Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown Problem- OTL Log Attached


  • Please log in to reply

#1
andrea22

andrea22

    Member

  • Member
  • PipPipPip
  • 139 posts

I bought a new battery for my laptop a few weeks ago, and have been having issues ever since. I took it back to the shop, they told me they 'gave it a cleanup' and that its now fine. It is not. (I didn't ask for a cleanup!!!) Issue #1, the power appears to cut out randomly. Sometimes it will cut out @ 30% battery left, sometimes even at 87%...its random. When it cuts out like this, it makes a 'clicking' noise. So I restart, open Firefox, and all my tabs are gone, and I have to sign into every single site. Issue #2, my browser (Firefox) is crashing continually. Like, up to 30 times a night.

 

WHAT HAVE I DONE TO RESOLVE THIS??

 

1) Realised that the shop had removed my antivirus (Avast), so reinstalled that, and ran a full scan. It showed no malware, but showed that a number of files couldn't be opened. I didn't know what to do about that so I didn't touch it in case I did something silly.

 

2) Realised that I wasn't using the latest version of Firefox, so I got the latest, and it's been better tonight, but has still crashed twice. Which is better, but far from ideal. And it never did this before the new battery.

 

BACKGROUND INFO--

 

4 yr old Toshiba satellite no issues ever. Have had no battery power for over a year (always left it plugged into mains) until recently. Windows 7 Home premium.

 

Basic user, just internet, no gaming.

 

Computer shop disabled a whole lot of stuff, including Apple mobile device stuff, Skype, password thingy, automatic dongle popup thing & antivirus...I don't understand why they did this, but it seems odd. These are all things I use every day and I'd like to know how to get them back please :)

 

 

OTL logfile created on: 5/5/2014 10:09:49 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Celia\Downloads\Programs Etc
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.34% Memory free
5.98 Gb Paging File | 4.12 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.45 Gb Total Space | 491.32 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
 
Computer Name: CELIA-PC | User Name: Celia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/05 22:09:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Celia\Downloads\Programs Etc\OTL.exe
PRC - [2014/05/03 18:52:39 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/05/03 18:52:39 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/01 19:17:44 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014/04/22 19:24:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/14 11:01:26 | 004,352,408 | ---- | M] (Telstra) -- C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
PRC - [2009/10/29 04:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/10/22 02:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2009/07/29 13:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 11:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/02/21 02:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/03 18:52:43 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/05/01 19:17:44 | 016,351,920 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014/04/22 19:25:22 | 003,845,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/13 08:11:56 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 08:11:30 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/13 08:11:17 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 08:11:11 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 08:11:09 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\549aa924ef5af7232f4024eb6f8cb97a\UIAutomationProvider.ni.dll
MOD - [2014/02/13 08:11:09 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/13 08:11:08 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/13 08:10:59 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/13 08:10:51 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 08:10:42 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/05 20:39:53 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/03 18:52:39 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/04/22 19:25:14 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/06 17:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 14:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/05/25 07:53:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/06 02:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/10/31 05:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/10/30 07:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/28 13:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/10/22 03:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/22 02:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/10/07 02:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/10/03 06:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/10/01 12:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 12:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/09/29 07:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/07/29 08:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/02/21 02:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/05 12:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Celia\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/05/03 18:52:47 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/05/03 18:52:47 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/05/03 18:52:47 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/03 18:52:47 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/05/03 18:52:47 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/03 18:52:47 | 000,067,776 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014/05/03 18:52:47 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/03 18:52:47 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/16 01:02:20 | 009,927,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/28 15:05:06 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/10/27 05:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/10/03 06:33:24 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/09/24 03:25:18 | 000,120,432 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/08/22 06:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/31 14:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/07/31 10:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/25 08:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/15 08:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 15:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/30 09:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009/06/30 03:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/30 03:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2009/06/23 10:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 12:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/06/12 06:05:04 | 000,626,688 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2009/05/20 14:59:00 | 000,011,776 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008/04/29 11:00:30 | 000,007,168 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/04/25 11:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2007/04/18 13:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSAU
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSAU_enAU380
IE - HKCU\..\SearchScopes\{FFF91CB7-B0E0-413C-B92E-96DAFB43BBB6}: "URL" = http://websearch.ask...6D-1A043048EC60
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.96
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.23
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20120202
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/03 18:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/29 18:25:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/29 18:25:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/05/05 21:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/05/23 15:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Extensions
[2014/05/05 14:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions
[2013/08/18 18:25:02 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2014/05/05 14:26:53 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2014/05/05 14:44:14 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
[2010/05/23 16:59:40 | 000,000,000 | ---D | M] (Pimpoflage) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
[2012/02/14 07:50:31 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
[2014/02/26 09:30:41 | 002,873,766 | ---- | M] () (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
[2013/05/06 09:34:44 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
[2014/01/18 21:31:49 | 000,002,541 | ---- | M] () -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\searchplugins\ask-search.xml
[2013/09/11 13:33:57 | 000,002,343 | ---- | M] () -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\searchplugins\askcom.xml
[2014/04/27 21:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/03/29 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/03/29 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/03/29 18:25:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/05/01 19:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/05 14:13:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/03 18:52:53 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2010/11/07 22:47:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.133.45 10.5.136.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: DhcpNameServer = 10.1.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: NameServer = 208.67.222.222,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1D94B21-0440-49D0-84F0-A572D804475D}: DhcpNameServer = 10.5.133.45 10.5.136.242
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/03 18:57:39 | 000,000,000 | ---D | C] -- C:\Users\Celia\AppData\Roaming\AVAST Software
[2014/05/03 18:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/05/03 18:53:04 | 000,776,976 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2014/05/03 18:53:04 | 000,067,776 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswStm.sys
[2014/05/03 18:53:02 | 000,411,552 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2014/05/03 18:53:02 | 000,067,824 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2014/05/03 18:53:01 | 000,081,768 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2014/05/03 18:52:47 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014/05/03 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/05/03 18:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/04/30 20:54:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/04/30 20:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/30 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/04/29 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\Celia\AppData\Local\Programs
[2014/04/20 10:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/05 21:55:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/05 21:24:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/05 21:19:13 | 000,002,031 | ---- | M] () -- C:\Users\Celia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/05/05 21:19:13 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/05/05 19:15:19 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 19:15:19 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/05 19:07:26 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/05 19:06:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/05 19:06:30 | 2407,735,296 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/05 14:13:54 | 000,002,005 | ---- | M] () -- C:\Users\Celia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/05/05 14:13:54 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/03 18:53:51 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/03 18:52:47 | 000,776,976 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2014/05/03 18:52:47 | 000,411,552 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2014/05/03 18:52:47 | 000,271,264 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2014/05/03 18:52:47 | 000,180,632 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
[2014/05/03 18:52:47 | 000,081,768 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2014/05/03 18:52:47 | 000,067,824 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2014/05/03 18:52:47 | 000,067,776 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswStm.sys
[2014/05/03 18:52:47 | 000,049,944 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
[2014/05/03 18:52:47 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014/05/03 18:52:47 | 000,024,184 | ---- | M] () -- C:\windows\System32\drivers\aswHwid.sys
[2014/05/03 17:24:21 | 000,761,788 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2014/05/03 17:24:21 | 000,163,180 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2014/04/30 20:54:17 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/16 20:55:10 | 000,006,144 | ---- | M] () -- C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2014/05/03 18:53:51 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/03 18:53:04 | 000,180,632 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2014/05/03 18:53:02 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2014/05/03 18:53:02 | 000,024,184 | ---- | C] () -- C:\windows\System32\drivers\aswHwid.sys
[2014/05/01 19:33:35 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
[2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
[2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
[2011/01/17 12:33:49 | 000,006,144 | ---- | C] () -- C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/14 20:29:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/22 11:05:14 | 003,093,504 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010/05/22 11:01:38 | 127,951,849 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010/05/22 10:13:06 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/03 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\AVAST Software
[2010/05/26 10:25:10 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\FireShot
[2013/02/03 17:46:24 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\InterVideo
[2014/01/25 11:38:57 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\OpenOffice
[2010/07/08 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\OpenOffice.org
[2010/07/16 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Sierra Wireless
[2012/03/05 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Thunderbird
[2010/07/09 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Toshiba
[2011/09/17 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Ulead Systems
[2010/08/08 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Probably best to copy and paste each log into a reply as you get them.  
 
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Celia\AppData\Local\Temp\catchme.sys -- (catchme)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2014/03/29 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/03/29 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/03/29 18:25:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01162013-some number.log so look there if you don't see it.
This just gets rid of some deadwood.
 
Clear the Java Cache by following the instructions on
 

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
Since you are having problems since the new battery, try running without the battery for a while (shutdown, remove the battery, restart).  Some replacement batteries can be bad.
 
For your Firefox crashes, try running it in Safe Mode:
 
 
with all extensions disabled.  Odds are that one of your add-ons is causing the crash.  I would suspect pimpoflage as it is not often updated.
 
We can run some other tests:
 

 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then do the part in the box otherwise skip to the VEW step.:
 

Copy the next two lines:


findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 
 
 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy  (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
 
 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 
 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     

    • 0

    #3
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    FIRST OTL LOG FILE- BUT please how soon can I reinstallthe firefox dark theme?? Totally can't handle the lightness!

     

    OTL logfile created on: 5/5/2014 10:09:49 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Celia\Downloads\Programs Etc
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
     
    2.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.34% Memory free
    5.98 Gb Paging File | 4.12 Gb Available in Paging File | 68.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 583.45 Gb Total Space | 491.32 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
     
    Computer Name: CELIA-PC | User Name: Celia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/05/05 22:09:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Celia\Downloads\Programs Etc\OTL.exe
    PRC - [2014/05/03 18:52:39 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/05/03 18:52:39 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/05/01 19:17:44 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
    PRC - [2014/04/22 19:24:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/05/14 11:01:26 | 004,352,408 | ---- | M] (Telstra) -- C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
    PRC - [2009/10/29 04:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/10/22 02:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
    PRC - [2009/07/29 13:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/07/14 11:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    PRC - [2009/02/21 02:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/05/03 18:52:43 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/05/01 19:17:44 | 016,351,920 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_206.dll
    MOD - [2014/04/22 19:25:22 | 003,845,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2014/02/13 08:11:56 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
    MOD - [2014/02/13 08:11:30 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
    MOD - [2014/02/13 08:11:17 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
    MOD - [2014/02/13 08:11:11 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
    MOD - [2014/02/13 08:11:09 | 000,060,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\549aa924ef5af7232f4024eb6f8cb97a\UIAutomationProvider.ni.dll
    MOD - [2014/02/13 08:11:09 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
    MOD - [2014/02/13 08:11:08 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
    MOD - [2014/02/13 08:10:59 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
    MOD - [2014/02/13 08:10:51 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/02/13 08:10:42 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV - [2014/05/05 20:39:53 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/05/03 18:52:39 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/04/22 19:25:14 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/03/06 17:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/27 14:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/05/25 07:53:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/11/06 02:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/10/31 05:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2009/10/30 07:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/10/28 13:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
    SRV - [2009/10/22 03:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2009/10/22 02:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
    SRV - [2009/10/07 02:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/10/03 06:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/10/01 12:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/10/01 12:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/09/29 07:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV - [2009/07/29 08:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2009/02/21 02:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/01/05 12:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Celia\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2014/05/03 18:52:47 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/05/03 18:52:47 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/05/03 18:52:47 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/05/03 18:52:47 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2014/05/03 18:52:47 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/05/03 18:52:47 | 000,067,776 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
    DRV - [2014/05/03 18:52:47 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/05/03 18:52:47 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswKbd.sys -- (aswKbd)
    DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2010/01/16 01:02:20 | 009,927,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/12/28 15:05:06 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
    DRV - [2009/10/27 05:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2009/10/03 06:33:24 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
    DRV - [2009/09/24 03:25:18 | 000,120,432 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
    DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
    DRV - [2009/08/22 06:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/07/31 14:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
    DRV - [2009/07/31 10:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2009/07/25 08:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/07/15 08:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2009/07/14 15:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/06/30 09:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
    DRV - [2009/06/30 03:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
    DRV - [2009/06/30 03:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
    DRV - [2009/06/23 10:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
    DRV - [2009/06/20 12:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
    DRV - [2009/06/12 06:05:04 | 000,626,688 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
    DRV - [2009/05/20 14:59:00 | 000,011,776 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
    DRV - [2008/04/29 11:00:30 | 000,007,168 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
    DRV - [2008/04/25 11:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)
    DRV - [2007/04/18 13:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSAU
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSAU_enAU380
    IE - HKCU\..\SearchScopes\{FFF91CB7-B0E0-413C-B92E-96DAFB43BBB6}: "URL" = http://websearch.ask...6D-1A043048EC60
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
    FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
    FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.2.0
    FF - prefs.js..extensions.enabledItems: [email protected]:2.1.5
    FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.96
    FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0.23
    FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10
    FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20120202
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/03 18:52:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/29 18:25:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/29 18:25:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/05/05 21:19:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
     
    [2010/05/23 15:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Extensions
    [2014/05/05 14:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions
    [2013/08/18 18:25:02 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
    [2014/05/05 14:26:53 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
    [2014/05/05 14:44:14 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
    [2010/05/23 16:59:40 | 000,000,000 | ---D | M] (Pimpoflage) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
    [2012/02/14 07:50:31 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
    [2014/02/26 09:30:41 | 002,873,766 | ---- | M] () (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
    [2013/05/06 09:34:44 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
    [2014/01/18 21:31:49 | 000,002,541 | ---- | M] () -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\searchplugins\ask-search.xml
    [2013/09/11 13:33:57 | 000,002,343 | ---- | M] () -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\searchplugins\askcom.xml
    [2014/04/27 21:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2014/03/29 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2014/03/29 18:25:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2014/03/29 18:25:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2014/05/01 19:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/05/05 14:13:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2014/05/03 18:52:53 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
     
    O1 HOSTS File: ([2010/11/07 22:47:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.133.45 10.5.136.242
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: DhcpNameServer = 10.1.1.1 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: NameServer = 208.67.222.222,4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1D94B21-0440-49D0-84F0-A572D804475D}: DhcpNameServer = 10.5.133.45 10.5.136.242
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/05/03 18:57:39 | 000,000,000 | ---D | C] -- C:\Users\Celia\AppData\Roaming\AVAST Software
    [2014/05/03 18:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/05/03 18:53:04 | 000,776,976 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
    [2014/05/03 18:53:04 | 000,067,776 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswStm.sys
    [2014/05/03 18:53:02 | 000,411,552 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
    [2014/05/03 18:53:02 | 000,067,824 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
    [2014/05/03 18:53:01 | 000,081,768 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
    [2014/05/03 18:52:47 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
    [2014/05/03 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/05/03 18:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/04/30 20:54:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2014/04/30 20:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2014/04/30 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2014/04/29 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\Celia\AppData\Local\Programs
    [2014/04/20 10:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/05/05 21:55:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/05 21:24:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2014/05/05 21:19:13 | 000,002,031 | ---- | M] () -- C:\Users\Celia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2014/05/05 21:19:13 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    [2014/05/05 19:15:19 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/05 19:15:19 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/05 19:07:26 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/05 19:06:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/05/05 19:06:30 | 2407,735,296 | -HS- | M] () -- C:\hiberfil.sys
    [2014/05/05 14:13:54 | 000,002,005 | ---- | M] () -- C:\Users\Celia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/05/05 14:13:54 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/05/03 18:53:51 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/05/03 18:52:47 | 000,776,976 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
    [2014/05/03 18:52:47 | 000,411,552 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
    [2014/05/03 18:52:47 | 000,271,264 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
    [2014/05/03 18:52:47 | 000,180,632 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
    [2014/05/03 18:52:47 | 000,081,768 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
    [2014/05/03 18:52:47 | 000,067,824 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
    [2014/05/03 18:52:47 | 000,067,776 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswStm.sys
    [2014/05/03 18:52:47 | 000,049,944 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
    [2014/05/03 18:52:47 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
    [2014/05/03 18:52:47 | 000,024,184 | ---- | M] () -- C:\windows\System32\drivers\aswHwid.sys
    [2014/05/03 17:24:21 | 000,761,788 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2014/05/03 17:24:21 | 000,163,180 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2014/04/30 20:54:17 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2014/04/16 20:55:10 | 000,006,144 | ---- | M] () -- C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== Files Created - No Company Name ==========
     
    [2014/05/03 18:53:51 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/05/03 18:53:04 | 000,180,632 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
    [2014/05/03 18:53:02 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
    [2014/05/03 18:53:02 | 000,024,184 | ---- | C] () -- C:\windows\System32\drivers\aswHwid.sys
    [2014/05/01 19:33:35 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
    [2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
    [2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
    [2011/01/17 12:33:49 | 000,006,144 | ---- | C] () -- C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/14 20:29:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/05/22 11:05:14 | 003,093,504 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
    [2010/05/22 11:01:38 | 127,951,849 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
    [2010/05/22 10:13:06 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
     
    ========== ZeroAccess Check ==========
     
    [2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2014/05/03 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\AVAST Software
    [2010/05/26 10:25:10 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\FireShot
    [2013/02/03 17:46:24 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\InterVideo
    [2014/01/25 11:38:57 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\OpenOffice
    [2010/07/08 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\OpenOffice.org
    [2010/07/16 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Sierra Wireless
    [2012/03/05 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Thunderbird
    [2010/07/09 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Toshiba
    [2011/09/17 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Ulead Systems
    [2010/08/08 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\WinBatch
     
    ========== Purity Check ==========
     
     

    < End of report >
     


    • 0

    #4
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Java uninstalled. When I tried to clear the java cache I went to control panel & searched on 'java control panel' but got no results


    • 0

    #5
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Now just running firefox in safe mode with 12 tabs open (about normal for me) and just on battery power-will see how this goes while I continue with your instructions


    • 0

    #6
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    battery cut out @ 87% with the above. have now taken it out. Not running firefox in safe mode but haven't touched it otherwise. Did that disk check thing but it only lasted about 20 seconds, not an hour...perhaps I did something wrong there??


    • 0

    #7
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    I did the windows check thing and it said "windows resource protection did not find any integrity violations".

     

    I'm a bit confused about what to do next as I'm not sure what the "VEW step" is. So rather than do the wrong thing I'll leave it here for tonight.


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,021 posts
    • MVP

    The idea of running Firefox in Safe Mode is to see if the crashes stop.  If they do then you can disable some of your extensions and see if it still crashes.  The idea is to isolate the problem to one or more extensions or plugins and then uninstall the culprit(s).  Since you love the Dark Theme, try running it without any other extensions  and see if the crashes stop.

     

    Your OTL log is the original log you first posted.  I need the one created when you ran OTL with the Fix I gave you.

     

    VEW is:

     

    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.

    • 0

    #9
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Firefox seems to be fine so far- I left it on all night and all day so far today (1.30pm here now), no crashes at all. I reinstalled the dark theme, it says its installed but what I see is the default theme. I also re-added no squint this morning & removed pimpoflage and something else as I never needed them.

     

    *cannot* find that otl log...searched on 'computer' and only see that first one.


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,021 posts
    • MVP

    Make sure you are running Firefox in regular mode.  You may have to go in to the Add-ons and enable (Always Activate) the extensions and plugins.

     

    Assuming you ran the Fix for OTL and it worked so go ahead and run OTL Quickscan and post the log.


    • 0

    Advertisements


    #11
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    Addendum-restarted again & the dark theme is working.


    • 0

    #12
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    OTL logfile created on: 5/7/2014 1:43:08 PM - Run 5
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Celia\Downloads\Programs Etc
     Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
     
    2.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 63.05% Memory free
    5.98 Gb Paging File | 4.81 Gb Available in Paging File | 80.43% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 583.45 Gb Total Space | 490.09 Gb Free Space | 84.00% Space Free | Partition Type: NTFS
     
    Computer Name: CELIA-PC | User Name: Celia | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/05/05 22:09:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Celia\Downloads\Programs Etc\OTL.exe
    PRC - [2014/05/03 18:52:39 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2014/05/03 18:52:39 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2014/05/01 19:17:44 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
    PRC - [2014/04/22 19:24:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/11/23 12:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/05/14 11:01:26 | 004,352,408 | ---- | M] (Telstra) -- C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
    PRC - [2009/10/29 04:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/10/22 02:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
    PRC - [2009/07/29 13:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/07/14 11:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    PRC - [2009/02/21 02:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/05/03 18:52:43 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
    MOD - [2014/05/01 19:17:44 | 016,351,920 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_206.dll
    MOD - [2014/04/22 19:25:22 | 003,845,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2014/02/13 08:11:56 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
    MOD - [2014/02/13 08:11:30 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
    MOD - [2014/02/13 08:11:08 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
    MOD - [2014/02/13 08:10:59 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
    MOD - [2014/02/13 08:10:51 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
    MOD - [2014/02/13 08:10:42 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV - [2014/05/05 20:39:53 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/05/03 18:52:39 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2014/04/22 19:25:14 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/03/06 17:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV - [2013/12/21 16:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/27 14:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/05/25 07:53:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/11/06 02:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/10/31 05:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV - [2009/10/30 07:09:00 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/10/28 13:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
    SRV - [2009/10/22 03:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2009/10/22 02:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
    SRV - [2009/10/07 02:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/10/03 06:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/10/01 12:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/10/01 12:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/09/29 07:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV - [2009/07/29 08:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/03/11 11:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2009/02/21 02:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/01/05 12:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - [2014/05/03 18:52:47 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2014/05/03 18:52:47 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2014/05/03 18:52:47 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2014/05/03 18:52:47 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2014/05/03 18:52:47 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2014/05/03 18:52:47 | 000,067,776 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
    DRV - [2014/05/03 18:52:47 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2014/05/03 18:52:47 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
    DRV - [2012/03/07 10:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswKbd.sys -- (aswKbd)
    DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2010/01/27 10:47:30 | 000,105,856 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2010/01/16 01:02:20 | 009,927,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/12/28 15:05:06 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
    DRV - [2009/10/27 05:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2009/10/03 06:33:24 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
    DRV - [2009/09/24 03:25:18 | 000,120,432 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
    DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
    DRV - [2009/08/22 06:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/07/31 14:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
    DRV - [2009/07/31 10:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2009/07/25 08:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/07/15 08:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2009/07/14 15:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/06/30 09:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
    DRV - [2009/06/30 03:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
    DRV - [2009/06/30 03:17:00 | 000,059,904 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
    DRV - [2009/06/23 10:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
    DRV - [2009/06/20 12:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
    DRV - [2009/06/12 06:05:04 | 000,626,688 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
    DRV - [2009/05/20 14:59:00 | 000,011,776 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhid.sys -- (enecirhid)
    DRV - [2008/04/29 11:00:30 | 000,007,168 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
    DRV - [2008/04/25 11:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecirhidma.sys -- (enecirhidma)
    DRV - [2007/04/18 13:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSAU
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSAU_enAU380
    IE - HKCU\..\SearchScopes\{FFF91CB7-B0E0-413C-B92E-96DAFB43BBB6}: "URL" = http://websearch.ask...6D-1A043048EC60
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.order.1: "Google"
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
    FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
    FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.2.0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/03 18:52:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/29 18:25:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/29 18:25:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/05/05 21:19:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
     
    [2010/05/23 15:57:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Extensions
    [2014/05/07 09:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions
    [2014/05/07 09:36:48 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
    [2014/05/07 09:43:09 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\extensions\[email protected]
    [2014/01/18 21:31:49 | 000,002,541 | ---- | M] () -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\searchplugins\ask-search.xml
    [2013/09/11 13:33:57 | 000,002,343 | ---- | M] () -- C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\n3tapefa.default\searchplugins\askcom.xml
    [2014/05/06 21:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2014/05/01 19:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/05/05 14:13:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2014/05/03 18:52:53 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
     
    O1 HOSTS File: ([2010/11/07 22:47:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.136.242 10.5.133.45
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: DhcpNameServer = 10.1.1.1 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB134228-DF8D-48AE-BD71-FD0A86931D1C}: NameServer = 208.67.222.222,4.2.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1D94B21-0440-49D0-84F0-A572D804475D}: DhcpNameServer = 10.5.136.242 10.5.133.45
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/05/07 03:00:39 | 000,000,000 | --SD | C] -- C:\windows\System32\CompatTel
    [2014/05/03 18:57:39 | 000,000,000 | ---D | C] -- C:\Users\Celia\AppData\Roaming\AVAST Software
    [2014/05/03 18:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/05/03 18:53:04 | 000,776,976 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
    [2014/05/03 18:53:04 | 000,067,776 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswStm.sys
    [2014/05/03 18:53:02 | 000,411,552 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
    [2014/05/03 18:53:02 | 000,067,824 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
    [2014/05/03 18:53:01 | 000,081,768 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
    [2014/05/03 18:52:47 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
    [2014/05/03 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/05/03 18:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/04/30 20:54:17 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2014/04/30 20:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2014/04/30 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2014/04/29 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\Celia\AppData\Local\Programs
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/05/07 13:44:16 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/05/07 13:44:16 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/05/07 13:37:05 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/05/07 13:36:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/05/07 13:36:46 | 2407,735,296 | -HS- | M] () -- C:\hiberfil.sys
    [2014/05/07 13:24:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2014/05/07 12:55:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/05/05 21:19:13 | 000,002,031 | ---- | M] () -- C:\Users\Celia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
    [2014/05/05 21:19:13 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
    [2014/05/05 14:13:54 | 000,002,005 | ---- | M] () -- C:\Users\Celia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/05/05 14:13:54 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2014/05/03 18:53:51 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/05/03 18:52:47 | 000,776,976 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
    [2014/05/03 18:52:47 | 000,411,552 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
    [2014/05/03 18:52:47 | 000,271,264 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
    [2014/05/03 18:52:47 | 000,180,632 | ---- | M] () -- C:\windows\System32\drivers\aswVmm.sys
    [2014/05/03 18:52:47 | 000,081,768 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
    [2014/05/03 18:52:47 | 000,067,824 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
    [2014/05/03 18:52:47 | 000,067,776 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswStm.sys
    [2014/05/03 18:52:47 | 000,049,944 | ---- | M] () -- C:\windows\System32\drivers\aswRvrt.sys
    [2014/05/03 18:52:47 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
    [2014/05/03 18:52:47 | 000,024,184 | ---- | M] () -- C:\windows\System32\drivers\aswHwid.sys
    [2014/05/03 17:24:21 | 000,761,788 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2014/05/03 17:24:21 | 000,163,180 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2014/04/30 20:54:17 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2014/04/16 20:55:10 | 000,006,144 | ---- | M] () -- C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
    ========== Files Created - No Company Name ==========
     
    [2014/05/03 18:53:51 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/05/03 18:53:04 | 000,180,632 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
    [2014/05/03 18:53:02 | 000,049,944 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
    [2014/05/03 18:53:02 | 000,024,184 | ---- | C] () -- C:\windows\System32\drivers\aswHwid.sys
    [2014/05/01 19:33:35 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys.sum
    [2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSP.sys.sum
    [2013/08/23 22:45:06 | 000,000,175 | ---- | C] () -- C:\windows\System32\drivers\aswSnx.sys.sum
    [2011/01/17 12:33:49 | 000,006,144 | ---- | C] () -- C:\Users\Celia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/14 20:29:32 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/05/22 11:05:14 | 003,093,504 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
    [2010/05/22 11:01:38 | 127,951,849 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
    [2010/05/22 10:13:06 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
     
    ========== ZeroAccess Check ==========
     
    [2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 11:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2014/05/03 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\AVAST Software
    [2010/05/26 10:25:10 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\FireShot
    [2013/02/03 17:46:24 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\InterVideo
    [2014/01/25 11:38:57 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\OpenOffice
    [2010/07/08 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\OpenOffice.org
    [2010/07/16 16:41:01 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Sierra Wireless
    [2012/03/05 19:41:17 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Thunderbird
    [2010/07/09 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Toshiba
    [2011/09/17 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\Ulead Systems
    [2010/08/08 15:58:44 | 000,000,000 | ---D | M] -- C:\Users\Celia\AppData\Roaming\WinBatch
     
    ========== Purity Check ==========
     
     

    < End of report >


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,021 posts
    • MVP
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then do the part in the box otherwise skip to the VEW step.:
     

    Copy the next two lines:


    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 


    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
     
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy  (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
     
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
     

     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
     
    •  
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
    • Press Scan button. 
    • It will produce a log called FRST.txt in the same directory the tool is run from.  
    • Please copy and paste log back here. 
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
     
     
     

    • 0

    #14
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    I did the sfc/scannow thing, then went to the VEW step and it said 'the system cannot find the path specified'


    • 0

    #15
    andrea22

    andrea22

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 139 posts

    so I tried it again without pressing enter between the two lines and it said 'cannot open notepad\windows\logs\cbs\junk.txt


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP