Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

memory dumping, blue screens...malware?

Started by Fiveroadies , Aug 01 2013 06:51 PM

  • Please log in to reply

#1
Fiveroadies
Posted 01 August 2013 - 06:51 PM

Fiveroadies

    Member

  • Member
  • PipPip
  • 47 posts
A couple weeks ago when I started the computer it went into startup repair. This past week google chrome kept freezing up and was unresponsive. I removed chrome and reinstalled it but the problem persisted. Scans were hanging up on chrome files and Reddit (?) files. I again removed google chrome. I couldn't remove all the files and they kept hanging my virus scans and ccleaner. Eventually I couldn't do anything. Things were taking forever to load, there was a lot of hard drive activity but little processor activity. I kept trying to restart and eventually had to run check disk. The first time it said the volume is clean. The second time it ran and reported unreadable files records. It reported that it deleted the registry entries for the reddit files and it said it replaced bad clusters in google chrome files (which I had removed). The computer kept crashing and I rebooted in safe mode and defragmented. It still kept crashing and did a start up repair this morning. Tonight windows explorer kept crashing but it finally loaded and is working well enough that I can finally post here.

OTL logfile created on: 8/1/2013 8:21:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tania\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 56.67% Memory free
3.86 Gb Paging File | 2.84 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.78 Gb Total Space | 47.39 Gb Free Space | 46.56% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: Tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/01 20:21:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tania\Desktop\OTL.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/08 05:35:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 16:03:54 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 16:03:54 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 16:03:54 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/30 19:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/21 19:09:23 | 000,175,192 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 D2 30 F9 49 BD CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/15 16:17:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.119.11 156.154.129.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{079A9D96-218C-47E1-9767-757E78625D22}: DhcpNameServer = 156.154.119.11 156.154.129.11
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{788b90c3-2af5-11e1-ba20-001eecc36505}\Shell - "" = AutoRun
O33 - MountPoints2\{788b90c3-2af5-11e1-ba20-001eecc36505}\Shell\AutoRun\command - "" = D:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/01 20:21:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tania\Desktop\OTL.exe
[2013/07/31 17:53:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/07/30 17:22:13 | 000,000,000 | ---D | C] -- C:\Users\Tania\Desktop\application
[2013/07/30 05:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/07/30 05:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2013/07/28 10:43:06 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Local\Nikon
[2013/07/28 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Local\Programs
[2013/07/28 10:28:39 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Roaming\Nikon
[2013/07/28 10:24:59 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Local\ArcSoft
[2013/07/28 10:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2013/07/28 10:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2013/07/28 10:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 5
[2013/07/28 10:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2013/07/28 10:24:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2013/07/28 10:24:18 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Roaming\ArcSoft
[2013/07/28 10:23:57 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/07/28 10:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
[2013/07/28 10:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/07/28 10:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
[2013/07/28 10:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2013/07/28 10:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Contents
[2013/07/28 10:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Commands
[2013/07/28 10:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2013/07/28 10:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2013/07/28 10:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Cocoa
[2013/07/28 10:10:06 | 000,000,000 | ---D | C] -- C:\Users\Tania\AppData\Local\Downloaded Installations
[2013/07/28 10:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2013/07/28 09:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
[2013/07/22 13:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/22 13:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/22 13:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/22 13:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/07/22 13:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/07/19 19:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2013/07/19 19:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013/07/16 03:00:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/14 13:45:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/07/14 11:21:22 | 000,000,000 | -HSD | C] -- C:\found.001

========== Files - Modified Within 30 Days ==========

[2013/08/01 20:21:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tania\Desktop\OTL.exe
[2013/08/01 20:01:00 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/01 20:01:00 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/01 19:58:10 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/01 19:58:10 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/01 19:58:10 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/01 19:53:19 | 000,303,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/01 19:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/01 19:52:53 | 1555,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/01 19:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/01 02:34:01 | 000,007,056 | ---- | M] () -- C:\bootsqm.dat
[2013/07/31 18:18:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/07/29 22:32:25 | 000,007,605 | ---- | M] () -- C:\Users\Tania\AppData\Local\resmon.resmoncfg
[2013/07/28 11:03:49 | 000,000,000 | ---- | M] () -- C:\Windows\ViewNX2.INI
[2013/07/28 10:43:09 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/07/28 10:28:44 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013/07/28 10:14:37 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2013/07/28 10:13:17 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Drums
[2013/07/28 10:13:17 | 000,000,268 | RH-- | M] () -- C:\Users\Tania\AppData\Roaming\Distortion
[2013/07/28 10:13:14 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Drum Kits
[2013/07/28 10:13:14 | 000,000,268 | RH-- | M] () -- C:\Users\Tania\AppData\Roaming\Displays
[2013/07/28 10:13:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2013/07/28 10:13:11 | 000,000,268 | RH-- | M] () -- C:\Users\Tania\AppData\Roaming\DirectoryService
[2013/07/19 12:32:25 | 000,076,317 | ---- | M] () -- C:\Users\Tania\Documents\Pay Inquiry.pdf
[2013/07/03 05:27:41 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/08/01 19:52:57 | 000,303,728 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/01 02:34:01 | 000,007,056 | ---- | C] () -- C:\bootsqm.dat
[2013/07/28 11:03:49 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2013/07/28 10:14:37 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2013/07/28 10:13:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Drums
[2013/07/28 10:13:17 | 000,000,268 | RH-- | C] () -- C:\Users\Tania\AppData\Roaming\Distortion
[2013/07/28 10:13:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/07/28 10:13:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Drum Kits
[2013/07/28 10:13:14 | 000,000,268 | RH-- | C] () -- C:\Users\Tania\AppData\Roaming\Displays
[2013/07/28 10:13:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/07/28 10:13:11 | 000,000,268 | RH-- | C] () -- C:\Users\Tania\AppData\Roaming\DirectoryService
[2013/07/28 10:13:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/07/19 12:32:24 | 000,076,317 | ---- | C] () -- C:\Users\Tania\Documents\Pay Inquiry.pdf
[2013/07/08 05:35:09 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/01/11 17:20:58 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/20 16:23:38 | 000,007,605 | ---- | C] () -- C:\Users\Tania\AppData\Local\resmon.resmoncfg
[2011/12/18 11:13:01 | 000,050,063 | ---- | C] () -- C:\Users\Tania\.DLMSave_back.xml
[2011/12/18 11:13:01 | 000,050,063 | ---- | C] () -- C:\Users\Tania\.DLMSave.xml
[2011/12/18 11:12:04 | 000,001,879 | ---- | C] () -- C:\Users\Tania\.Setting.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/31 11:51:23 | 000,000,000 | ---D | M] -- C:\Users\Tania\AppData\Roaming\.minecraft
[2013/02/03 12:07:32 | 000,000,000 | ---D | M] -- C:\Users\Tania\AppData\Roaming\Jasc
[2012/08/11 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\Tania\AppData\Roaming\ManyCam
[2013/07/28 10:43:07 | 000,000,000 | ---D | M] -- C:\Users\Tania\AppData\Roaming\Nikon
[2013/06/25 09:23:36 | 000,000,000 | ---D | M] -- C:\Users\Tania\AppData\Roaming\Oracle

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 8/1/2013 8:21:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tania\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 56.67% Memory free
3.86 Gb Paging File | 2.84 Gb Available in Paging File | 73.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101.78 Gb Total Space | 47.39 Gb Free Space | 46.56% Space Free | Partition Type: NTFS

Computer Name: TANIA-PC | User Name: Tania | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001CA25D-CECC-42E6-9F2F-5203AAC69254}" = lport=137 | protocol=17 | dir=in | app=system |
"{04C3808F-7CF0-497E-B829-D13C8295C044}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F3C7FF4-8708-4D4A-AA6C-E27977027C63}" = rport=445 | protocol=6 | dir=out | app=system |
"{1155C8F4-F564-47D7-87AE-94166543063B}" = lport=138 | protocol=17 | dir=in | app=system |
"{1A6F0050-E62B-4C07-99E6-EF8020340525}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{286CF4ED-135C-4C07-B5B3-272B53154820}" = rport=137 | protocol=17 | dir=out | app=system |
"{327B98BD-9413-4A7A-A41A-E06CE4980F5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B852C3B-03E0-4313-9E17-08879C852B75}" = rport=138 | protocol=17 | dir=out | app=system |
"{74AE66DE-7859-4145-A758-D057FE8DDC9E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4847B28-F157-4A17-AC16-713526E148EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{D11AE360-3D7D-4880-82B5-1344B0B75ACC}" = rport=139 | protocol=6 | dir=out | app=system |
"{F95A2A68-55FD-4C4C-8A5C-FEE19D5C7BCA}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16264A2D-059F-4997-BE6B-30D5DF2D6595}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B2235F0-4D76-4FCB-8BB1-BAFD316BD5BE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4C86BC8C-D6AC-48FC-B8C2-C6648FD6A0CC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6B671265-426C-4641-91EF-101D429A36A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{75C05381-54B3-4EDE-8B22-F91427AF7618}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7ACDAEB6-557E-429B-8117-C4F6489885DE}" = protocol=1 | dir=out | [email protected],-28544 |
"{803B3577-B762-47E4-B810-DE95B94027BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8EA4A9D2-F16E-49F2-AABA-7803613F05FF}" = protocol=58 | dir=in | [email protected],-28545 |
"{8FE31F70-859A-475C-9D0A-06EC758B6A53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD6C8FD5-5278-40A7-AF13-BF80A088F4EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD712AAA-8482-444C-922A-C0B36C41680D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AF5164AF-37A1-4088-9FA8-B324077172BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B48173A4-3693-4447-B3F5-C7E112F5C6DA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2BA2283-86FC-4EC5-A6DB-943D0718A503}" = protocol=1 | dir=in | [email protected],-28543 |
"{CD501D71-95B7-4457-A781-39646C37886D}" = protocol=58 | dir=out | [email protected],-28546 |
"{F51619AB-7666-436D-A798-79ECA067175E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{41F190AB-2AE8-4FA1-B041-89B95D93BE86}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{17CA324E-3279-4627-A888-10146934FDF0}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{47676630-682F-4932-8BC7-A558F6E7A1B0}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"eMusic Download Manager 5.0.5" = eMusic Download Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ManyCam" = ManyCam 3.0.80 (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2013 7:54:12 PM | Computer Name = Tania-PC | Source = ESENT | ID = 455
Description = Windows (1256) Windows: Error -1811 occurred while opening logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00080.log.

Error - 8/1/2013 7:54:13 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 8/1/2013 7:54:15 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 8/1/2013 7:54:15 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 8/1/2013 7:54:15 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 8/1/2013 7:54:34 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 8/1/2013 7:54:34 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 8/1/2013 7:54:34 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 8/1/2013 7:54:34 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 8/1/2013 7:54:34 PM | Computer Name = Tania-PC | Source = Windows Search Service | ID = 7010
Description =

[ Media Center Events ]
Error - 3/20/2012 4:33:15 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 4:33:15 PM - Error connecting to the internet. 4:33:15 PM - Unable
to contact server..

Error - 3/20/2012 4:33:26 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 4:33:20 PM - Error connecting to the internet. 4:33:20 PM - Unable
to contact server..

Error - 4/26/2012 2:15:07 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 2:15:07 PM - Error connecting to the internet. 2:15:07 PM - Unable
to contact server..

Error - 4/26/2012 2:15:41 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 2:15:36 PM - Error connecting to the internet. 2:15:36 PM - Unable
to contact server..

Error - 4/26/2012 3:16:23 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 3:16:22 PM - Error connecting to the internet. 3:16:22 PM - Unable
to contact server..

Error - 4/26/2012 3:19:18 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 3:19:16 PM - Error connecting to the internet. 3:19:16 PM - Unable
to contact server..

Error - 4/26/2012 4:20:00 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 4:20:00 PM - Error connecting to the internet. 4:20:00 PM - Unable
to contact server..

Error - 4/26/2012 4:20:30 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 4:20:29 PM - Error connecting to the internet. 4:20:29 PM - Unable
to contact server..

Error - 4/26/2012 5:23:32 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 5:23:32 PM - Error connecting to the internet. 5:23:32 PM - Unable
to contact server..

Error - 4/26/2012 5:24:02 PM | Computer Name = Tania-PC | Source = MCUpdate | ID = 0
Description = 5:24:01 PM - Error connecting to the internet. 5:24:01 PM - Unable
to contact server..

[ System Events ]
Error - 10/26/2012 4:31:32 PM | Computer Name = Tania-PC | Source = bowser | ID = 8003
Description =

Error - 10/29/2012 5:42:07 AM | Computer Name = Tania-PC | Source = DCOM | ID = 10010
Description =

Error - 11/6/2012 4:24:32 PM | Computer Name = Tania-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 11/7/2012 5:41:54 PM | Computer Name = Tania-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 11/7/2012 5:41:54 PM | Computer Name = Tania-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 11/7/2012 5:41:55 PM | Computer Name = Tania-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 11/7/2012 5:41:56 PM | Computer Name = Tania-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 11/13/2012 5:33:38 PM | Computer Name = Tania-PC | Source = bowser | ID = 8003
Description =

Error - 11/22/2012 9:11:48 PM | Computer Name = Tania-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:59:24 AM on ?11/?22/?2012 was unexpected.

Error - 11/25/2012 2:07:12 PM | Computer Name = Tania-PC | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 02 August 2013 - 07:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP
Sounds like the hard drive is on its way out.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
  • 0

#3
Fiveroadies
Posted 06 August 2013 - 03:47 AM

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
since my last post I added spypot and adaware


Attached File  TANIA-PC.txt   241.05KB   145 downloads
  • 0

#4
RKinner
Posted 06 August 2013 - 08:43 AM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP
Hard drive doesn't look that bad.

Please uninstall Spybot and AdAware. They may interfere. Do not install programs unless I tell you to. Hard to paint a moving train.

Could be a memory problem:

Run the built-in memory test:

http://www.sevenforu...stics-tool.html



If that looks OK then let's run BlueScreenView:

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
Fiveroadies
Posted 06 August 2013 - 07:20 PM

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
The built-in memory test showed no errors. I don't think I'm doing something correctly with the blue screen viewer. I have downloaded it twice. It doesn't run and says 0 crashes at the bottom(or does this mean there was no error?.

There is no log to save. Should I just continue on to the next thing you listed? Or am I doing something wrong?

Thank you
  • 0

#6
RKinner
Posted 06 August 2013 - 09:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP
I see this is Win 7. You need to right click and Run As Admin rather than just double click. If that doesn't help then go on to the next step.
  • 0

#7
Fiveroadies
Posted 10 August 2013 - 06:58 AM

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
the blue screen viewer still didn't run but everything else ran without complaint

Here is the log from vino's event viewer:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/08/2013 8:54:23 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/08/2013 12:28:38 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#8
RKinner
Posted 10 August 2013 - 08:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP
It's possible that when it blue screens it is not saving the dumps so nothing for blue screen view to see.

Go into Control Panel, System, Advanced System Settings, under the Advanced tab, look for the Settings button under Startup and Recovery and press it. Under System Failure: Check Write an Event to the System Log. Uncheck Automatically Restart. Write Debug Information should say Small Memory Dump (128K) and the small dump directory should be %SystemRoot%\Minidump. Then press OK. (It is easiest to find things in Control Panel in Classic Mode).

Let's run Process Explorer and see if it sees anything odd:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#9
Fiveroadies
Posted 10 August 2013 - 11:57 AM

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
it called it system idle process instead because that was the one at the top not the procexp file (it was number 2 on the list)

Attached Files


  • 0

#10
RKinner
Posted 10 August 2013 - 04:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP
Have you recently updated your video driver?

Interrupts 4.05 0 K 0 K n/a Hardware Interrupts and DPCs

Is way too high. This usually means a bad driver tho I have seen laptops with bad batteries causing problems.

If you boot into the Safe Mode Menu (Reboot and when you see the Maker's logo, start tapping the F8 key slowly. Keep tapping until you see the menu) and select the Enable Low Resolution Video option. Then when it finally loads it will look really ugly since it is stuck in the old VGA mode. Make a new Process Explorer log and copy and paste the result.

Also let's run Autoruns:


http://live.sysinter...om/autoruns.exe

Download Save and Run the program by right clicking and Run As Admin. File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.
  • 0

Advertisements

#11
Fiveroadies
Posted 14 August 2013 - 05:35 PM

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
The battery is pretty bad (I can't leave it unplugged for long and rarely do).

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 46.34 0 K 24 K 0
mscorsvw.exe 37.12 24,628 K 22,208 K 3804 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 10.05 27,124 K 45,168 K 3620 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts 1.02 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 2.84 34,884 K 19,504 K 1344 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 0.95 112 K 324 K 4
sidebar.exe 1.11 40,792 K 37,264 K 1584 Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.91 2,372 K 6,244 K 440 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.49 30,472 K 39,100 K 1440 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.31 33,520 K 1,512 K 1104 avast! Service AVAST Software (Verified) AVAST Software
svchost.exe 0.21 27,188 K 31,752 K 968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mscorsvw.exe 0.04 7,480 K 12,840 K 3632 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Corporation
AvastUI.exe 0.03 7,344 K 5,924 K 2116 avast! Antivirus AVAST Software (Verified) AVAST Software
iPodService.exe 0.02 3,052 K 6,752 K 2696 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
services.exe 0.02 6,500 K 7,964 K 484 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 18,776 K 18,336 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 34,620 K 30,812 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 0.01 3,012 K 7,948 K 1576 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 0.01 11,264 K 16,628 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 5,112 K 10,184 K 1920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,028 K 6,928 K 740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 9,260 K 16,612 K 1308 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 21,072 K 8,928 K 2124 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 22,380 K 21,668 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,092 K 3,952 K 388 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe < 0.01 3,688 K 9,836 K 2240 iTunesHelper Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 78,080 K 84,920 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 11,088 K 14,044 K 1388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 5,096 K 12,164 K 2292 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,196 K 7,024 K 3908 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,840 K 6,008 K 632 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,492 K 4,048 K 428 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 3,892 K 7,696 K 1320 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,812 K 4,828 K 1508 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,364 K 7,840 K 608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,412 K 8,904 K 1788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,072 K 4,740 K 328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sppsvc.exe 6,404 K 12,452 K 2020 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
smss.exe 452 K 1,040 K 276 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,020 K 7,368 K 3608 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PrintIsolationHost.exe 2,260 K 5,988 K 3168 PrintIsolationHost Microsoft Corporation (Verified) Microsoft Windows
mscorsvw.exe 2,472 K 5,808 K 2180 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 2,056 K 4,976 K 1712 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 2,396 K 3,856 K 508 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,044 K 8,728 K 500 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
igfxtray.exe 2,328 K 5,384 K 1780 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 2,172 K 5,900 K 932 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 8,224 K 10,928 K 1796 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dllhost.exe 2,604 K 6,508 K 3796 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 15,548 K 14,796 K 200 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,224 K 3,660 K 1544 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

Attached Files


  • 0

#12
RKinner
Posted 14 August 2013 - 06:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP
Looks like the video driver to me. Interrupts look normal now. What video card do you have? What version of the driver do you have?

If you don't know than try:
GPU-Z
http://www.techpowerup.com/gpuz/

It should tell you.


Sometimes you can fix it by turning down the Hardware Acceleration if your video card offers that:


Right-click an empty space on the desktop, and then select Screen Resolution.
Select Advanced Settings.
Select the Troubleshoot tab.
Click Change Settings (if available).

If Change Settings is grayed out, you cannot adjust hardware acceleration.
If Change Settings is clickable, drag the slider to the left.

If your computer does not run properly after lowering Basic accelerator functions, repeat the procedure and move the selector a notch or two to the right.

Then run Process Explorer again.





Also I am seeing

mscorsvw.exe 37.12 which is associated the .net program. This is probably running because you got an update from MS and it needs to be processed. It should go after about 10 minutes.
  • 0

#13
Fiveroadies
Posted 15 August 2013 - 04:17 PM

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Mobile Intel® 4 series express chipset?

I wasn't able to change the settings.

It's been running much better this week. I guess it's just getting old. I was hoping that when I get a new laptop/desktop that I could pass this on to my daughter but maybe not :(

Thank you so much for your help. I wish I could do all the stuff you do and know what you know. I love this site you guys are so awesome.
  • 0

#14
Fiveroadies
Posted 15 August 2013 - 04:21 PM

Fiveroadies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Oh and I forgot the driver is: igdumd64 8.15.10.2303/win 7 64
  • 0

#15
RKinner
Posted 15 August 2013 - 05:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,622 posts
  • MVP
Don't give up on it yet. The Video is an intel product so see if they have a new driver for you:

http://www.intel.com.../support/detect

Also try running it without the battery. Sometimes a bad battery will load down the power supply and starve the CPU.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP