Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Freeze, crashes, slow comp [Closed]

Started by AQUA258 , Apr 18 2012 07:20 PM

  • This topic is locked This topic is locked

#1
AQUA258
Posted 18 April 2012 - 07:20 PM

AQUA258

    Member

  • Member
  • PipPipPip
  • 169 posts
Hey there, I havent been around for a while..thats a good sign, shows you guys taught me well.
Usually i can fix things/problems on my own but this one has me stumped.

Toshiba; laptop
Windows 7...86
Chrome (latest)

Attempted fix; All software is updated eg...chrome, java, flash etc...
Tried diff browsers...FF,IE9..Safari etc...
Modem changed, ISP speed checked.

Some months ago the freezes started, not regularly just here and there...Progressively it started to get worse.
It use to just happen when i would play a game in FBook.(Freeze/Crash) From there it freezes when i open multiple tabs. It has gotten to the point where at times i cant even load a page. I cant scroll across a page because everything just locks up, the screen goes a see-through white and thats the end of that. I then have to do a forced shut down. Thats at the worst end mostly it just throws me out of the page im on and sends me back to my screensaver or Chrome jumps in and leaves me no option but to kill.

I've been trying all the fixes i can find on google eg...disable one of the flash players(if 2)tried running with both, tried alternating.
Shut down all plug-ins except Flash and Java.
Then i read that chrome only goes "snap crackle and pop" if there is a virus etc...
So i ran Malwarebytes, Ccleaner, SB search and destroy, Ad-aware...and Nothing...
I re-ran all these in safe mode...Nothing..
Then i tried "Removeit pro v4"...It found 3 viruses...but comp still doing the same thing.
Went through and deleted anything i wasn't using..still same.

Following morning its telling me i have an error-1402 with adobe reader. I try to find a fix which said delete and reinstall.
That was funny because i couldn't do either, says i didn't have permission. Couldn't change that.
So i deleted what i could out of the file and eventually managed to delete.
Again not satisfied i ran Removeit pro, found another 3 viruses in system32. Deleted and cleaned, still same issue only a tad worse.

I'm under the assumption that something has not only changed my system somehow but maybe there's more baddies in there that i cant find....( I even d/loaded a new cleaner, Ran all i have again..nothing)
That's just my guess though. I'm also thinking that part of the problem, maybe,is happening after an update(chrome).
As i said i haven't been here for a while which means all was working well...

Some help would be appreciated because i have run out of ideas.....Thank You.

PS; On the odd occasion it has a burst of life and takes of working at top speed, but that, is only short lived...sigh

OTL logfile created on: 19/04/2012 10:17:53 AM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Donna\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

956.00 Mb Total Physical Memory | 326.42 Mb Available Physical Memory | 34.14% Memory free
1.93 Gb Paging File | 0.89 Gb Available in Paging File | 46.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.02 Gb Total Space | 97.02 Gb Free Space | 69.78% Space Free | Partition Type: NTFS

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 08:42:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
PRC - [2012/03/21 12:56:44 | 000,326,504 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\driverscanner.exe
PRC - [2012/03/21 12:56:44 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/07 08:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 08:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/10/14 16:07:30 | 000,776,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/18 23:20:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09cf29b9e0262c949425c4737829cad0\IAStorUtil.ni.dll
MOD - [2012/04/18 23:20:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f172030132db9ec55c1f3ced218f6d6c\IAStorCommon.ni.dll
MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/11 05:41:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/11 05:41:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 05:40:53 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/03/21 12:56:44 | 000,406,888 | ---- | M] () -- C:\Program Files\Uniblue\DriverScanner\locale\en\en.dll
MOD - [2012/03/21 12:56:44 | 000,071,016 | ---- | M] () -- C:\Program Files\Uniblue\DriverScanner\InstallerExtensions.dll
MOD - [2012/03/21 12:56:44 | 000,018,792 | ---- | M] () -- C:\Program Files\Uniblue\DriverScanner\cwebpage.dll
MOD - [2012/02/15 12:24:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 12:22:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 12:22:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 12:22:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 12:22:13 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/26 07:24:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WatAdminSvc)
SRV - [2012/04/15 16:44:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/03/07 08:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012/04/19 08:27:51 | 002,846,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2012/03/07 08:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 08:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 08:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 08:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 08:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 08:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/29 16:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {1C747A86-A600-46AF-BFE8-AD55A9420D2C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1C747A86-A600-46AF-BFE8-AD55A9420D2C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_214.dll
CHR - plugin: Picasa (Disabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Disabled) = C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Open All Selected Links = C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhbealllgfdljhmmidodfeibbcmcbid\1.0.3_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\RunOnce: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B24D39C-F1A8-404E-A21C-231711EAE4A4}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 08:41:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2012/04/19 08:27:51 | 002,846,720 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/04/19 08:26:41 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/04/19 08:14:30 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Uniblue
[2012/04/19 08:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/04/19 08:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/04/19 07:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[2012/04/19 07:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2012/04/19 06:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation
[2012/04/19 06:26:37 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Intel Corporation
[2012/04/18 23:28:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2012/04/18 23:20:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/04/18 23:19:38 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\InstallShield
[2012/04/18 23:09:14 | 002,191,872 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2012/04/18 23:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros WiFi Driver Installation
[2012/04/18 23:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/04/18 22:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/04/18 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Easeware
[2012/04/18 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/18 19:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/04/18 19:09:40 | 000,000,000 | ---D | C] -- C:\ATI
[2012/04/18 18:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/04/17 20:40:19 | 000,000,000 | ---D | C] -- C:\Users\Donna\Documents\Anti-Malware
[2012/04/16 16:50:32 | 000,000,000 | ---D | C] -- C:\MATS
[2012/04/15 23:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/04/15 23:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/15 23:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/04/15 23:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/15 23:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/04/15 23:42:37 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\Microsoft Help
[2012/04/15 23:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/15 23:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/04/11 06:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/11 06:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2012/04/11 06:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2012/03/31 23:06:34 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/03/31 22:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/03/31 22:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/03/31 20:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/03/31 20:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/28 01:10:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2012/03/28 01:10:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2012/03/28 01:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012/03/26 12:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/21 10:38:53 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Wise Registry Cleaner
[2012/03/21 10:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2012/03/21 10:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 09:51:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-733432026-636039877-452488644-1001UA.job
[2012/04/19 09:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 09:19:57 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 09:19:57 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 08:42:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2012/04/19 08:27:51 | 002,846,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/04/19 08:14:43 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/04/19 08:14:24 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/04/19 06:45:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 06:45:02 | 751,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 23:30:12 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/18 23:30:12 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/18 22:51:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-733432026-636039877-452488644-1001Core.job
[2012/04/18 18:26:48 | 000,005,739 | ---- | M] () -- C:\Users\Donna\AppData\Local\Temp8.html
[2012/04/18 18:22:59 | 000,002,021 | ---- | M] () -- C:\Users\Donna\AppData\Local\Temp1.html
[2012/04/16 20:12:51 | 000,411,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/14 04:58:52 | 000,002,405 | ---- | M] () -- C:\Users\Donna\Desktop\Google Chrome.lnk
[2012/04/08 15:18:44 | 000,001,420 | ---- | M] () -- C:\Users\Donna\Desktop\Internet Explorer.lnk
[2012/04/08 15:18:44 | 000,001,414 | ---- | M] () -- C:\Users\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/08 15:14:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/04/08 00:54:38 | 000,046,355 | ---- | M] () -- C:\Users\Donna\Desktop\2.png
[2012/04/08 00:54:01 | 000,088,045 | ---- | M] () -- C:\Users\Donna\Desktop\1.png
[2012/04/05 10:07:07 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/04/05 10:07:07 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/28 01:10:31 | 000,000,808 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/03/24 02:16:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/19 08:14:42 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2012/04/19 08:14:24 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/04/18 23:09:14 | 000,432,641 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2012/04/18 23:09:14 | 000,066,619 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2012/04/18 18:26:48 | 000,005,739 | ---- | C] () -- C:\Users\Donna\AppData\Local\Temp8.html
[2012/04/18 18:22:59 | 000,002,021 | ---- | C] () -- C:\Users\Donna\AppData\Local\Temp1.html
[2012/04/08 15:18:44 | 000,001,420 | ---- | C] () -- C:\Users\Donna\Desktop\Internet Explorer.lnk
[2012/04/08 15:18:44 | 000,001,414 | ---- | C] () -- C:\Users\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/08 15:14:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/04/08 11:12:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 00:54:39 | 000,046,355 | ---- | C] () -- C:\Users\Donna\Desktop\2.png
[2012/04/08 00:54:02 | 000,088,045 | ---- | C] () -- C:\Users\Donna\Desktop\1.png
[2012/03/28 01:10:31 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/03/15 10:03:56 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/03/15 10:03:56 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/02/08 15:24:59 | 000,109,400 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/25 13:23:17 | 000,001,242 | ---- | C] () -- C:\Program Files\Paint.lnk
[2012/01/01 07:17:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== LOP Check ==========

[2012/02/16 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Charles
[2012/01/28 23:38:38 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Downloaded Installations
[2012/04/18 22:20:30 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Easeware
[2012/03/31 22:56:04 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\IObit
[2012/03/14 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Opera
[2012/04/19 08:14:30 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Uniblue
[2012/03/30 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Wise Registry Cleaner
[2012/04/19 08:14:43 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012/02/25 07:15:08 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >

OTL Extras logfile created on: 19/04/2012 8:44:39 AM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Donna\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

956.00 Mb Total Physical Memory | 152.02 Mb Available Physical Memory | 15.90% Memory free
1.93 Gb Paging File | 0.90 Gb Available in Paging File | 46.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.02 Gb Total Space | 97.27 Gb Free Space | 69.97% Space Free | Partition Type: NTFS

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{401879D1-AC26-43CD-BDDE-E0D5D5608083}" = TOSHIBA Supervisor Password
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{7EEB72E4-2150-49F8-BC51-B63AF7B9E2F2}" = GEAR driver installer 4.019
"{850DA472-9981-5D13-9C1A-118B6DF47DFF}" = ATI Catalyst Install Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.5800
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DriverEasy_is1" = DriverEasy 3.11.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Picasa 3" = Picasa 3
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (32-bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/04/2012 11:36:17 AM | Computer Name = Donna-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 18/04/2012 12:36:17 PM | Computer Name = Donna-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 18/04/2012 6:24:54 PM | Computer Name = Donna-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 18/04/2012 6:28:10 PM | Computer Name = Donna-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 18/04/2012 6:45:18 PM | Computer Name = Donna-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 18/04/2012 7:18:18 PM | Computer Name = Donna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Patch.exe, version: 0.0.0.0, time stamp:
0x4d75490c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x000565cb Faulting process id:
0xdc4 Faulting application start time: 0x01cd1db985a58d5f Faulting application path:
C:\Program Files\Easeware\DriverEasy\Patch.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: c78ff4ac-89ac-11e1-a1ca-0021636d461d

Error - 18/04/2012 7:19:23 PM | Computer Name = Donna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Patch.exe, version: 0.0.0.0, time stamp:
0x4d75490c Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00056759 Faulting process id:
0xc58 Faulting application start time: 0x01cd1db99e68a2a5 Faulting application path:
C:\Program Files\Easeware\DriverEasy\Patch.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: ee1cb960-89ac-11e1-a1ca-0021636d461d

Error - 18/04/2012 8:04:59 PM | Computer Name = Donna-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 18/04/2012 8:25:42 PM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service Office Source Engine since QueryServiceConfig API failed System Error:
The
system cannot find the file specified. .

Error - 18/04/2012 8:27:38 PM | Computer Name = Donna-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service Office Source Engine since QueryServiceConfig API failed System Error:
The
system cannot find the file specified. .

[ System Events ]
Error - 15/04/2012 5:59:33 PM | Computer Name = Donna-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 15/04/2012 5:59:33 PM | Computer Name = Donna-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 15/04/2012 5:59:33 PM | Computer Name = Donna-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 16/04/2012 3:31:27 AM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7023
Description = The HsfXAudioService service terminated with the following error:
%%2

Error - 16/04/2012 5:15:12 AM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7023
Description = The HsfXAudioService service terminated with the following error:
%%2

Error - 16/04/2012 7:45:27 AM | Computer Name = Donna-PC | Source = DCOM | ID = 10001
Description =

Error - 16/04/2012 8:13:01 AM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7023
Description = The HsfXAudioService service terminated with the following error:
%%2

Error - 16/04/2012 5:50:09 PM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7023
Description = The HsfXAudioService service terminated with the following error:
%%2

Error - 17/04/2012 2:39:06 AM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7023
Description = The HsfXAudioService service terminated with the following error:
%%2

Error - 17/04/2012 9:29:44 AM | Computer Name = Donna-PC | Source = Service Control Manager | ID = 7023
Description = The HsfXAudioService service terminated with the following error:
%%2


< End of report >
  • 0

Advertisements

#2
Crowbar
Posted 20 April 2012 - 03:33 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello Aqua258 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Sorry about the delay, I assume you are still having the same issues with your computer.

Since it's been a few days, I would like to see a fresh otl log, and also have you run a different scan.

Step 1
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:
  • OTL log (there won't be a new extras.txt)
  • aswMBR log

  • 0

#3
AQUA258
Posted 20 April 2012 - 04:25 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Here is what you requested....



OTL logfile created on: 21/04/2012 6:13:08 AM - Run 3
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Donna\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

956.00 Mb Total Physical Memory | 178.32 Mb Available Physical Memory | 18.65% Memory free
1.93 Gb Paging File | 1.03 Gb Available in Paging File | 53.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.02 Gb Total Space | 97.01 Gb Free Space | 69.78% Space Free | Partition Type: NTFS

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 08:42:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
PRC - [2012/03/21 12:56:44 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/07 08:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 08:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/10/14 16:07:30 | 000,776,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/18 23:20:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09cf29b9e0262c949425c4737829cad0\IAStorUtil.ni.dll
MOD - [2012/04/18 23:20:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f172030132db9ec55c1f3ced218f6d6c\IAStorCommon.ni.dll
MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/11 05:41:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/11 05:41:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 05:40:53 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/08 11:25:15 | 009,430,688 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_214.dll
MOD - [2012/02/15 12:24:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 12:22:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 12:22:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 12:22:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 12:22:13 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/26 07:24:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WatAdminSvc)
SRV - [2012/04/15 16:44:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/03/07 08:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Donna\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/19 08:27:51 | 002,846,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2012/03/07 08:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 08:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 08:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 08:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 08:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 08:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/29 16:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {1C747A86-A600-46AF-BFE8-AD55A9420D2C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1C747A86-A600-46AF-BFE8-AD55A9420D2C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/24 02:16:38 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_214.dll
CHR - plugin: Picasa (Disabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Disabled) = C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: avast! WebRep = C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Open All Selected Links = C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhbealllgfdljhmmidodfeibbcmcbid\1.0.3_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B24D39C-F1A8-404E-A21C-231711EAE4A4}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 01:17:22 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/04/20 00:52:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/04/20 00:50:44 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/04/20 00:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/04/20 00:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/04/19 08:41:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2012/04/19 08:27:51 | 002,846,720 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/04/19 08:14:30 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Uniblue
[2012/04/19 08:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/04/19 08:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/04/19 07:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[2012/04/19 07:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2012/04/19 06:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation
[2012/04/19 06:26:37 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Intel Corporation
[2012/04/18 23:28:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2012/04/18 23:20:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/04/18 23:19:38 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\InstallShield
[2012/04/18 23:09:14 | 002,191,872 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2012/04/18 23:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros WiFi Driver Installation
[2012/04/18 23:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/04/18 22:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/04/18 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Easeware
[2012/04/18 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/18 19:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/04/18 19:09:40 | 000,000,000 | ---D | C] -- C:\ATI
[2012/04/18 18:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/04/17 20:40:19 | 000,000,000 | ---D | C] -- C:\Users\Donna\Documents\Anti-Malware
[2012/04/16 16:50:32 | 000,000,000 | ---D | C] -- C:\MATS
[2012/04/15 23:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/04/15 23:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/15 23:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/04/15 23:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/15 23:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/04/15 23:42:37 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\Microsoft Help
[2012/04/15 23:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/15 23:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/04/11 06:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/11 06:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2012/04/11 06:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2012/03/31 23:06:34 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/03/31 22:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/03/31 22:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/03/31 20:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/03/31 20:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/28 01:10:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2012/03/28 01:10:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2012/03/28 01:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012/03/26 12:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/04/21 06:12:17 | 000,000,512 | ---- | M] () -- C:\Users\Donna\Desktop\MBR.dat
[2012/04/21 05:57:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/04/21 05:57:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 05:56:59 | 751,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 20:24:17 | 000,013,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 20:24:16 | 000,013,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 20:17:25 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-733432026-636039877-452488644-1001UA.job
[2012/04/20 20:17:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/20 14:58:18 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/20 14:58:18 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 01:41:55 | 000,410,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/20 01:40:05 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/04/20 01:40:05 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/04/20 00:50:30 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/04/19 22:51:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-733432026-636039877-452488644-1001Core.job
[2012/04/19 08:42:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2012/04/19 08:27:51 | 002,846,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/04/19 08:14:24 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/04/18 18:26:48 | 000,005,739 | ---- | M] () -- C:\Users\Donna\AppData\Local\Temp8.html
[2012/04/18 18:22:59 | 000,002,021 | ---- | M] () -- C:\Users\Donna\AppData\Local\Temp1.html
[2012/04/14 04:58:52 | 000,002,405 | ---- | M] () -- C:\Users\Donna\Desktop\Google Chrome.lnk
[2012/04/08 15:18:44 | 000,001,420 | ---- | M] () -- C:\Users\Donna\Desktop\Internet Explorer.lnk
[2012/04/08 15:18:44 | 000,001,414 | ---- | M] () -- C:\Users\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/08 15:14:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/04/08 00:54:38 | 000,046,355 | ---- | M] () -- C:\Users\Donna\Desktop\2.png
[2012/04/08 00:54:01 | 000,088,045 | ---- | M] () -- C:\Users\Donna\Desktop\1.png
[2012/04/05 10:07:07 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/04/05 10:07:07 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/28 01:10:31 | 000,000,808 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/03/24 02:16:38 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/04/21 06:12:17 | 000,000,512 | ---- | C] () -- C:\Users\Donna\Desktop\MBR.dat
[2012/04/20 01:39:30 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/04/20 01:34:58 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/04/20 00:50:30 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/04/19 08:14:42 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2012/04/19 08:14:24 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/04/18 23:09:14 | 000,432,641 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2012/04/18 23:09:14 | 000,066,619 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2012/04/18 18:26:48 | 000,005,739 | ---- | C] () -- C:\Users\Donna\AppData\Local\Temp8.html
[2012/04/18 18:22:59 | 000,002,021 | ---- | C] () -- C:\Users\Donna\AppData\Local\Temp1.html
[2012/04/08 15:18:44 | 000,001,420 | ---- | C] () -- C:\Users\Donna\Desktop\Internet Explorer.lnk
[2012/04/08 15:18:44 | 000,001,414 | ---- | C] () -- C:\Users\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/08 15:14:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/04/08 11:12:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 00:54:39 | 000,046,355 | ---- | C] () -- C:\Users\Donna\Desktop\2.png
[2012/04/08 00:54:02 | 000,088,045 | ---- | C] () -- C:\Users\Donna\Desktop\1.png
[2012/03/28 01:10:31 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/03/15 10:03:56 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/03/15 10:03:56 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/02/08 15:24:59 | 000,109,400 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/25 13:23:17 | 000,001,242 | ---- | C] () -- C:\Program Files\Paint.lnk
[2012/01/01 07:22:51 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/01 07:17:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== LOP Check ==========

[2012/02/16 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Charles
[2012/01/28 23:38:38 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Downloaded Installations
[2012/04/18 22:20:30 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Easeware
[2012/03/31 22:56:04 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\IObit
[2012/03/14 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Opera
[2012/04/19 08:14:30 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Uniblue
[2012/03/30 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Wise Registry Cleaner
[2012/04/21 05:57:18 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012/04/21 05:57:14 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >
************************************************************************************************



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 06:04:27
-----------------------------
06:04:27.950 OS Version: Windows 6.1.7601 Service Pack 1
06:04:27.951 Number of processors: 2 586 0xF0D
06:04:27.954 ComputerName: DONNA-PC UserName: Donna
06:04:45.938 Initialize success
06:04:47.289 AVAST engine defs: 12042001
06:05:50.266 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:05:50.272 Disk 0 Vendor: FUJITSU_ 0040 Size: 152627MB BusType: 3
06:05:50.288 Disk 0 MBR read successfully
06:05:50.292 Disk 0 MBR scan
06:05:50.296 Disk 0 Windows 7 default MBR code
06:05:50.302 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
06:05:50.313 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142360 MB offset 3074048
06:05:50.342 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8766 MB offset 294627328
06:05:50.349 Disk 0 scanning sectors +312580096
06:05:50.407 Disk 0 scanning C:\Windows\system32\drivers
06:06:06.548 Service scanning
06:06:34.417 Modules scanning
06:06:53.177 Disk 0 trace - called modules:
06:06:53.205 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
06:06:53.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860ab030]
06:06:53.219 3 CLASSPNP.SYS[8799159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84e37028]
06:06:54.178 AVAST engine scan C:\Windows
06:06:56.762 AVAST engine scan C:\Windows\system32
06:09:51.370 AVAST engine scan C:\Windows\system32\drivers
06:10:08.069 AVAST engine scan C:\Users\Donna
06:11:16.435 AVAST engine scan C:\ProgramData
06:11:39.716 Scan finished successfully
06:12:17.383 Disk 0 MBR has been saved successfully to "C:\Users\Donna\Desktop\MBR.dat"
06:12:17.383 The log file has been saved successfully to "C:\Users\Donna\Desktop\aswMBR.txt"
  • 0

#4
Crowbar
Posted 22 April 2012 - 10:02 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello aqua258,
I am not really seeing anything malware related in these logs.
I would like to look a little bit deeper with a custom scan.
I also would like to advise you about using registry cleaners, which usually at best, will not hurt your computer, but at worst can cause your system to not boot.we advise not to use this or any Registry cleaner as there have been reports of them clearing out needed Registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed..

I am seeing that your computer is having issues with it's licensing activation, are you getting any warnings from windows about it not being activated?

You say you have tried both versions of the flash player, right now you have the older one enabled, is this on purpose?

I would like you to also try the Revo uninstaller to see if there are any remnants of the Adobe Reader to remove.
You seem to have the UAC set to not default settings, is this on purpose?
Also, there is one file I would like you to submit to virustotal.com for analysis.

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
Please go to VirusTotal and upload the following file for scanning.
  • Click Choose File
  • Copy and paste the contents of the following code box into the text box next to File name: then click Open
  • C:\repairs_running.dat
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

Step 3
Download Revo Uninstaller and uninstall the Adobe Reader program(s).

Click here to download Revo Uninstaller
Once downloaded, double click the file and follow the prompts to install it
Run Revo Uninstaller, then click the program you want to remove, then click Uninstall at the top
Click Yes to confirm, then click Next
After it has ran the official uninstaller, click Next to search for leftover information
If it finds any leftover files and folders, click Select All, then Delete
Click Next after it has removed the leftovers, then click Finish

In your next reply I would like to see:
  • OTL custom scan log (there won't be a new extras.txt
  • How did Revo uninstaller do with Adobe Reader
  • Answers to my questions

  • 0

#5
AQUA258
Posted 22 April 2012 - 04:21 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Answers to questions;

Registry cleaner was only d/loaded recently out of desperation trying to fix my problem.
I normally dont use them, I have deleted it.

Activation started having a problem after i cleaned the Viruses/Malware i found.
I have the disc and activation numbers, it wouldn't let me reactivate.

Flash; If you mean the older one by the one that comes with Chrome.
I tried deleting that one and installing the latest but Facebook games wouldnt work, kept telling me i need flash.
So i re installed the one Chrome wanted.
Even though Chrome is suppose to update itself that flash doesn't seem to be updating.
The latest one i installed manually. Then i was trying to do an elimination process to see which worked better out of the 2.
Unfortunately nothing changed/improved.

UAC; I went to have a look as to where this was, I have no recollection of touching this/ changing it.

REVO; Nothing showed up for Adobe Reader;
I managed to delete it prior. I deleted as much as i could out of the file, this killed the reader so i could remove the rest...lol...
I haven't checked in registry if anything is still left there.

********************************************************************************************************


OTL


OTL logfile created on: 23/04/2012 5:26:37 AM - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Donna\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

956.00 Mb Total Physical Memory | 164.63 Mb Available Physical Memory | 17.22% Memory free
1.93 Gb Paging File | 1.07 Gb Available in Paging File | 55.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.02 Gb Total Space | 97.01 Gb Free Space | 69.78% Space Free | Partition Type: NTFS

Computer Name: DONNA-PC | User Name: Donna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 08:42:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
PRC - [2012/03/21 12:56:44 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/07 08:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 08:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/10/14 16:07:30 | 000,776,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/18 23:20:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09cf29b9e0262c949425c4737829cad0\IAStorUtil.ni.dll
MOD - [2012/04/18 23:20:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f172030132db9ec55c1f3ced218f6d6c\IAStorCommon.ni.dll
MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/11 05:41:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/11 05:41:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 05:40:53 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/02/15 12:24:06 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 12:22:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 12:22:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 12:22:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 12:22:13 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/26 07:24:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WatAdminSvc)
SRV - [2012/04/15 16:44:28 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/03/07 08:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 21:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012/04/19 08:27:51 | 002,846,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2012/03/07 08:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 08:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 08:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/07 08:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 08:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 08:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/29 16:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007/11/09 04:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\..\SearchScopes,DefaultScope = {1C747A86-A600-46AF-BFE8-AD55A9420D2C}
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\..\SearchScopes\{1C747A86-A600-46AF-BFE8-AD55A9420D2C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-733432026-636039877-452488644-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/24 02:16:38 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Donna\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_214.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Donna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: avast! WebRep = C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Open All Selected Links = C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhbealllgfdljhmmidodfeibbcmcbid\1.0.3_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-733432026-636039877-452488644-1001..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-733432026-636039877-452488644-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-733432026-636039877-452488644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-733432026-636039877-452488644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B24D39C-F1A8-404E-A21C-231711EAE4A4}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 01:17:22 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/04/20 00:52:00 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/04/20 00:50:44 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/04/20 00:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/04/20 00:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/04/19 08:41:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2012/04/19 08:27:51 | 002,846,720 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/04/19 08:14:30 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Uniblue
[2012/04/19 08:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/04/19 08:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/04/19 07:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
[2012/04/19 07:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2012/04/19 06:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation
[2012/04/19 06:26:37 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Intel Corporation
[2012/04/18 23:28:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2012/04/18 23:20:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/04/18 23:19:38 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\InstallShield
[2012/04/18 23:09:14 | 002,191,872 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2012/04/18 23:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros WiFi Driver Installation
[2012/04/18 23:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/04/18 22:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/04/18 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Roaming\Easeware
[2012/04/18 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/18 19:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/04/18 19:09:40 | 000,000,000 | ---D | C] -- C:\ATI
[2012/04/18 18:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/04/17 20:40:19 | 000,000,000 | ---D | C] -- C:\Users\Donna\Documents\Anti-Malware
[2012/04/16 16:50:32 | 000,000,000 | ---D | C] -- C:\MATS
[2012/04/15 23:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/04/15 23:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/15 23:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/04/15 23:48:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/15 23:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/04/15 23:42:37 | 000,000,000 | ---D | C] -- C:\Users\Donna\AppData\Local\Microsoft Help
[2012/04/15 23:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/15 23:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/04/11 06:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/11 06:52:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2012/04/11 06:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2012/03/31 23:06:34 | 000,021,848 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe
[2012/03/31 22:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/03/31 22:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/03/31 20:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/03/31 20:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/28 01:10:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-MX
[2012/03/28 01:10:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\es-AR
[2012/03/28 01:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2012/03/26 12:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/04/23 05:07:55 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/04/23 05:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/23 05:07:39 | 751,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 21:58:54 | 000,013,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 21:58:54 | 000,013,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/22 21:51:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-733432026-636039877-452488644-1001UA.job
[2012/04/22 21:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/22 01:19:21 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-733432026-636039877-452488644-1001Core.job
[2012/04/20 14:58:18 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/20 14:58:18 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 01:41:55 | 000,410,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/20 01:40:05 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/04/20 01:40:05 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/04/20 00:50:30 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/04/19 08:42:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Donna\Desktop\OTL.exe
[2012/04/19 08:27:51 | 002,846,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/04/19 08:14:24 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/04/18 18:26:48 | 000,005,739 | ---- | M] () -- C:\Users\Donna\AppData\Local\Temp8.html
[2012/04/18 18:22:59 | 000,002,021 | ---- | M] () -- C:\Users\Donna\AppData\Local\Temp1.html
[2012/04/14 04:58:52 | 000,002,405 | ---- | M] () -- C:\Users\Donna\Desktop\Google Chrome.lnk
[2012/04/08 15:18:44 | 000,001,420 | ---- | M] () -- C:\Users\Donna\Desktop\Internet Explorer.lnk
[2012/04/08 15:18:44 | 000,001,414 | ---- | M] () -- C:\Users\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/08 15:14:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/04/08 00:54:38 | 000,046,355 | ---- | M] () -- C:\Users\Donna\Desktop\2.png
[2012/04/08 00:54:01 | 000,088,045 | ---- | M] () -- C:\Users\Donna\Desktop\1.png
[2012/04/05 10:07:07 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/04/05 10:07:07 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/28 01:10:31 | 000,000,808 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

========== Files Created - No Company Name ==========

[2012/04/20 01:39:30 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/04/20 01:34:58 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/04/20 00:50:30 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/04/19 08:14:42 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2012/04/19 08:14:24 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/04/18 23:09:14 | 000,432,641 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2012/04/18 23:09:14 | 000,066,619 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2012/04/18 18:26:48 | 000,005,739 | ---- | C] () -- C:\Users\Donna\AppData\Local\Temp8.html
[2012/04/18 18:22:59 | 000,002,021 | ---- | C] () -- C:\Users\Donna\AppData\Local\Temp1.html
[2012/04/08 15:18:44 | 000,001,420 | ---- | C] () -- C:\Users\Donna\Desktop\Internet Explorer.lnk
[2012/04/08 15:18:44 | 000,001,414 | ---- | C] () -- C:\Users\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/08 15:14:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/04/08 11:12:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 00:54:39 | 000,046,355 | ---- | C] () -- C:\Users\Donna\Desktop\2.png
[2012/04/08 00:54:02 | 000,088,045 | ---- | C] () -- C:\Users\Donna\Desktop\1.png
[2012/03/28 01:10:31 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/03/15 10:03:56 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/03/15 10:03:56 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/02/08 15:24:59 | 000,109,400 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/25 13:23:17 | 000,001,242 | ---- | C] () -- C:\Program Files\Paint.lnk
[2012/01/01 07:22:51 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/01 07:17:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/11 18:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 18:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 18:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 17:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== LOP Check ==========

[2012/02/16 23:37:57 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Charles
[2012/01/28 23:38:38 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Downloaded Installations
[2012/04/18 22:20:30 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Easeware
[2012/03/31 22:56:04 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\IObit
[2012/03/14 18:51:47 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Opera
[2012/04/19 08:14:30 | 000,000,000 | ---D | M] -- C:\Users\Donna\AppData\Roaming\Uniblue
[2012/04/23 05:07:55 | 000,000,328 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012/04/21 05:57:14 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/05/08 13:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/12 07:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 14:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 13:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 16:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{07619788-9316-41AB-B18B-3ADC81143ED6}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3B24D39C-F1A8-404E-A21C-231711EAE4A4}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/14 07:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 01 01 07 01 06 01 05 01 04 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/14 09:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/08 15:14:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/08 15:14:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/08 15:14:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/04/08 15:14:53 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/04/08 15:14:53 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Donna\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/04/08 15:14:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/04/08 15:14:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/04/08 15:14:53 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/04/08 15:14:53 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/04/08 15:14:53 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: DONNA-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 C S3A6609D003 NTFS Partition 139 GB Healthy System
Volume 2 TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >
*******************************************************************************************



VIRUSTOTAL;


https://www.virustot...sis/1335130900/


NO OPTION TO "SEND FILE", SCANNED AGAIN;

https://www.virustot...sis/1335131560/
  • 0

#6
AQUA258
Posted 24 April 2012 - 07:52 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Update; My chrome started crashing...snap...crackle ...pop...(black screen with puzzle piece)

I read somewhere that if this happens then there is virus or malware on my comp so i decided, out of curiosity, to run Removeit Pro again.

This is what it found;
Scan.jpg

I can understand the otl but what and where are the rest from?
The "corets" one i had before and it wouldnt let me delete so i used Malwarebytes tool to force a delete but its back.
Do these items on the list belong to my computer or are they worms and virus's?

I deleted all, re-ran Removeit pro and the second scan came up clean.
I then checked the registry with Ccleaner and this is what it came up with.

ActiveX/COM Issue InProcServer32\%windir%\system32\rdpcorets.dll HKCR\CLSID\{5828227c-20cf-4408-b73f-73ab70b8849f}

I hit the fix button...

Thought this info may help with the ongoing comp problem.

I will re-run the scanner after i restart, last time i found bugs, first scan got 3, second scan, after re-start found more.

PS; that's if those listed are bugs?
  • 0

#7
Crowbar
Posted 25 April 2012 - 05:11 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello aqua258,
I am not really seeing any malware in the OTL log.
I strongly suggest that you stop running removeit pro as it's pretty agressive and prone to false positives. The rdpcorets file it's referring to is a legit windows file, as are the others that it found. OTL is our tool, and rtsustor is a file for a usb card reader.
So to answer your question, yes those files belong on your computer, and no they are not viruses or worms.

If you are having issues with Chrome crashing, I would suggest that you uninstall then re-install it.

I am afraid that running any of the registry cleaners you have are only making things worse. The registry part of Ccleaner is a registry cleaner, and using it may damage Windows even further.

Can you please elaborate on the Windows activation issues?
You may have to try to activate by phone, do you get that far in the activation wizard?

Can you enable the UAC or does it not let you?
  • 0

#8
AQUA258
Posted 25 April 2012 - 08:10 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
UAC can be enabled.

I un-installed and re-installed chrome prior to coming here.
I have 3 chrome.exe's running in task manager. Why do i need 3? Can i delete 2 of them?

Windows activation worked so thats all good now.
  • 0

#9
Crowbar
Posted 26 April 2012 - 02:00 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Great job with the activation.
Do you not want to turn on the UAC? I recommend that you do turn it on, but in the end it's up to you.

When I start Chrome, I do get 2 instances of chrome.exe in my task manager, this is normal behavior, and each additional tab that you open there is another instance. Do you have 2 tabs open when you see the 3 instances of chrome.exe in your task manager?

I would like to try an online virus scan

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#10
AQUA258
Posted 26 April 2012 - 03:51 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Task Manager; as you can see, no extra tabs yet there are 4 chrome.exe

chrome4.jpg

**********************************************************

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a2b3a5f07fd8a94dba78d5a6f56aa4cc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-26 09:38:43
# local_time=2012-04-27 05:38:43 (+0800, W. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 9339448 87104270 0 0
# compatibility_mode=8192 67108863 100 0 580 580 0 0
# scanned=80924
# found=1
# cleaned=1
# scan_time=3286

***********************************************************************
  • 0

Advertisements

#11
Crowbar
Posted 27 April 2012 - 11:37 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
While each tab will cause an instance of chrome.exe, some extensions also cause an instance per tab.
Press Shift + Esc to start the Chome Task Manager. This will show you what is running per tab.

I would like you to disble all of the extensions and see if that solves your Chrome crashes. If that does solve the issue, lets enable them, one at a time and see how Chrome reacts. If you find a bad one, it can be uninstalled later.
To disable extensions in Chrome:
  • Click the wrench icon on the browser toolbar.
  • Select Tools.
  • Select Extensions.
  • On the Extensions page, click Disable for the extension you'd like to temporarily remove.

  • 0

#12
AQUA258
Posted 28 April 2012 - 09:12 AM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Hi there, the only extension ive got is a "chrome" multiple link opener. I also tried another.
Same thing is still happening whether i disable it or enable.
I tried this with all the plug-ins as well as the flash players. Same.

More freezes than crashes(black screen)Shockwave still doing its crashing.

Forgot to tell you, if it's of any importance; All my bookmarks have a globe next to them.
All their diff icons have gone. This happened after i removed the malware/virus's.
Not only that, as my home page i had it opening as "google.com" NOW it opens as "google Australia".(Happened a few days ago)
Not that it makes a big diff but something changed it.
When i check in chrome setting what is written there for my home page it says google.com.
If it was to be google australia would it not have this "google.com.au"?

I have removed reg cleaners.

Is it possible for a keylogger to be present but not detected by what we have run already?
I just find it strange that these things randomly change.

UPDATE; OMG...What ever i have/had has compromised everything. I have 2 websites. Last week i found spammy stuff in my Sha-n-chi dot com site. Didnt think much of it, deleted the username of the member. Following day same thing so i deleted by IP. So far so good.
I just went into my other site Raw Twig dot com and that has a Trojan horse all through it, which i have no idea how to clean....Ive had these sites up for some time never a drama like this in both plus my comp.

UPDATE 2; This is what i found in my website JS.Redirector-OM [trj]

Edited by AQUA258, 28 April 2012 - 11:25 AM.

  • 0

#13
AQUA258
Posted 30 April 2012 - 04:21 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
Sorry people, not meaning to bump this but is anyone still working on this with me?

:unsure:
  • 0

#14
Crowbar
Posted 30 April 2012 - 05:46 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Sorry about the delay, I am submitting a fix for my instructors approval now.
  • 0

#15
AQUA258
Posted 01 May 2012 - 04:38 PM

AQUA258

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 169 posts
OK, thank you....will wait... :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP