|
#1
May 23rd, 2012, 10:05 AM
|
|||
|
|||
|
Iso some assistance
my girlfreinds computer seems to run very slow, she had used to download torrents in the past but i have removed all programs to do so and no longer allow her to use her computer for anything other than web browsing due to the fact she always seem to create a disaster and leaves me to solve. im afraid she might have some sort of malware on her laptop causing it to run very slow and load everything at extreme slow speeds, it wasnt like this when she bought it. thanks in advance
|
|
#2
May 25th, 2012, 12:23 AM
|
||||
|
||||
|
Hello Compton856,
Let's take a look. If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#3
June 3rd, 2012, 09:34 AM
|
|||
|
|||
|
sorry for the delayed reply..... been extremely busy with new baby boy. OTL didnt open and extras.txt or save one to my desktop for that matter, here's the OTL.txt
OTL logfile created on: 03/06/2012 12:53:13 AM - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\nicole\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 2.87 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 44.01% Memory free 5.94 Gb Paging File | 4.19 Gb Available in Paging File | 70.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 214.55 Gb Total Space | 53.95 Gb Free Space | 25.15% Space Free | Partition Type: NTFS Drive D: | 7.93 Gb Total Space | 7.86 Gb Free Space | 99.16% Space Free | Partition Type: NTFS Computer Name: NICOLE-PC | User Name: nicole | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/03 00:50:27 | 000,451,704 | ---- | M] (ESET, spol. s r.o.) -- C:\Program Files (x86)\ESET\UpdateReminder.exe PRC - [2012/05/23 14:51:08 | 000,170,152 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe PRC - [2012/05/15 22:33:38 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012/01/20 18:11:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\nicole\Desktop\OTL.exe PRC - [2010/01/06 14:43:35 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files (x86)\ESET\nod32krn.exe PRC - [2009/04/10 23:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008/04/17 10:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe PRC - [2008/04/17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2008/04/03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2012/05/23 14:51:08 | 000,170,152 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe MOD - [2012/05/15 22:33:38 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/05/15 12:58:57 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_235.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2008/08/25 09:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv) SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV:64bit: - [2007/11/21 16:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2007/10/17 08:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService) SRV - [2012/05/15 22:33:39 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/05/15 12:58:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/06 14:43:35 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files (x86)\Eset\nod32krn.exe -- (NOD32krn) SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi) SRV - [2008/04/03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash) SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/01/07 01:38:19 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010/01/06 14:43:35 | 000,146,704 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amon.sys -- (AMON) DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/08/27 06:42:50 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec) DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr) DRV:64bit: - [2008/07/29 05:05:00 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr) DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2008/06/26 16:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR) DRV:64bit: - [2008/06/19 21:37:24 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:64bit: - [2008/06/12 03:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:64bit: - [2008/04/28 16:59:26 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2008/04/14 19:14:40 | 000,062,040 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR) DRV:64bit: - [2008/04/07 19:46:44 | 000,051,928 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR) DRV:64bit: - [2008/04/03 19:57:00 | 000,404,992 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2008/03/25 01:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2008/03/25 01:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL) DRV:64bit: - [2008/03/25 01:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2008/03/03 19:32:00 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007/12/11 14:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2007/11/29 18:58:00 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2007/10/17 08:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio) DRV:64bit: - [2007/04/09 01:15:44 | 000,009,728 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem) DRV:64bit: - [2006/06/18 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - [2009/05/07 21:05:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/01 03:15:04] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3074349 IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\..\URLSearchHook: {f2c43291-151e-499c-98a7-923c120b88fa} - No CLSID value found IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.6.0.15 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_20 2_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/08/22 15:04:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 22:33:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/15 13:36:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/08/22 15:04:49 | 000,000,000 | ---D | M] [2009/08/29 04:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nicole\AppData\Roaming\Mozilla\Extensions [2012/05/22 23:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\extensions [2010/05/24 16:07:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/12/27 19:14:45 | 000,000,000 | ---D | M] (PhotoJoy US Community Toolbar) -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\extensions\{f2c43291-151e-499c-98a7-923c120b88fa}(396) [2011/10/03 19:09:44 | 000,000,000 | ---D | M] (Facecons) -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\extensions\facecons@faceco ns.com [2011/09/27 13:43:00 | 000,000,925 | ---- | M] () -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\searchplugins\conduit.xml [2012/05/15 22:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/15 22:33:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/15 13:35:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/01/11 23:13:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/01/11 23:13:29 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\Facecons\Facecons.dll (Facecons) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3:64bit: - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony) O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe (Corel Corporation) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe" File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [nod32kui] C:\Program Files (x86)\Eset\nod32kui.exe (Eset ) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateReminder] C:\Program Files (x86)\Eset\UpdateReminder.exe (ESET, spol. s r.o.) O4 - HKU\.DEFAULT..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKU\.DEFAULT..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000..\Run: [cdloader] C:\Users\nicole\AppData\Roaming\mjusbsp\cdloader2. exe (magicJack L.P.) O4 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000..\Run: [PhotoJoy] C:\Program Files (x86)\PhotoJoy\bin\PhotoJoy.exe /c File not found O4 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O7 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8877BF25-8C62-4305-9239-C005F2E68510}: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8B18A406-AA86-4A28-96CC-E9D696C4EB0B}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/05/23 14:52:59 | 000,000,000 | ---D | C] -- C:\Users\nicole\AppData\Roaming\Visan [2012/05/23 14:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2012/05/22 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\nicole\Desktop\Picturez [2012/05/22 23:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/05/22 23:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/05/22 23:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/05/22 23:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/05/15 22:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/15 22:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/05/15 13:24:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll [2012/05/15 13:24:45 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012/05/15 13:24:45 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/05/15 13:24:45 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012/05/15 13:24:45 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012/05/15 13:24:45 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012/05/15 13:24:31 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010/01/07 01:38:19 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\nicole\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/03 00:53:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/03 00:50:27 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun [2012/06/03 00:47:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/03 00:47:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/03 00:46:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/03 00:46:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/03 00:46:46 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012/06/03 00:46:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/23 14:51:40 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2012/05/23 14:24:16 | 000,088,576 | ---- | M] () -- C:\Users\nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/22 23:51:26 | 000,609,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/22 23:51:26 | 000,109,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/22 23:51:25 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/22 23:37:11 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/22 23:22:44 | 3079,524,352 | -HS- | M] () -- C:\hiberfil.sys [2012/05/21 19:46:49 | 000,000,732 | ---- | M] () -- C:\Users\nicole\AppData\Local\d3d9caps64.dat [2012/05/16 03:42:57 | 000,326,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/15 12:58:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/05/15 12:58:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/05/15 12:32:36 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/03 00:50:27 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun [2012/05/23 14:51:41 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2012/05/22 23:37:11 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/05 17:37:44 | 000,000,732 | ---- | C] () -- C:\Users\nicole\AppData\Local\d3d9caps64.dat [2011/03/14 15:06:45 | 000,077,407 | ---- | C] () -- C:\Windows\hpqins05.dat [2010/08/22 14:42:10 | 000,165,379 | ---- | C] () -- C:\Windows\hpoins29.dat [2010/08/01 13:05:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/08/01 12:54:21 | 000,000,000 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\wklnhst.dat [2010/06/05 11:09:06 | 000,005,972 | ---- | C] () -- C:\Users\nicole\AppData\Local\d3d9caps.dat [2010/01/07 01:41:42 | 000,000,668 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\vso_ts_preview.xml [2010/01/07 01:38:19 | 000,099,384 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\inst.exe [2010/01/07 01:38:19 | 000,007,859 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\pcouffin.cat [2010/01/07 01:38:19 | 000,001,167 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\pcouffin.inf [2009/09/01 03:47:01 | 000,088,576 | ---- | C] () -- C:\Users\nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/28 22:00:52 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2009/08/23 23:39:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/08/23 23:39:21 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009/08/23 23:38:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/08/22 23:47:09 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.b in [2009/08/22 15:55:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2009/08/22 15:55:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2009/08/22 15:55:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2009/08/22 15:55:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2009/08/22 15:55:01 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2009/08/22 15:55:01 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2009/08/22 15:51:44 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini [2009/08/22 15:51:44 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll [2009/08/22 15:51:44 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini [2008/06/26 23:01:30 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2008/06/26 23:01:28 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin [2008/06/26 23:01:25 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2008/05/28 17:01:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008/05/04 17:13:43 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI < End of report >
|
|
#4
June 3rd, 2012, 10:06 AM
|
|||
|
|||
|
just finished running GMER and a pop up came up after it finished like a 30 minutes scan
"GMER Hasn't Found Any System Modifications" wasn't anything on the page for me to copy and paste
|
|
#5
June 3rd, 2012, 10:18 AM
|
|||
|
|||
|
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-08 11:31:28 ----------------------------- 11:31:28.105 OS Version: Windows x64 6.0.6002 Service Pack 2 11:31:28.105 Number of processors: 2 586 0xF0D 11:31:28.106 ComputerName: NICOLE-PC UserName: nicole 11:31:29.617 Initialize success 11:50:22.947 AVAST engine defs: 12020800 11:54:40.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:54:40.033 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3 11:54:40.065 Disk 0 MBR read successfully 11:54:40.069 Disk 0 MBR scan 11:54:40.076 Disk 0 Windows VISTA default MBR code 11:54:40.082 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 11:54:40.104 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 219702 MB offset 3074048 11:54:40.141 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9156 MB offset 453023744 11:54:40.163 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 8116 MB offset 471775232 11:54:40.176 Service scanning 11:54:43.279 Modules scanning 11:54:43.283 Disk 0 trace - called modules: 11:54:43.343 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll 11:54:43.349 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f34790] 11:54:43.354 3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> [0xfffffa80032179b0] 11:54:43.361 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80032a5050] 11:54:44.362 AVAST engine scan C:\Windows 11:54:47.752 AVAST engine scan C:\Windows\system32 11:58:29.212 AVAST engine scan C:\Windows\system32\drivers 11:58:48.616 AVAST engine scan C:\Users\nicole 12:09:56.312 AVAST engine scan C:\ProgramData 12:13:31.637 Scan finished successfully 16:50:27.093 Disk 0 MBR has been saved successfully to "C:\Users\nicole\Documents\MBR.dat" 16:50:27.098 The log file has been saved successfully to "C:\Users\nicole\Documents\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-06-03 02:08:32 ----------------------------- 02:08:32.559 OS Version: Windows x64 6.0.6002 Service Pack 2 02:08:32.559 Number of processors: 2 586 0xF0D 02:08:32.560 ComputerName: NICOLE-PC UserName: nicole 02:08:35.018 Initialize success 02:10:42.029 AVAST engine defs: 12060300 02:11:11.209 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 02:11:11.212 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3 02:11:11.244 Disk 0 MBR read successfully 02:11:11.247 Disk 0 MBR scan 02:11:11.254 Disk 0 Windows VISTA default MBR code 02:11:11.261 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 02:11:11.283 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 219702 MB offset 3074048 02:11:11.320 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9156 MB offset 453023744 02:11:11.341 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 8116 MB offset 471775232 02:11:11.422 Disk 0 scanning C:\Windows\system32\drivers 02:11:24.297 Service scanning 02:12:16.462 Modules scanning 02:12:16.470 Disk 0 trace - called modules: 02:12:16.493 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll 02:12:16.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f1a790] 02:12:16.504 3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> [0xfffffa800321ae40] 02:12:16.512 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003281050] 02:12:18.079 AVAST engine scan C:\Windows 02:12:23.024 AVAST engine scan C:\Windows\system32 02:17:07.667 AVAST engine scan C:\Windows\system32\drivers 02:17:30.103 AVAST engine scan C:\Users\nicole 02:18:25.596 Disk 0 MBR has been saved successfully to "C:\Users\nicole\Documents\MBR.dat" 02:18:25.603 The log file has been saved successfully to "C:\Users\nicole\Documents\aswMBR.txt"
|
|
#6
June 4th, 2012, 01:49 AM
|
||||
|
||||
|
The logs show some adware/spyware, but you didn't post the second OTL log, Extras.Txt. Located in the same place as you have OTL.exe. \
If there was no log, download HijackThis from Here. Then click on the downloaded file, and install HijackThis. In HijackThis, click Config - Misc Tools - Open Uninstall Manager. Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
|
|
#7
June 4th, 2012, 09:19 AM
|
|||
|
|||
|
Yes as i said in previous post it didnt provide me with a Extras.txt after the scan. heres the info as requested from HIJACKTHIS
Adobe Reader 8.3.1 Advertising Center Apple Application Support Apple Software Update Ashampoo Burning Studio 9.20 Ask Toolbar Atheros Driver Installation Program Atheros Wi-Fi Protected Setup Library Camera Assistant Software for Toshiba CCleaner (remove only) CD/DVD Drive Acoustic Silencer Compatibility Pack for the 2007 Office system ConvertXtoDVD 3.0.0.1 CorelDRAW Graphics Suite 12 CyberLink PowerDVD 9 CyberLink PowerDVD 9 D3DX10 DolbyFiles Dream Aquarium DVD MovieFactory for TOSHIBA Facecons GearDrvs Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Google Update Helper HDMI Control Manager HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Deskjet 3050 J610 series Help HP Photo Creations HP Update Java(TM) 6 Update 31 Junk Mail filter update Mesh Runtime Messenger Companion Microsoft Default Manager Microsoft Office File Validation Add-In Microsoft Office Outlook Connector Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero ControlCenter Nero InCD-Reader Nero Installer Nero MediaHome 4 Nero Move it neroxml NetWaiting NOD32 antivirus system OnlinePlay 1.0 Panda ActiveScan 2.0 QuickTime Safari SecurDisc Viewer Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Segoe UI Toshiba Assist TOSHIBA ConfigFree TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Face Recognition TOSHIBA Hardware Setup Toshiba Registration TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mail Windows Live Mesh Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Common Windows Live Photo Gallery Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Media Encoder 9 Series
|
|
#8
June 5th, 2012, 12:54 AM
|
||||
|
||||
|
Sorry, I overlooked your mention of that second OTL log, And forgot to congratulate you on the wonderful experiences you are having now with a new child. Let's remove some junk, then scan-check after.
Be sure to continue to temporarily disable any protective software when making changes/running the scan tools we use here. Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change". Ask Toolbar - Adware, spyware, search hijacker. Facecons - Adware. The majority of third party programs connected to Facebook have some undesirable function. Some others to consider uninstalling: Mozilla Maintenance Service - A newish Firefox application that self-updates Firefox, and I assume other things. Been problems with it, so may want to just remove it. Google Toolbar for Internet Explorer - if you don't use it, it's a resource waste. Google Update Helper Installed with all Google software - runs at startup with no way to stop that, and can slow startups. --------- In Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart". Reset toolbars and controls Reset all user preferences to Firefox defaults Restore default search engines You can change those later to whatever you prefer, but for now, Conduit has installed one of it's usual hijackers, and will leave unwanted hijack settings behind even if uninstalled. --------- Open and update Malwarebytes. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. --------------- Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner. If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes: Remove found threats Scan unwanted applications Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives). Then click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology Click Start. This scan may take a while, so please be patient. If infection is found, at the end of the scan click "List of found threats". In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please. Post that log and the Malwarebytes log please. I am not real sure Eset, which is NOD, will work with it installed, but please try that step anyway.
|
|
#9
June 5th, 2012, 08:58 PM
|
|||
|
|||
|
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org Database version: v2012.06.05.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 nicole :: NICOLE-PC [administrator] Protection: Enabled 05/06/2012 12:54:51 PM mbam-log-2012-06-05 (12-54-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210850 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
|
|
#10
June 5th, 2012, 11:05 PM
|
|||
|
|||
|
Scanned with eset and came up clean... I selected the uninstall app option when it was done
|
|
#12
June 9th, 2012, 06:13 AM
|
|||
|
|||
|
nope everything is great i guess thank you very much for your time
|
|
#13
June 9th, 2012, 11:31 PM
|
||||
|
||||
|
Always glad to be helpful. Just some additional changes to wrap things up here.
The logs show you have slightly outdated versions of vulnerable programs, so Go to each of these sites and update to the latest version (keep your eyes open - they often slide in "opportunities" for things like Google, or McAfee's scanner): http://www.adobe.com/downloads/ (For Adobe Reader and Flash Player - uncheck the useless McAfee scan, if offered) http://java.com/en/download/manual.jsp (For Java 7 Update 4 - trying to slip Ask adware/spyware to systems lately, so watch and uncheck it) Once you have done that, be sure to go to Programs and Features and uninstall any older, more vulnerable Java versions. ------------ Eset, if you don't plan to use it again, uninstalls through the Control Panel - Programs and Features. You can also at this time delete the files/folders of the tools we used. To assist with some of that run OTL again. This will help by automatically removing some of the tools we used. Just click CleanUp, and select Yes. When it finishes removing some of the tools and files we used there just agree to the reboot. In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 07:14 PM.
