.2306.39475)
CCC Help Spanish (Version: 2007.0727.2306.39475)
CCC Help Swedish (Version: 2007.0727.2306.39475)
ccc-core-static (Version: 2007.0727.2307.39475)
ccc-utility (Version: 2007.0727.2307.39475)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conduit Engine (Version: )
CrossLoop 2.82 (Version: 2.82)
D3DX10 (Version: 15.4.2368.0902)
Danske Spil Poker
D-Link Wireless N DWA-140
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FLV Direct Player
GameCenter 1.3.0.5 (Version: 1.3.0.5)
GameShadow (Version: 1.91.0000)
GearDrvs (Version: 1.00.0000)
GearDrvs (Version: 5.0.0.2)
GIMP 2.8.2 (Version: 2.8.2)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
iCloud (Version: 2.1.2.8)
Imperial Glory (Version: 1.00.0000)
Intel(R) Matrix Storage Manager
Intel® Viiv™ software (Version: 1.6.429.0)
iTunes (Version: 11.0.2.26)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java(TM) 6 Update 3 (Version: 1.6.0.30)
Java(TM) 6 Update 5 (Version: 1.6.0.50)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
LightScribe 1.4.136.1 (Version: 1.4.136.1)
LoudMo Contextual Ad Assistant
Microsoft .NET Framework 3.5 Language Pack SP1 - dan (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DAN Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DAN sprogpakke (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2000 cd 2 (Version: 9.00.2720)
Microsoft Office XP Professional med FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0822)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Internet Security (Version: 19.9.1.14)
Norton Security Scan (Version: 1.4.0)
OGA Notifier 1.7.0105.35.0 (Version: 1.7.0105.35.0)
Pando Media Booster (Version: 2.3.6.0)
Picasa 3 (Version: 3.9)
PokerStars.dk
Politikens Engelsk-Dansk Dansk-Engelsk Ordbog (Version: 2.00.0000)
Pro Cycling Manager - Season 2011 version 1.0.4.4 (Version: 1.0.4.4)
PunkBuster Services (Version: 0.988)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 6.0.1.5374)
RegClean Pro (Version: 6.21)
Safari (Version: 5.34.57.2)
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
Segoe UI (Version: 15.4.2271.0615)
Sid Meier’s Civilization 4 Complete (Version: 1.74)
Skins (Version: 2007.0727.2307.39475)
Skype Click to Call (Version: 5.10.9560)
Skype™ 6.3 (Version: 6.3.105)
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
Surf Canyon Search Engine Assistant (Version: 3.2.0)
TeamViewer 8 (Version: 8.0.17396)
The Sims Deluxe Edition
Toggle Downloader Skype
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
uTorrentBar Toolbar (Version: 6.2.7.3)
VideoLAN VLC media player 0.8.6d (Version: 0.8.6d)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Searchqu Toolbar
Zynga Toolbar (Version: 5.7.2.2)

==================== Restore Points =========================

25-04-2013 09:08:53 Windows Update
25-04-2013 22:00:01 Planlagt kontrolpunkt
28-04-2013 15:45:16 Planlagt kontrolpunkt
29-04-2013 09:08:55 Planlagt kontrolpunkt
30-04-2013 07:24:20 Planlagt kontrolpunkt
01-05-2013 11:50:47 Planlagt kontrolpunkt
02-05-2013 08:54:05 Planlagt kontrolpunkt
03-05-2013 15:51:38 Planlagt kontrolpunkt
04-05-2013 08:24:37 Planlagt kontrolpunkt
05-05-2013 12:08:32 Planlagt kontrolpunkt
06-05-2013 11:30:09 Planlagt kontrolpunkt
07-05-2013 11:14:16 Planlagt kontrolpunkt
08-05-2013 12:09:03 Planlagt kontrolpunkt
10-05-2013 09:53:23 Planlagt kontrolpunkt
12-05-2013 09:04:44 Installation af enhedsdriverpakke: Apple, Inc. USB-controllere (Universal Serial Bus)
13-05-2013 12:09:22 Planlagt kontrolpunkt
14-05-2013 11:11:39 Planlagt kontrolpunkt
15-05-2013 12:05:38 Windows Update

==================== Hosts content: ==========================

::1 localhost

127.0.0.1 localhost

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2013 03:59:11 PM) (Source: Application Error) (User: )
Description: Program med fejl CNQMUPDT.EXE, version 2.0.0.0, tidsstempel 0x4f7a7000, modul med fejl CNMDWLD.DLL, version 1.0.0.0, tidsstempel 0x4f5eedc8, undtagelseskode 0xc0000005, forskydning med fejl 0x000023c6,
proces-id 0x1608, programmets starttidspunkt 0xCNQMUPDT.EXE0.

Error: (05/26/2013 03:53:19 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/26/2013 03:50:09 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/26/2013 03:47:13 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/26/2013 03:42:49 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2013 04:04:25 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/15/2013 04:03:32 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/15/2013 00:47:57 PM) (Source: Application Hang) (User: )
Description: Programmet iexplore.exe version 9.0.8112.16476 afbrød kommunikationen med Windows og blev afsluttet. Hvis du vil se, om der findes yderligere oplysninger om problemet, kan du læse om problemets historik via kontrolpanelet Problemrapporter og -løsninger.
Proces-id: 117c
Starttidspunkt: 01ce51598895a27b
Sluttidspunkt: 69

Error: (05/14/2013 09:21:43 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/12/2013 09:20:43 PM) (Source: Application Error) (User: )
Description: Program med fejl SearchIndexer.exe, version 7.0.6002.18005, tidsstempel 0x49e02459, modul med fejl TQUERY.DLL, version 7.0.6002.18005, tidsstempel 0x49e0382e, undtagelseskode 0xc0000005, forskydning med fejl 0x000b1b4c,
proces-id 0x2d8, programmets starttidspunkt 0xSearchIndexer.exe0.

System errors:
=============
Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: AFD
anodlwf
appdrv01
BHDrvx86
ccSet_NIS
DfsC
eeCtrl
i8042prt
IDSVix86
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
SRTSPX
SymIRON
SYMTDIv
tdx
Wanarpv6

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: Tjenesten NetværkslisteNLA (Network Location Awareness)h

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: NLA (Network Location Awareness)Tjenesten Grænseflade til netværkslagringh

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: IP-hjælpefunktionerTjenesten Grænseflade til netværkslagringh

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: WebklientWebDav Client Redirector Driverh

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engineh

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engineh

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: SMB MiniRedirector Wrapper and EngineRedirected Buffering Sub Sysytem%1

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: WebDav Client Redirector DriverRedirected Buffering Sub Sysytem%1

Error: (05/31/2013 07:22:23 PM) (Source: Service Control Manager) (User: )
Description: ArbejdsstationTjenesten Grænseflade til netværkslagringh

Microsoft Office Sessions:
=========================
Error: (05/26/2013 03:59:11 PM) (Source: Application Error)(User: )
Description: CNQMUPDT.EXE2.0.0.04f7a7000CNMDWLD.DLL1.0.0.04f5eedc8c0000005000023c6160801ce5a192233196b

Error: (05/26/2013 03:53:19 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/26/2013 03:50:09 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/26/2013 03:47:13 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/26/2013 03:42:49 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/15/2013 04:04:25 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/15/2013 04:03:32 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/15/2013 00:47:57 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16476117c01ce51598895a27b69

Error: (05/14/2013 09:21:43 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/12/2013 09:20:43 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6002.1800549e02459TQUERY.DLL7.0.6002.1800549e0382ec0000005000b1b4c2d801ce4f272e43990e

CodeIntegrity Errors:
===================================
Date: 2013-05-31 19:24:08.856
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-05-31 19:24:08.403
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-05-31 19:24:07.934
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-05-31 19:24:07.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

Date: 2013-05-31 19:24:00.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-31 19:24:00.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-31 19:23:59.700
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-31 19:23:59.231
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-16 12:54:35.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-06-16 12:54:35.250
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3069.77 MB
Available physical RAM: 2588.29 MB
Total Pagefile: 6341.79 MB
Available Pagefile: 6072.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.64 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:228.13 GB) (Free:106.9 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:227.87 GB) (Free:227.58 GB) NTFS
Drive f: () (Removable) (Total:15.11 GB) (Free:14.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F353A857)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=228 GB) - (Type=06)
Partition 3: (Not Active) - (Size=228 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)

==================== End Of Log ============================

TimW · May 31, 2013

Please attach logs in the future.

Save fixlist.txt to your flash drive.

You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows can continue with the below.

Running MGTools.

hjml · May 31, 2013

I ran tha FRST again and the new log is attach.

Im running the MGTools now...

TimW · May 31, 2013

Let me know how things are running.

hjml · May 31, 2013

It running now....

Thanks for your help....

TimW · Jun 1, 2013

You're welcome.

Log in or Sign up

Need help to Farbar recovery scab tool log

hjml Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Attached Files:

Fixlist.txt

hjml Private E-2

Attached Files:

Fixlog.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

hjml Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member