Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop freezing after Windows Vista loads [Solved]


  • This topic is locked This topic is locked

#16
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,696 posts
First

I'd like to test out a theory, since I'm not positive yet what's keeping your machine from booting into normal mode. We'll start with one of the programs you've installed that has a somewhat higher chance of keeping your machine from booting, and go from there.

Please uninstall Online Armor. Be sure to keep any activation information you may have if you've purchased the product, since we might be reinstalling it later.

Next

Please run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{151e913e-1797-11e0-aa20-00a0d1aeb6c4}\Shell\AutoRun\command - "" = laf\\lauski.exe
    O33 - MountPoints2\{151e913e-1797-11e0-aa20-00a0d1aeb6c4}\Shell\explore\command - "" = laf\\\lauski.exe
    O33 - MountPoints2\{151e913e-1797-11e0-aa20-00a0d1aeb6c4}\Shell\open\command - "" = laf\\\lauski.exe
    O33 - MountPoints2\{4159cdbb-c851-11de-a520-00a0d1aeb6c4}\Shell\AutoRun\command - "" = laf\\lauski.exe
    O33 - MountPoints2\{4159cdbb-c851-11de-a520-00a0d1aeb6c4}\Shell\explore\command - "" = laf\\\lauski.exe
    O33 - MountPoints2\{4159cdbb-c851-11de-a520-00a0d1aeb6c4}\Shell\open\command - "" = laf\\\lauski.exe
    O33 - MountPoints2\{aff71ea1-43d0-11de-949c-00a0d1aeb6c4}\Shell\AutoRun\command - "" = laf\\lauski.exe
    O33 - MountPoints2\{aff71ea1-43d0-11de-949c-00a0d1aeb6c4}\Shell\explore\command - "" = laf\\\lauski.exe
    O33 - MountPoints2\{aff71ea1-43d0-11de-949c-00a0d1aeb6c4}\Shell\open\command - "" = laf\\\lauski.exe
    
    :Commands
    [purity]
    [emptyflash]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered; it will reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Please respond then with the new OTL.txt log, and let me know if the machine is booting into normal mode or not.
  • 0

Advertisements


#17
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I had already uninstalled Online Armor, might be an old registry entry?

OTL scan:


OTL logfile created on: 19/10/2011 19:28:34 - Run 5
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\ACER\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 83.12% Memory free
6.19 Gb Paging File | 5.86 Gb Available in Paging File | 94.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 78.40 Gb Free Space | 70.35% Space Free | Partition Type: NTFS
Drive D: | 104.90 Gb Total Space | 84.81 Gb Free Space | 80.85% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: ACER | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/28 15:50:12 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\ACER\Desktop\OTL.exe
PRC - [2011/08/18 21:33:18 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/18 21:33:18 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/03/20 07:40:43 | 003,520,512 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008/07/30 02:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/07/19 23:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/06/02 18:25:40 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/05/26 13:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/05/01 04:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/01 04:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/01 15:49:25 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/18 21:33:08 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/18 21:33:07 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/03/08 10:02:58 | 000,062,496 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/08/21 20:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/08/05 06:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009/03/20 07:40:39 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/12/05 11:24:00 | 007,538,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/26 13:44:14 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008/04/27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/02/29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/01/26 07:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...9&m=aspire_8930
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...9&m=aspire_8930

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...9&m=aspire_8930
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.16: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.16: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ACER\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ACER\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/19 19:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/28 13:03:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 13:42:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/30 13:42:44 | 000,000,000 | ---D | M]

[2009/10/15 19:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACER\AppData\Roaming\Mozilla\Extensions
[2011/09/13 22:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\miz7r0fi.default\extensions
[2010/05/21 09:09:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ACER\AppData\Roaming\Mozilla\Firefox\Profiles\miz7r0fi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/30 13:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/09 19:10:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
[2010/05/21 09:08:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/17 07:46:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/23 09:37:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 22:27:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 23:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/20 18:08:28 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/20 18:08:28 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/20 18:08:28 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/20 18:08:28 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ACER\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ACER\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ACER\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\ACER\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2011/09/05 14:40:48 | 000,614,259 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16324 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [workflow] F:\installs\workflow.exe File not found
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe (Convesoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macr...are/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0262EFB3-8DFF-407E-AE8E-C31A44EECB26}: NameServer = 152.78.128.200 152.78.128.201
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAA85B7-4C67-4C95-8036-02723AB7A771}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7D875F0-2A76-4C9B-AC8A-6020B6E459CD}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer03.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer03.JPG
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/19 19:24:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/08 18:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/10/08 18:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/10/08 18:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011/10/05 17:18:02 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\ACER\Desktop\aswMBR.exe
[2011/10/01 15:49:25 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2011/10/01 15:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2011/10/01 15:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[email protected] ISO Burner
[2011/09/30 13:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/30 13:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/30 13:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/09/29 18:56:05 | 000,000,000 | ---D | C] -- C:\35aecda3ee8791d0a5c7efc8c987
[2011/09/28 15:51:23 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\ACER\Desktop\OTL.exe
[2011/09/28 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\ACER\AppData\Local\Secunia PSI
[2011/09/28 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/09/28 13:03:42 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/28 13:03:42 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/28 13:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/28 13:03:40 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/28 13:03:40 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/28 13:03:40 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/28 13:03:39 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/28 13:03:33 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/28 13:03:33 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/28 13:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/28 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/28 11:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2011/09/28 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\ACER\Desktop\hosts
[2011/09/27 21:41:30 | 000,000,000 | ---D | C] -- C:\Users\ACER\AppData\Roaming\Malwarebytes
[2011/09/27 21:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/27 21:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/27 21:41:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/27 21:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/27 20:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/09/27 20:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/01/09 03:58:48 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/10/19 19:31:41 | 000,598,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/19 19:31:41 | 000,104,658 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/19 19:25:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/15 09:07:26 | 000,070,656 | ---- | M] () -- C:\Users\ACER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 08:52:15 | 000,001,356 | ---- | M] () -- C:\Users\ACER\AppData\Local\d3d9caps.dat
[2011/10/09 17:16:25 | 000,161,436 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/09 17:16:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/10/09 17:15:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/09 17:15:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/09 17:15:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/06 21:02:27 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945882338-3912884603-1135198170-1000UA.job
[2011/10/06 21:01:53 | 000,002,041 | ---- | M] () -- C:\Users\ACER\Desktop\Google Chrome.lnk
[2011/10/06 21:01:53 | 000,002,003 | ---- | M] () -- C:\Users\ACER\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/06 20:38:14 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 17:34:10 | 000,000,512 | ---- | M] () -- C:\Users\ACER\Desktop\MBR.dat
[2011/10/05 17:18:58 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\ACER\Desktop\aswMBR.exe
[2011/10/02 12:46:33 | 000,000,000 | ---- | M] () -- C:\Users\ACER\AppData\Local\{37C344E3-3ED8-427B-BC01-F3F66F99FBFD}
[2011/10/01 22:27:54 | 000,000,000 | ---- | M] () -- C:\Users\ACER\AppData\Local\{063B1003-3EA9-4ABC-8B66-0D065E02D942}
[2011/10/01 22:05:07 | 000,001,852 | ---- | M] () -- C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
[2011/10/01 22:04:51 | 000,002,439 | ---- | M] () -- C:\Users\Public\Desktop\Orion.lnk
[2011/10/01 21:55:58 | 000,000,000 | ---- | M] () -- C:\Windows\vpd.properties
[2011/10/01 19:43:53 | 000,405,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/01 12:57:44 | 000,000,000 | ---- | M] () -- C:\Users\ACER\AppData\Local\{901CAD3C-22C2-439D-99C3-31C4E97E4B09}
[2011/09/30 17:28:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/30 13:36:01 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/30 13:19:44 | 000,161,436 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/28 15:50:12 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\ACER\Desktop\OTL.exe
[2011/09/28 15:44:02 | 000,000,903 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/09/28 15:27:22 | 000,000,000 | ---- | M] () -- C:\Users\ACER\AppData\Local\{8217BE74-99C1-4656-8D51-19C27BAD773F}
[2011/09/28 13:15:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/28 13:03:42 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/28 12:27:02 | 000,000,000 | ---- | M] () -- C:\Users\ACER\AppData\Local\{D66BECDD-843B-4109-93FA-57629B53F917}
[2011/09/28 12:24:31 | 000,000,000 | ---- | M] () -- C:\Users\ACER\AppData\Local\{D832C08B-79FB-41F8-A47E-954FB3E3AC9D}
[2011/09/28 10:22:17 | 000,150,727 | ---- | M] () -- C:\Users\ACER\Desktop\hosts.zip
[2011/09/28 08:33:26 | 000,000,000 | ---- | M] () -- C:\Users\ACER\AppData\Local\{B8C405FE-C578-4A83-B804-D49EFAFE00E0}
[2011/09/28 08:32:52 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-945882338-3912884603-1135198170-1000Core.job
[2011/09/21 09:44:49 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/10/05 17:34:10 | 000,000,512 | ---- | C] () -- C:\Users\ACER\Desktop\MBR.dat
[2011/10/02 12:46:33 | 000,000,000 | ---- | C] () -- C:\Users\ACER\AppData\Local\{37C344E3-3ED8-427B-BC01-F3F66F99FBFD}
[2011/10/01 22:27:54 | 000,000,000 | ---- | C] () -- C:\Users\ACER\AppData\Local\{063B1003-3EA9-4ABC-8B66-0D065E02D942}
[2011/10/01 22:05:07 | 000,001,852 | ---- | C] () -- C:\Users\ACER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
[2011/10/01 12:57:44 | 000,000,000 | ---- | C] () -- C:\Users\ACER\AppData\Local\{901CAD3C-22C2-439D-99C3-31C4E97E4B09}
[2011/09/30 13:36:01 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/28 15:44:02 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/09/28 15:44:02 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/09/28 15:27:22 | 000,000,000 | ---- | C] () -- C:\Users\ACER\AppData\Local\{8217BE74-99C1-4656-8D51-19C27BAD773F}
[2011/09/28 13:03:42 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/28 12:27:02 | 000,000,000 | ---- | C] () -- C:\Users\ACER\AppData\Local\{D66BECDD-843B-4109-93FA-57629B53F917}
[2011/09/28 12:24:31 | 000,000,000 | ---- | C] () -- C:\Users\ACER\AppData\Local\{D832C08B-79FB-41F8-A47E-954FB3E3AC9D}
[2011/09/28 10:22:24 | 000,150,727 | ---- | C] () -- C:\Users\ACER\Desktop\hosts.zip
[2011/09/28 08:33:26 | 000,000,000 | ---- | C] () -- C:\Users\ACER\AppData\Local\{B8C405FE-C578-4A83-B804-D49EFAFE00E0}
[2011/09/21 09:44:49 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/18 12:33:41 | 000,000,136 | ---- | C] () -- C:\Users\ACER\AppData\Roaming\wklnhst.dat
[2009/11/17 14:11:58 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009/11/17 14:11:58 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009/11/17 14:11:58 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009/11/17 14:09:04 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/11/17 14:09:04 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/10/15 19:38:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/28 21:45:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/28 21:45:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/19 02:23:51 | 000,663,552 | ---- | C] () -- C:\Windows\System32\libeay32_1-1-0_DDR.dll
[2009/04/19 02:23:51 | 000,532,594 | ---- | C] () -- C:\Windows\System32\xerces-c_1_40_0_DDR.dll
[2009/04/19 02:23:51 | 000,524,377 | ---- | C] () -- C:\Windows\System32\stlport_4_0_0_DDR.dll
[2009/04/19 02:23:51 | 000,307,329 | ---- | C] () -- C:\Windows\System32\BJBase_2-2-2_DDR.dll
[2009/04/19 02:23:51 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32_1-1-0_DDR.dll
[2009/04/17 03:07:44 | 000,001,356 | ---- | C] () -- C:\Users\ACER\AppData\Local\d3d9caps.dat
[2009/04/06 21:32:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/04/03 17:14:56 | 000,070,656 | ---- | C] () -- C:\Users\ACER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 01:51:10 | 000,161,436 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/02 01:51:06 | 000,161,436 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/20 07:44:21 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/03/20 07:44:21 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/03/20 07:44:21 | 000,009,216 | ---- | C] () -- C:\Windows\usbvideo_reg.exe
[2009/03/20 07:44:21 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/03/20 07:41:03 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2009/01/09 06:19:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/09 06:19:08 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009/01/09 05:48:16 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/09 05:33:21 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/01/09 05:33:21 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/01/09 05:33:21 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/01/09 05:31:25 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/01/09 04:38:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/09 03:55:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/07 17:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 17:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 17:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/12/27 22:05:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/11/15 00:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007/04/25 02:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/03/10 12:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,405,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,782 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,658 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/02/25 19:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005/01/03 11:10:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\DLXAPI32.DLL
[2001/12/27 01:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 21:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 08:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 01:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 07:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/07/13 09:09:45 | 000,000,000 | -HSD | M] -- C:\Users\ACER\AppData\Roaming\.#
[2009/04/18 20:25:48 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\Acer
[2009/01/09 06:04:38 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\Acer GameZone Console
[2009/05/03 14:18:58 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/04/15 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\eSobi
[2009/04/19 08:36:01 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\OpenOffice.org
[2011/04/09 20:44:35 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\SAS
[2011/06/18 12:33:43 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\Template
[2009/03/31 22:23:40 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\Validity
[2011/04/27 08:03:33 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\Virgin Media
[2011/01/18 22:26:56 | 000,000,000 | ---D | M] -- C:\Users\ACER\AppData\Roaming\Windows Live Writer
[2011/09/30 17:28:02 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4220A65C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:F3176E45

< End of report >
  • 0

#18
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Laptop still won't boot into normal mode. Suspect this 'Orion' software is stopping me booting? However I cannot uninstall it in safe mode.
  • 0

#19
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,696 posts
Yes, the Online Armor entry was in your first scan posted, but I see it is absent in your current scan.

It's possible that your Orion software (or many other programs) is causing an issue. What made you mention Orion specifically?

There's something we can do in order to 'quickly' determine whether it or any other add-on software is keeping your machine from booting.

Instructions, from Microsoft, can be found here. Please see if your machine will boot into normal mode after following their clean-boot instructions, and if so, we'll try to narrow down what the culprit is.
  • 0

#20
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thanks - I think it might be Orion as the laptop freezes soon after loading this - I don't need this software anyway.

Will get back to you.
  • 0

#21
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,696 posts
Sounds good - I'll be waiting!
  • 0

#22
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thanks. I did a reboot using the windows clean boot instructions. My laptop now seems to be loading fine. As a precaution I immediately deleted Orion.


What now is the quickest to work which software is causing my system to crash?
  • 0

#23
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,696 posts
Really the quickest way is the "disable half" method described on the clean-boot page, using msconfig.

Here's the breakdown:

Step 1: Start the System Configuration Utility
To start the System Configuration Utility, click Start Posted Image, type msconfig, and then press enter. If you are prompted for a password or confirmation, please provide it and continue.

Step 2: Configure selective startup options
  • In the System Configuration Utility dialog box, click Selective Startup on the General tab.
  • Click to clear the Load Startup Items check box.
  • Note The Use Original Boot.ini check box is unavailable.
  • Click the Services tab.
  • Click to select the Hide All Microsoft Services check box.
  • Click Disable All, and then click OK.
  • When you are prompted, click Restart.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.
Choose the Normal Startup mode on the General tab to start Windows normally and undo the changes you made using the System Configuration Utility.



Now we get to the tedious part:

If windows behaves itself then do the following

Restart MSConfig and select half of the disabled services and reboot

Is the problem still present?

If Yes then deselect half of the services that you resumed and reboot

If no then select half of the remaining services and reboot

The intention here is to isolate the one service/driver that is causing the problem
  • 0

#24
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I knew there was a tedious part somewhere...! Ok will have a go.
  • 0

#25
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,696 posts
I completely understand. :)

If you find out which it was, I'd be very interested in knowing, so I can add it to things to look for in the future. Often I'll find that the issue is a vague little thing that just requires an update in one program or other that may not have obviously had anything to do with the trouble application.

If you haven't removed Orion yet, you might leave it installed at least long enough to use the half-out procedure to see if it was actually the culprit.
  • 0

Advertisements


#26
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi thanks for bearing with me, it's been a hectic week.

Well...after a few tedious hours I seem to have to have found the culprit service - 'MBAMService' of Malwarebytes Corporation. Looks like the worm did some real damage. When I run MBAMService my laptop crashes. If I don't load it, then all the other services seem to work fine.

However - I now cannot load Avast Antivirus. When I tried to it gives the message 'File System Shield provider not found'. So again it looks like the worm did damage.

So it looks like my system is now running ok, but Malwarebytes and Avast do not work. Shall I uninstall and re-install these programs? Otherwise, does it seem like my pc is free of any malware?

Thanks again.
  • 0

#27
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,696 posts
Let me get with my reviewer on this. There are infections that specifically target those programs, and while I can't see any evidence of them, he might have ideas on a few extra things to check.

All in all, yes, I'd try reinstalling MBAM first, then Avast. That'll give you something to do while I get feedback!

Don't worry about hectic weeks. I know exactly what you mean. :)
  • 0

#28
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Latest update - Avast seems to have installed ok.

However, malwarebytes continuously freezes my laptop around 5 minutes after windows startup (I have tried a few re-installs), exactly the same type of error as as the beginning. Should I be concerned about this at all?

Otherwise my laptop seems to be working fine now.
  • 0

#29
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,696 posts
I'm assuming that these freezes don't result in an error message being logged? If you like, I can give instructions on checking your application and system error logs so you can scan through them. With freezing though, typically I won't see an error logged as in the case of a blue screen or restart. It's something of a long shot. :)

MBAM does have one startup component that you wouldn't find using msconfig, but I've honestly never seen it lock a machine up. There are things that keep MBAM from running or even installing properly, but I don't see evidence of those. If it's not this startup component, it's possible it's MBAMService like we ran into earlier.

If you would, answer these questions, and I'll see what can be gleaned from the information:
  • Does the freeze only happen after the first restart after installing MBAM, or does it freeze up within five minutes of installing, regardless of rebooting?
  • When you have MBAM installed, is it freezing the machine even if MBAM isn't running?

I'm glad to hear about Avast installing properly. If you would, please run a boot-time scan with it, per these instructions:

Please start Avast!, and click the Scan Computer tab, on the left.
  • Click Boot-time Scan.
  • Click Schedule Now.

bootscan1.JPG

Next, click Restart computer, which appears right below the Schedule Now button:

bootscan2.JPG

Your computer will restart, then scan your system before Windows itself loads fully.

If Avast! finds anything, follow the recommended options. If you have question about a specific find, don't hesitate to post. The machine can wait while you wait, if needed.

Once Avast! is finished with its scan, please post the scan log per the following instructions:

  • Click Start
  • In the search box, type the following:
    %PUBLIC%\AppData\AVAST Software\Avast\report\aswBoot.txt
  • A notepad window will appear with the contents of the scan report. Please copy (ctrl-c) and paste (ctrl-v) the report in your next post.

  • 0

#30
joecool90

joecool90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi, sorry for the long delay this time.

Regarding MBAM - MBAM installs ok initially. However every time I rebooted/switched on the machine, the laptop would crash within 5 minutes of getting into Windows, when the MBAMService is turned on. When it's turned off it runs fine. I have currently uninstalled MBAM.

Results of Avast below. Unfortunately it found a number of malware, which I moved to chest:


11/20/2011 18:04
Scan of all local drives

File C:\Users\ACER\AppData\Local\Temp\jar_cache8624465868758086644.tmp|>mp1\p2\C.class is infected by Java:Agent-B [Trj], Moved to chest
File C:\Users\ACER\AppData\Local\Temp\jar_cache8624465868758086644.tmp|>mp1\p2\M.class is infected by Java:Agent-B [Trj], Moved to chest
File C:\Users\ACER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\70c7184d-36a77d31_1317559239.arl|>Keyworq.class is infected by Other:Malware-gen, Moved to chest
File C:\Users\ACER\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\70c7184d-36a77d31_1317559239.arl|>Uutecwv.class is infected by Java:Djewers-N [Trj], Moved to chest
File C:\Windows\Temp\Secunia PSI Agent\QuickTimeInstaller.exe|>QuickTime.msi|>QuickTime.cab|>QuickTimeEffects.Resources_ko.lproj_QuickTimeEffectsLocalized.qtr Error 42127 {CAB archive is corrupted.}
File C:\Windows\Temp\Secunia PSI Agent\QuickTimeInstaller.exe|>QuickTime.msi|>QuickTime.cab Error 42144 {OLE archive is corrupted.}
File C:\Windows\Temp\Secunia PSI Agent\QuickTimeInstaller.exe|>QuickTime.msi|>01_StringPool Error 42144 {OLE archive is corrupted.}
File C:\Windows\Temp\Secunia PSI Agent\QuickTimeInstaller.exe|>QuickTime.msi Error 42127 {CAB archive is corrupted.}
Number of searched folders: 24956
Number of tested files: 927941
Number of infected files: 4

Any idea yet on when my laptop is likely to be safe!?!? Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP