Amazonaws an Win 32-Evo-gen issue

**Suemarie** · 2015-02-08, 04:09

2009-07-13 21:34 - 2015-01-31 16:09 - 00451135 ____R C:\Windows\system32\Drivers\etc\hosts
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.loagentvpn.liveops.com
205.167.109.11 azcad
143.61.195.18 d2000-okc
209.82.196.139 d2kappok
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07DB889A-B97D-4757-BB8C-9FB55354CC75} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {0829F493-5197-4BBF-9852-05FCC5F246CB} - System32\Tasks\{E20AA7F7-6390-4E13-9C81-2655C926B033} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {0A48CDB4-2DFD-4BE2-B56C-E25848093A75} - System32\Tasks\{BDB1BDF5-9F76-4C68-9D75-494216820199} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {0B1A5240-348B-4304-847D-F2184605D1ED} - System32\Tasks\{4752F0DE-31ED-4CBC-B01F-702B976EB8D8} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2012-09-12] (CyberLink Corp.)
Task: {0D05C315-5AB0-4861-A30E-4EE92A96BF01} - System32\Tasks\{9ACEEDF3-702F-4220-A05E-0CA93CA1E2A6} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {17DC4C4F-82CC-4486-AFC5-F9305C9FD1FB} - System32\Tasks\{1534418C-F0AB-4B71-8F01-3EE429F584FA} => C:\Users\SueB\Desktop\AZ\D2000AZNEWGB - Production\d2k32_cr.exe
Task: {1B97C20B-D968-4F77-8B2C-94F6AE744057} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {1DEB26B1-3131-44CF-9AE4-B79BC99DA0AF} - System32\Tasks\{B8681D4F-9C47-4AB0-A0FD-9DA821FEE5AA} => C:\Program Files (x86)\TMS CallCenter\TMSTouch.exe [2014-10-30] (National Systems Corporation)
Task: {20F678C9-2A19-4D6F-8258-23B50829D7DC} - System32\Tasks\{C4A595AE-B568-42EA-85F1-276B3C74A131} => C:\Users\SueB\Downloads\D2000AZNEWGB_Training(1)\D2000AZNEWGB - Training\d2k32_cr.exe
Task: {216C76B3-1172-47C7-9044-22DC24A6196D} - System32\Tasks\{EB47D2A5-B517-412F-9811-4C351951D5CE} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {226E9CAF-1BAC-43FC-A362-B2426B3635B0} - System32\Tasks\{638E9ADC-9F84-43B3-A9F3-DA0B58579C00} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {2A7BC5AF-D5EC-4F33-B56D-E77BD16111D4} - System32\Tasks\{6B7EE633-1721-4727-8B09-4CAD264982D5} => Chrome.exe
Task: {2FFBC69E-72B9-4168-A3ED-C14E4DFA6530} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {32227CC8-7C04-447D-91BA-E4B4499CCF04} - System32\Tasks\{E619DE95-D955-49F1-99FC-47EA85FBC4FA} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {39EE3F7F-7D73-4598-BC27-481BEB0F2318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {40896514-9238-4949-A4EF-5A2B6B415E6A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {440DC7A4-F6FE-400A-8A05-9E58DE665EDE} - System32\Tasks\{93712C41-9DDC-4AEA-8C2D-458F849D80B2} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {447ED454-8A73-4D1D-AC43-23172DC61152} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {458A39D4-D0C8-4D57-90C2-0B7B73E43C73} - System32\Tasks\{BD2B32D7-2270-463B-800E-E3283A7AEE5F} => C:\Users\SueB\Downloads\D2000OK_SD_Production\D2000OK_SD Production\d2k32_cr.exe
Task: {4B1F9702-2BF4-4D2A-836D-0CB42BF67804} - System32\Tasks\{8BA08670-BED0-4AA3-8712-A7401AD34809} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {4B3F9A54-2A51-413E-B15B-CE1CEE6B9004} - System32\Tasks\{C5DED3AA-9725-481F-A072-0F9C5620DC2A} => C:\Program Files (x86)\TMS CallCenter\TMSTouch.exe [2014-10-30] (National Systems Corporation)
Task: {4E371003-E721-4AEE-AAE1-07367047FA80} - System32\Tasks\SDD\Updater\SDDUpdater => C:\Program Files (x86)\SDDUpdater\updater.exe [2014-12-15] ()
Task: {50FCA8F8-9AA8-491A-8A5D-D3C5485A4FD4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-02] (Google Inc.)
Task: {5264931F-6FD7-4517-84DC-DF6C78F5096A} - System32\Tasks\{5343B9A1-E2D3-4CEB-ADE3-161875C0DB7B} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {570E2E58-EF05-411C-941A-644BE2D3D153} - System32\Tasks\{FB531758-1F75-47CF-A321-FD9198EA38BB} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {57873E08-56FC-41B3-9210-AA93B8AF43A0} - System32\Tasks\{865A080C-DAA1-4C23-B0B7-9DE26F8D3135} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {5D0A1D5B-A791-4D8C-9415-1F4B551F2D28} - System32\Tasks\{71A53804-1693-4846-A123-41A936D3AF27} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {6827ACC2-63C7-4FA5-ABF6-217C21F61C9F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6DA423E6-86DE-4BF8-96EC-0140F1F7DDD1} - System32\Tasks\{1EE24F2C-0DB4-424E-84C9-D5B553767CC3} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {7A45A029-1EF7-4437-9149-FBC27B0FE08D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {7DFBAB0C-3563-4DBE-BEC3-0871CB07C784} - System32\Tasks\{7B6AF7DA-9AA6-402B-BEBB-2A1C1739BFC3} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {823A991B-B3D8-44D9-BA5C-59A1F5B1FC1C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {85535A3F-A300-4BED-A150-CEFC08B917AE} - System32\Tasks\{5928A397-BA8A-4A29-8B17-B21980987B9B} => pcalua.exe -a C:\Users\SueB\Downloads\setupconsumerc2rolw.exe -d C:\Users\SueB\Downloads
Task: {8670ADD4-03F9-485B-97D7-11DB7A931235} - System32\Tasks\{71943BF6-63DE-4B39-B6A3-1BCC7FBCFBB8} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {96D67F5E-A707-4751-89E5-00B9EBCA27AE} - System32\Tasks\{2052277F-5188-4418-9901-057E6D3D78A1} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {9BB82EB2-8954-4EEC-8876-BFE5DB84AD54} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A193E4A5-A330-4296-86DB-437DF851057A} - System32\Tasks\{39F3C1C6-EC4D-402B-A504-E9D6FBAE6029} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {A9E35088-EED6-42CD-842A-5CB5F319E7F8} - System32\Tasks\{9D44F623-4985-474A-9615-EE65440F1AB3} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {ADA818BB-8F20-4D45-8144-98646066610B} - System32\Tasks\{288EC824-F8B4-4E9E-819A-A41CBF90B665} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {B4AD683C-6739-4229-8058-C94164C5017D} - System32\Tasks\{F5682B18-54EF-4BA1-8B80-17EE5E0BA4D4} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {C190CB65-1728-45CD-803A-8DDBB674B702} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {C57675A7-B82B-445E-97B8-B4D0D001CCD7} - System32\Tasks\{3777E41D-3A78-4D4C-BAE6-E5E45DEE9678} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {CA1A923E-4057-48ED-A708-6E3013B8C1B8} - System32\Tasks\{5F63685C-3140-4C71-AFC9-6F25CF2AF13D} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {CD02B04A-5210-4FA7-8CE1-1F424158BAEA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {D1AF4EF7-20FE-4D98-AC5A-C0A78662793C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {D2670AB5-6452-467B-AD2F-2C5F5AA166B1} - System32\Tasks\{4BA20A4D-51C5-4714-8436-EBE1D9F66FCF} => pcalua.exe -a C:\Users\SueB\AppData\Local\Temp\Temp1_D2000NCNUASP.zip\D2000NCNUASP.EXE
Task: {D4419AA3-ABFF-4F43-A975-1BEF7AC2E250} - System32\Tasks\{43E83851-A191-4DD0-B505-84B1923B8640} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {D893FECF-D387-4112-B1B4-7E6B066A300E} - System32\Tasks\{C823354D-877A-4D2E-813F-74EB5EBE2BFC} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
Task: {DA2BD0E7-BD07-4911-B00C-44CB148951DC} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {DB8C6709-8951-40A2-BE5B-BC241528EE0F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {E1931CC9-1569-4FA3-B128-0BC5ABBA9962} - System32\Tasks\{5EBCD752-F3FD-4149-933E-89465BEC4685} => C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe [2014-10-07] (Apple Inc.)
Task: {E7490AFC-1999-4F1C-9DED-A4E3577B7B85} - System32\Tasks\{27397021-20E6-4FA4-9E6F-B36A347219EE} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-01-09] (Mozilla Corporation)
Task: {EEB36482-C08D-403B-86CE-7678D4A2ADB8} - System32\Tasks\{7A492F8F-F696-4E91-821A-98EF320FB6C9} => C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe [2010-09-28] ()
Task: {F4B39FA3-7268-46F3-AE5E-F27332216409} - System32\Tasks\{77650567-5BA5-44DF-A667-22BB20EF1A55} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3890881620-3642371930-2457045338-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files

**Suemarie** · 2015-02-08, 04:10

(x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-03-29 21:00 - 2012-04-26 14:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2013-08-30 19:14 - 2012-08-28 13:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2013-08-30 19:14 - 2011-05-03 17:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2014-11-21 23:14 - 2014-11-21 23:14 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-21 23:14 - 2014-11-21 23:14 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-15 09:46 - 2014-12-15 09:46 - 00822024 _____ () C:\Program Files (x86)\SDDUpdater\updater.exe
2015-02-05 20:30 - 2015-02-05 20:30 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
2014-11-21 23:14 - 2014-11-21 23:14 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-02-07 18:26 - 2015-02-07 18:26 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020701\algo.dll
2013-11-30 19:39 - 2013-11-30 19:39 - 00057344 _____ () C:\Program Files (x86)\24im\24im Messenger\IMHOOK2.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-21 23:14 - 2014-11-21 23:14 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-17 10:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-17 10:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-17 10:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-17 10:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-17 10:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-15 05:17 - 2014-10-15 05:17 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-04-12 21:53 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-26 21:35 - 2015-01-26 21:35 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3890881620-3642371930-2457045338-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SueB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Dolby PCEE4\pcee4.exe" -autostart
MSCONFIG\startupreg: FDispPos => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos
MSCONFIG\startupreg: Google Update => "C:\Users\SueB\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MCTDUtil => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec

**Suemarie** · 2015-02-08, 04:11

MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: TouchORB => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

==================== Accounts: =============================

Administrator (S-1-5-21-3890881620-3642371930-2457045338-500 - Administrator - Disabled)
Guest (S-1-5-21-3890881620-3642371930-2457045338-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3890881620-3642371930-2457045338-1002 - Limited - Enabled)
SueB (S-1-5-21-3890881620-3642371930-2457045338-1001 - Administrator - Enabled) => C:\Users\SueB

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:08 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (02/07/2015 06:27:05 PM) (Source: ESENT) (EventID: 455) (User: )

**Suemarie** · 2015-02-08, 04:12

Description: Windows (4512) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00034.log.

System errors:
=============
Error: (02/07/2015 06:31:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/07/2015 06:27:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/07/2015 06:27:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (02/06/2015 05:43:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/06/2015 05:43:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (02/06/2015 07:25:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/06/2015 07:25:25 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/06/2015 07:24:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (02/06/2015 07:23:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (02/06/2015 07:23:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Microsoft Office Sessions:
=========================
Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:

**Suemarie** · 2015-02-08, 04:13

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (02/07/2015 06:27:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (02/07/2015 06:27:09 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (02/07/2015 06:27:08 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (02/07/2015 06:27:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows4512Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00034.log-1811

CodeIntegrity Errors:
===================================
Date: 2015-02-07 20:56:16.849
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 20:46:25.551
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 19:38:28.219
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 19:03:39.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 18:38:07.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 00:52:53.817
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-07 00:39:38.638
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-06 22:35:06.682
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-06 21:57:27.696
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-02-06 21:41:02.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G640 @ 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 4034.78 MB
Available physical RAM: 2014.25 MB
Total Pagefile: 8067.74 MB
Available Pagefile: 5259.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.16 GB) (Free:313.86 GB) NTFS
Drive e: (Lexar) (Removable) (Total:29.81 GB) (Free:27.42 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 51B5EE98)
Partition 1: (Not Active) - (Size=15.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

**Suemarie** · 2015-02-08, 04:13

aswMBR Report

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-07 21:36:00
-----------------------------
21:36:00.991 OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:00.991 Number of processors: 2 586 0x2A07
21:36:00.992 ComputerName: SUEB-PC UserName: SueB
21:36:02.398 Initialize success
21:36:02.408 VM: initialized successfully
21:36:02.409 VM: Intel CPU supported virtualized
21:36:06.073 VM: supported disk I/O iaStor.sys
21:36:09.879 AVAST engine defs: 15020701
21:36:15.654 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:36:15.658 Disk 0 Vendor: WDC_WD50 17.0 Size: 476940MB BusType: 3
21:36:15.764 VM: Disk 0 MBR read successfully
21:36:15.768 Disk 0 MBR scan
21:36:15.773 Disk 0 Windows 7 default MBR code
21:36:15.777 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15872 MB offset 2048
21:36:15.792 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 32507904
21:36:15.799 Disk 0 default boot code
21:36:15.808 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460966 MB offset 32712704
21:36:15.849 Disk 0 scanning C:\Windows\system32\drivers
21:36:22.613 Service scanning
21:36:37.451 Modules scanning
21:36:37.457 Disk 0 trace - called modules:
21:36:37.472 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:36:37.480 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064d9060]
21:36:37.483 3 CLASSPNP.SYS[fffff88001aa843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047b1050]
21:36:38.049 AVAST engine scan C:\Windows
21:36:39.532 AVAST engine scan C:\Windows\system32
21:38:18.532 AVAST engine scan C:\Windows\system32\drivers
21:38:27.518 AVAST engine scan C:\Users\SueB
21:42:12.158 AVAST engine scan C:\ProgramData
21:43:56.315 Disk 0 statistics 3836847/0/22 @ 5.16 MB/s
21:43:56.331 Scan finished successfully
21:45:06.313 Disk 0 MBR has been saved successfully to "C:\Users\SueB\Downloads\MBR.dat"
21:45:06.313 The log file has been saved successfully to "C:\Users\SueB\Downloads\aswMBR.txt"

**tashi** · 2015-02-08, 04:41

Hello Suemarie,

16 posts have been made in this topic before a helper has responded.

Please refer to the forum FAQ which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Please make only one post to start your new topic and do not add because helpers look for topics with a zero response, also provide a link back to this thread.

Best regards.

**Suemarie** · 2015-02-08, 09:39

Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log into your topic
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.

I thought that I had followed those instructions. Was I supposed to do something differently? I am confused. Also, I did not download the spybot in the thread because I already have spybot professional. Please advise.

**Suemarie** · 2015-02-08, 09:41

I see what you mean by the 16 posts. I couldn't put the scan results into one thread as it was too big for one post.

**tashi** · 2015-02-08, 17:59

Originally Posted by Suemarie

Also, I did not download the spybot in the thread because I already have spybot professional. Please advise.

The FAQ doesn't ask for Spybot to be downloaded.

New topic: http://forums.spybot.info/showthread...Win-32-Evo-gen

Thread: Amazonaws an Win 32-Evo-gen issue

Thread Tools

Display

Posting Permissions