Hi,
Thanks a lot; nothing blonde about what you’ve said so far. Quite the opposite!
Here’s the frst report (but no sign of an addition.txt report… Is that a problem?). Text below and file attached.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by SYSTEM on 30-07-2013 23:49:21
Running from G:
Windows 7 Starter (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM.…\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM.…\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [1891720 2010-03-25] (ELAN Microelectronics Corp.)
HKLM.…\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM.…\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM.…\Run: [DATAMNGR] - C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM.…\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-02-19] (Geek Software GmbH)
HKLM.…\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM.…\Run: [SearchProtection] - C:\ProgramData\Search Protection_run.bat
HKLM.…\Run: [Ad-Aware Antivirus] - “C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher” --windows-run
HKLM.…\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM.…\RunOnce: [*Restore] - C:\windows\system32\rstrui.exe /RUNONCE [262656 2009-07-13] (Microsoft Corporation)
HKLM.…\InprocServer32: [Default-cscui] <==== ATTENTION!
HKU\Tiph.…\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-02-28] (Skype Technologies S.A.)
========================== Services (Whitelisted) =================
S2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-17] (Lavasoft Limited)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-19] (GFI Software)
==================== Drivers (Whitelisted) ====================
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [6602 2013-06-27] ()
S3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [109056 2010-03-31] (ELAN Microelectronics Corp.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-04-10] (GFI Software)
S1 RapportCerberus_55550; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_55550.sys [330960 2013-06-17] ()
S1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [148688 2013-06-19] (Trusteer Ltd.)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [56464 2013-06-17] (Trusteer Ltd.)
S1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [222192 2013-06-19] (Trusteer Ltd.)
S3 rtport; C:\windows\system32\drivers\rtport.sys [15656 2010-08-04] (Windows (R) 2003 DDK 3790 provider)
S1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-27] (SAMSUNG ELECTRONICS)
S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-01 21:05 - 2009-11-19 11:15 - 02824704 _____ (Askey Computer Corporation.) C:\Windows\System32\AInst3141.exe
2
==================== One Month Modified Files and Folders =======
2013-07-04 01:54 - 2010-10-17 11:50 - 00000000 ____D C:\users\Tiph
2013-07-01 21:07 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\com
2013-07-01 21:06 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\IME
2013-07-01 16:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\wfp
2013-07-01 16:28 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM.….exe: exefile => OK
HKLM.…\exefile\DefaultIcon: %1 => OK
HKLM.…\exefile\open\command: “%1” %* => OK
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 1013.3 MB
Available physical RAM: 637.49 MB
Total Pagefile: 1013.3 MB
Available Pagefile: 637.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:85 GB) (Free:6.64 GB) NTFS
Drive d: () (Fixed) (Total:125.78 GB) (Free:11.78 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:20 GB) (Free:6.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (ReatogoPE) (Removable) (Total:0.49 GB) (Free:0.32 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.08 GB) (Free:0.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: E472D3C2)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=84 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=85 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=128 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 502 MB) (Disk ID: 003C4754)
Partition 1: (Active) - (Size=501 MB) - (Type=07 NTFS)
LastRegBack: 2013-06-24 00:34
==================== End Of Log ============================