Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old May 23rd, 2012, 10:05 AM
Compton856 Compton856 is offline
Senior Member
 
Join Date: Nov 2009
O/S: Windows Vista 64-bit
Location: Kelowna B.C
Posts: 119
Iso some assistance

my girlfreinds computer seems to run very slow, she had used to download torrents in the past but i have removed all programs to do so and no longer allow her to use her computer for anything other than web browsing due to the fact she always seem to create a disaster and leaves me to solve. im afraid she might have some sort of malware on her laptop causing it to run very slow and load everything at extreme slow speeds, it wasnt like this when she bought it. thanks in advance
Reply With Quote


  #2  
Old May 25th, 2012, 12:23 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,700
Hello Compton856,

Let's take a look.


If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote
  #3  
Old June 3rd, 2012, 09:34 AM
Compton856 Compton856 is offline
Senior Member
 
Join Date: Nov 2009
O/S: Windows Vista 64-bit
Location: Kelowna B.C
Posts: 119
sorry for the delayed reply..... been extremely busy with new baby boy. OTL didnt open and extras.txt or save one to my desktop for that matter, here's the OTL.txt

OTL logfile created on: 03/06/2012 12:53:13 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\nicole\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 44.01% Memory free
5.94 Gb Paging File | 4.19 Gb Available in Paging File | 70.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.55 Gb Total Space | 53.95 Gb Free Space | 25.15% Space Free | Partition Type: NTFS
Drive D: | 7.93 Gb Total Space | 7.86 Gb Free Space | 99.16% Space Free | Partition Type: NTFS

Computer Name: NICOLE-PC | User Name: nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/03 00:50:27 | 000,451,704 | ---- | M] (ESET, spol. s r.o.) -- C:\Program Files (x86)\ESET\UpdateReminder.exe
PRC - [2012/05/23 14:51:08 | 000,170,152 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
PRC - [2012/05/15 22:33:38 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/20 18:11:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\nicole\Desktop\OTL.exe
PRC - [2010/01/06 14:43:35 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files (x86)\ESET\nod32krn.exe
PRC - [2009/04/10 23:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 10:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008/04/17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/23 14:51:08 | 000,170,152 | ---- | M] () -- C:\ProgramData\HP Photo Creations\MessageCheck.exe
MOD - [2012/05/15 22:33:38 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 12:58:57 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_235.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/08/25 09:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 16:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2007/10/17 08:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2012/05/15 22:33:39 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 12:58:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/06 14:43:35 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files (x86)\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/01/07 01:38:19 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/01/06 14:43:35 | 000,146,704 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amon.sys -- (AMON)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/27 06:42:50 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/07/29 05:05:00 | 001,146,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/26 16:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/19 21:37:24 | 000,126,976 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/06/12 03:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/28 16:59:26 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/14 19:14:40 | 000,062,040 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2008/04/07 19:46:44 | 000,051,928 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2008/04/03 19:57:00 | 000,404,992 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/03/25 01:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/03/25 01:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/03/25 01:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/03 19:32:00 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/12/11 14:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/29 18:58:00 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/10/17 08:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/04/09 01:15:44 | 000,009,728 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2006/06/18 07:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/05/07 21:05:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/01 03:15:04] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3074349
IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\..\URLSearchHook: {f2c43291-151e-499c-98a7-923c120b88fa} - No CLSID value found
IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.6.0.15
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_20 2_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/08/22 15:04:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 22:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/15 13:36:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/08/22 15:04:49 | 000,000,000 | ---D | M]

[2009/08/29 04:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nicole\AppData\Roaming\Mozilla\Extensions
[2012/05/22 23:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\extensions
[2010/05/24 16:07:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/27 19:14:45 | 000,000,000 | ---D | M] (PhotoJoy US Community Toolbar) -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\extensions\{f2c43291-151e-499c-98a7-923c120b88fa}(396)
[2011/10/03 19:09:44 | 000,000,000 | ---D | M] (Facecons) -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\extensions\facecons@faceco ns.com
[2011/09/27 13:43:00 | 000,000,925 | ---- | M] () -- C:\Users\nicole\AppData\Roaming\Mozilla\Firefox\Pr ofiles\0xrt4hku.default\searchplugins\conduit.xml
[2012/05/15 22:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/15 22:33:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/15 13:35:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/11 23:13:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/11 23:13:29 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FACECONS Class) - {B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - C:\Program Files (x86)\Facecons\Facecons.dll (Facecons)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3:64bit: - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe (Corel Corporation)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [nod32kui] C:\Program Files (x86)\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateReminder] C:\Program Files (x86)\Eset\UpdateReminder.exe (ESET, spol. s r.o.)
O4 - HKU\.DEFAULT..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000..\Run: [cdloader] C:\Users\nicole\AppData\Roaming\mjusbsp\cdloader2. exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000..\Run: [PhotoJoy] C:\Program Files (x86)\PhotoJoy\bin\PhotoJoy.exe /c File not found
O4 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-1953393550-712878069-3438162486-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8877BF25-8C62-4305-9239-C005F2E68510}: DhcpNameServer = 64.59.168.13 64.59.168.15 64.59.174.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8B18A406-AA86-4A28-96CC-E9D696C4EB0B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\nicole\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 14:52:59 | 000,000,000 | ---D | C] -- C:\Users\nicole\AppData\Roaming\Visan
[2012/05/23 14:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/05/22 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\nicole\Desktop\Picturez
[2012/05/22 23:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/22 23:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/22 23:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/22 23:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/15 22:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 22:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/15 13:24:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012/05/15 13:24:45 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/15 13:24:45 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/15 13:24:45 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/15 13:24:45 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/15 13:24:45 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/15 13:24:31 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/01/07 01:38:19 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\nicole\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/03 00:53:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 00:50:27 | 000,000,012 | ---- | M] () -- C:\ProgramData\ReminderNextRun
[2012/06/03 00:47:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 00:47:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 00:46:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 00:46:49 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/03 00:46:46 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/06/03 00:46:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/23 14:51:40 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/05/23 14:24:16 | 000,088,576 | ---- | M] () -- C:\Users\nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/22 23:51:26 | 000,609,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/22 23:51:26 | 000,109,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/22 23:51:25 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/22 23:37:11 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/22 23:22:44 | 3079,524,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/21 19:46:49 | 000,000,732 | ---- | M] () -- C:\Users\nicole\AppData\Local\d3d9caps64.dat
[2012/05/16 03:42:57 | 000,326,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/15 12:58:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/15 12:58:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/15 12:32:36 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 00:50:27 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2012/05/23 14:51:41 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/05/22 23:37:11 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 17:37:44 | 000,000,732 | ---- | C] () -- C:\Users\nicole\AppData\Local\d3d9caps64.dat
[2011/03/14 15:06:45 | 000,077,407 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010/08/22 14:42:10 | 000,165,379 | ---- | C] () -- C:\Windows\hpoins29.dat
[2010/08/01 13:05:08 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/01 12:54:21 | 000,000,000 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\wklnhst.dat
[2010/06/05 11:09:06 | 000,005,972 | ---- | C] () -- C:\Users\nicole\AppData\Local\d3d9caps.dat
[2010/01/07 01:41:42 | 000,000,668 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\vso_ts_preview.xml
[2010/01/07 01:38:19 | 000,099,384 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\inst.exe
[2010/01/07 01:38:19 | 000,007,859 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\pcouffin.cat
[2010/01/07 01:38:19 | 000,001,167 | ---- | C] () -- C:\Users\nicole\AppData\Roaming\pcouffin.inf
[2009/09/01 03:47:01 | 000,088,576 | ---- | C] () -- C:\Users\nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/28 22:00:52 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/08/23 23:39:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/23 23:39:21 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/08/23 23:38:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/22 23:47:09 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.b in
[2009/08/22 15:55:01 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2009/08/22 15:55:01 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2009/08/22 15:55:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2009/08/22 15:55:01 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2009/08/22 15:55:01 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2009/08/22 15:55:01 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2009/08/22 15:51:44 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2009/08/22 15:51:44 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2009/08/22 15:51:44 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/06/26 23:01:30 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/06/26 23:01:28 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/06/26 23:01:25 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/05/28 17:01:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/05/04 17:13:43 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >
Reply With Quote
  #4  
Old June 3rd, 2012, 10:06 AM
Compton856 Compton856 is offline
Senior Member
 
Join Date: Nov 2009
O/S: Windows Vista 64-bit
Location: Kelowna B.C
Posts: 119
just finished running GMER and a pop up came up after it finished like a 30 minutes scan
"GMER Hasn't Found Any System Modifications"
wasn't anything on the page for me to copy and paste
Reply With Quote
  #5  
Old June 3rd, 2012, 10:18 AM
Compton856 Compton856 is offline
Senior Member
 
Join Date: Nov 2009
O/S: Windows Vista 64-bit
Location: Kelowna B.C
Posts: 119
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-08 11:31:28
-----------------------------
11:31:28.105 OS Version: Windows x64 6.0.6002 Service Pack 2
11:31:28.105 Number of processors: 2 586 0xF0D
11:31:28.106 ComputerName: NICOLE-PC UserName: nicole
11:31:29.617 Initialize success
11:50:22.947 AVAST engine defs: 12020800
11:54:40.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:54:40.033 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
11:54:40.065 Disk 0 MBR read successfully
11:54:40.069 Disk 0 MBR scan
11:54:40.076 Disk 0 Windows VISTA default MBR code
11:54:40.082 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:54:40.104 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 219702 MB offset 3074048
11:54:40.141 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9156 MB offset 453023744
11:54:40.163 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 8116 MB offset 471775232
11:54:40.176 Service scanning
11:54:43.279 Modules scanning
11:54:43.283 Disk 0 trace - called modules:
11:54:43.343 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
11:54:43.349 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f34790]
11:54:43.354 3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> [0xfffffa80032179b0]
11:54:43.361 5 acpi.sys[fffffa60008f8fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80032a5050]
11:54:44.362 AVAST engine scan C:\Windows
11:54:47.752 AVAST engine scan C:\Windows\system32
11:58:29.212 AVAST engine scan C:\Windows\system32\drivers
11:58:48.616 AVAST engine scan C:\Users\nicole
12:09:56.312 AVAST engine scan C:\ProgramData
12:13:31.637 Scan finished successfully
16:50:27.093 Disk 0 MBR has been saved successfully to "C:\Users\nicole\Documents\MBR.dat"
16:50:27.098 The log file has been saved successfully to "C:\Users\nicole\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 02:08:32
-----------------------------
02:08:32.559 OS Version: Windows x64 6.0.6002 Service Pack 2
02:08:32.559 Number of processors: 2 586 0xF0D
02:08:32.560 ComputerName: NICOLE-PC UserName: nicole
02:08:35.018 Initialize success
02:10:42.029 AVAST engine defs: 12060300
02:11:11.209 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:11:11.212 Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 3
02:11:11.244 Disk 0 MBR read successfully
02:11:11.247 Disk 0 MBR scan
02:11:11.254 Disk 0 Windows VISTA default MBR code
02:11:11.261 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
02:11:11.283 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 219702 MB offset 3074048
02:11:11.320 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9156 MB offset 453023744
02:11:11.341 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 8116 MB offset 471775232
02:11:11.422 Disk 0 scanning C:\Windows\system32\drivers
02:11:24.297 Service scanning
02:12:16.462 Modules scanning
02:12:16.470 Disk 0 trace - called modules:
02:12:16.493 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
02:12:16.498 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f1a790]
02:12:16.504 3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> [0xfffffa800321ae40]
02:12:16.512 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003281050]
02:12:18.079 AVAST engine scan C:\Windows
02:12:23.024 AVAST engine scan C:\Windows\system32
02:17:07.667 AVAST engine scan C:\Windows\system32\drivers
02:17:30.103 AVAST engine scan C:\Users\nicole
02:18:25.596 Disk 0 MBR has been saved successfully to "C:\Users\nicole\Documents\MBR.dat"
02:18:25.603 The log file has been saved successfully to "C:\Users\nicole\Documents\aswMBR.txt"
Reply With Quote
  #6  
Old June 4th, 2012, 01:49 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,700
The logs show some adware/spyware, but you didn't post the second OTL log, Extras.Txt. Located in the same place as you have OTL.exe. \

If there was no log, download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Reply With Quote
  #7  
Old June 4th, 2012, 09:19 AM
Compton856 Compton856 is offline
Senior Member
 
Join Date: Nov 2009
O/S: Windows Vista 64-bit
Location: Kelowna B.C
Posts: 119
Yes as i said in previous post it didnt provide me with a Extras.txt after the scan. heres the info as requested from HIJACKTHIS

Adobe Reader 8.3.1
Advertising Center
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 9.20
Ask Toolbar
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Camera Assistant Software for Toshiba
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.0.0.1
CorelDRAW Graphics Suite 12
CyberLink PowerDVD 9
CyberLink PowerDVD 9
D3DX10
DolbyFiles
Dream Aquarium
DVD MovieFactory for TOSHIBA
Facecons
GearDrvs
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HDMI Control Manager
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050 J610 series Help
HP Photo Creations
HP Update
Java(TM) 6 Update 31
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero ControlCenter
Nero InCD-Reader
Nero Installer
Nero MediaHome 4
Nero Move it
neroxml
NetWaiting
NOD32 antivirus system
OnlinePlay 1.0
Panda ActiveScan 2.0
QuickTime
Safari
SecurDisc Viewer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Reply With Quote
  #8  
Old June 5th, 2012, 12:54 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,700
Sorry, I overlooked your mention of that second OTL log, And forgot to congratulate you on the wonderful experiences you are having now with a new child. Let's remove some junk, then scan-check after.

Be sure to continue to temporarily disable any protective software when making changes/running the scan tools we use here.


Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Ask Toolbar - Adware, spyware, search hijacker.
Facecons - Adware. The majority of third party programs connected to Facebook have some undesirable function.

Some others to consider uninstalling:

Mozilla Maintenance Service - A newish Firefox application that self-updates Firefox, and I assume other things. Been problems with it, so may want to just remove it.
Google Toolbar for Internet Explorer - if you don't use it, it's a resource waste.
Google Update Helper Installed with all Google software - runs at startup with no way to stop that, and can slow startups.

---------

In Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart".

Reset toolbars and controls

Reset all user preferences to Firefox defaults

Restore default search engines

You can change those later to whatever you prefer, but for now, Conduit has installed one of it's usual hijackers, and will leave unwanted hijack settings behind even if uninstalled.

---------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.

I am not real sure Eset, which is NOD, will work with it installed, but please try that step anyway.
Reply With Quote
  #9  
Old June 5th, 2012, 08:58 PM
Compton856 Compton856 is offline
Senior Member
 
Join Date: Nov 2009
O/S: Windows Vista 64-bit
Location: Kelowna B.C
Posts: 119
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
nicole :: NICOLE-PC [administrator]

Protection: Enabled

05/06/2012 12:54:51 PM
mbam-log-2012-06-05 (12-54-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210850
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Reply With Quote
  #10  
Old June 5th, 2012, 11:05 PM
Compton856 Compton856 is offline
Senior Member
 
Join Date: Nov 2009
O/S: Windows Vista 64-bit
Location: Kelowna B.C
Posts: 119
Scanned with eset and came up clean... I selected the uninstall app option when it was done
Reply With Quote
  #11  
Old June 6th, 2012, 12:59 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,700
Looks good to go. Before we just move on to some final cleaning up step here, are there any issues we still haven't addressed?
Reply With Quote
  #12  
Old June 9th, 2012, 06:13 AM
Compton856 Compton856 is offline
Senior Member
 
Join Date: Nov 2009
O/S: Windows Vista 64-bit
Location: Kelowna B.C
Posts: 119
nope everything is great i guess thank you very much for your time
Reply With Quote
  #13  
Old June 9th, 2012, 11:31 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,700
Always glad to be helpful. Just some additional changes to wrap things up here.


The logs show you have slightly outdated versions of vulnerable programs, so Go to each of these sites and update to the latest version (keep your eyes open - they often slide in "opportunities" for things like Google, or McAfee's scanner):

http://www.adobe.com/downloads/
(For Adobe Reader and Flash Player - uncheck the useless McAfee scan, if offered)

http://java.com/en/download/manual.jsp
(For Java 7 Update 4 - trying to slip Ask adware/spyware to systems lately, so watch and uncheck it)

Once you have done that, be sure to go to Programs and Features and uninstall any older, more vulnerable Java versions.

------------

Eset, if you don't plan to use it again, uninstalls through the Control Panel - Programs and Features.


You can also at this time delete the files/folders of the tools we used. To assist with some of that run OTL again. This will help by automatically removing some of the tools we used.

Just click CleanUp, and select Yes. When it finishes removing some of the tools and files we used there just agree to the reboot.

In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 07:09 AM.