Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Acting Super Slow all of the sudden [Closed]

Started by nbuddy , Feb 20 2012 01:38 PM

  • This topic is locked This topic is locked

#16
Render
Posted 10 March 2012 - 05:55 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please temporary disable Malwarebytes Anti-Malware and then try again.
  • 0

Advertisements

#17
nbuddy
Posted 10 March 2012 - 12:51 PM

nbuddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I dont use MBAM as a real time scanner, it is used only as an on demand scanner.
  • 0

#18
Render
Posted 11 March 2012 - 07:36 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Restart your computer and try again please.
  • 0

#19
nbuddy
Posted 11 March 2012 - 02:40 PM

nbuddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Tried restarting as well as disabling ESET and still no luck.
  • 0

#20
Render
Posted 11 March 2012 - 02:44 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Try with this:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A03F6987-70C0-491B-AF29-9359E7089E0F}
IE:64bit: - HKLM\..\SearchScopes\{A03F6987-70C0-491B-AF29-9359E7089E0F}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://redirect.cros...arch?a=2083&t=1
IE - HKLM\..\URLSearchHook: {11111111-1111-1111-1111-110011201183} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {11111111-1111-1111-1111-110011201183}
IE - HKLM\..\SearchScopes\{11111111-1111-1111-1111-110011201183}: "URL" = http://redirect.cros...q={searchTerms}
IE - HKLM\..\SearchScopes\{734F94AC-0A2E-44FF-AF5A-60FA23393B87}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
IE - HKU\S-1-5-21-4272434487-2648937278-582245549-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4272434487-2648937278-582245549-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://redirect.cros...arch?a=2083&t=1
IE - HKU\S-1-5-21-4272434487-2648937278-582245549-1001\..\SearchScopes,DefaultScope = {0265DA63-A0C4-4F78-9075-2FDF59859B9E}
IE - HKU\S-1-5-21-4272434487-2648937278-582245549-1001\..\SearchScopes\{0265DA63-A0C4-4F78-9075-2FDF59859B9E}: "URL" = http://www.google.co...1I7TSNA_enUS392
IE - HKU\S-1-5-21-4272434487-2648937278-582245549-1001\..\SearchScopes\{11111111-1111-1111-1111-110011201183}: "URL" = http://redirect.cros...q={searchTerms}
IE - HKU\S-1-5-21-4272434487-2648937278-582245549-1001\..\SearchScopes\{734F94AC-0A2E-44FF-AF5A-60FA23393B87}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKU\S-1-5-21-4272434487-2648937278-582245549-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1320680
@Alternate Data Stream - 836 bytes -> C:\Users\Neil\Documents\Re_ Scrimmage on Wed & Tournament Info_.eml:OECustomProperty
@Alternate Data Stream - 676 bytes -> C:\Users\Neil\Documents\HAPPY BIRTHDAY.eml:OECustomProperty
@Alternate Data Stream - 626 bytes -> C:\Users\Neil\Documents\Fw_ Diamondbacks Roster.eml:OECustomProperty
@Alternate Data Stream - 1096 bytes -> C:\Users\Neil\Documents\Game 7-10-06.eml:OECustomProperty
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
  	
:Files

:Reg

:Commands
[emptytemp]
[emptyflash]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#21
nbuddy
Posted 11 March 2012 - 08:10 PM

nbuddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Here you go.


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A03F6987-70C0-491B-AF29-9359E7089E0F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A03F6987-70C0-491B-AF29-9359E7089E0F}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{11111111-1111-1111-1111-110011201183} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011201183}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11111111-1111-1111-1111-110011201183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011201183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{734F94AC-0A2E-44FF-AF5A-60FA23393B87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734F94AC-0A2E-44FF-AF5A-60FA23393B87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-4272434487-2648937278-582245549-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-4272434487-2648937278-582245549-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-4272434487-2648937278-582245549-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4272434487-2648937278-582245549-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0265DA63-A0C4-4F78-9075-2FDF59859B9E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0265DA63-A0C4-4F78-9075-2FDF59859B9E}\ not found.
Registry key HKEY_USERS\S-1-5-21-4272434487-2648937278-582245549-1001\Software\Microsoft\Internet Explorer\SearchScopes\{11111111-1111-1111-1111-110011201183}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011201183}\ not found.
Registry key HKEY_USERS\S-1-5-21-4272434487-2648937278-582245549-1001\Software\Microsoft\Internet Explorer\SearchScopes\{734F94AC-0A2E-44FF-AF5A-60FA23393B87}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{734F94AC-0A2E-44FF-AF5A-60FA23393B87}\ not found.
Registry key HKEY_USERS\S-1-5-21-4272434487-2648937278-582245549-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
ADS C:\Users\Neil\Documents\Re_ Scrimmage on Wed & Tournament Info_.eml:OECustomProperty deleted successfully.
ADS C:\Users\Neil\Documents\HAPPY BIRTHDAY.eml:OECustomProperty deleted successfully.
ADS C:\Users\Neil\Documents\Fw_ Diamondbacks Roster.eml:OECustomProperty deleted successfully.
ADS C:\Users\Neil\Documents\Game 7-10-06.eml:OECustomProperty deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:5C321E34 .
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Neil
->Temp folder emptied: 6954 bytes
->Temporary Internet Files folder emptied: 30107571 bytes
->Java cache emptied: 29634 bytes
->Google Chrome cache emptied: 395010989 bytes
->Flash cache emptied: 15392 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4024604 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 748136 bytes

Total Files Cleaned = 410.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: LogMeInRemoteUser

User: Neil
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03112012_160024

Files\Folders moved on Reboot...
C:\Users\Neil\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#22
Render
Posted 12 March 2012 - 05:28 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#23
nbuddy
Posted 13 March 2012 - 08:40 PM

nbuddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
So Im curious, did you guys find anything?


OTL logfile created on: 3/13/2012 7:35:02 PM - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Neil\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 57.78% Memory free
7.60 Gb Paging File | 5.99 Gb Available in Paging File | 78.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.67 Gb Total Space | 367.24 Gb Free Space | 80.95% Space Free | Partition Type: NTFS

Computer Name: NEIL-PC | User Name: Neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 18:21:12 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/08/17 08:52:06 | 002,143,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/08/17 08:52:05 | 008,090,496 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/17 08:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/17 08:07:10 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2010/09/09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/25 15:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 02:21:42 | 000,429,040 | ---- | M] () -- C:\Users\Neil\AppData\Local\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 02:21:41 | 003,772,912 | ---- | M] () -- C:\Users\Neil\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 02:20:17 | 000,122,880 | ---- | M] () -- C:\Users\Neil\AppData\Local\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 02:20:16 | 000,220,672 | ---- | M] () -- C:\Users\Neil\AppData\Local\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 02:20:15 | 001,747,456 | ---- | M] () -- C:\Users\Neil\AppData\Local\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/04/06 14:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 17:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/01/19 17:26:58 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/01/19 17:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/01/19 17:05:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/11/05 22:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/10/21 09:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/17 08:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/06 09:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/06 16:33:18 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/05/18 16:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/05/08 18:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2010/05/03 14:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/21 11:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/13 08:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/17 19:09:20 | 000,036,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2009/10/09 19:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 17:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Neil\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Neil\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/12/05 14:31:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/12/05 14:31:53 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Neil\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Neil\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Neil\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Neil\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Neil\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/06 17:16:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B90C05C-F9A8-4D71-9EE1-171490CCED10}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE592116-0A75-4C7D-B982-221597220E7E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 02:50:43 | 000,000,000 | ---D | C] -- C:\d847f24b6582bfead4
[2012/03/07 18:21:05 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.exe
[2012/03/06 17:21:27 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/03/06 17:17:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 17:07:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/03/06 17:07:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/03/06 17:07:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/03/06 17:07:35 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/03/06 17:07:35 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2012/03/06 17:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/06 17:05:57 | 004,428,059 | R--- | C] (Swearware) -- C:\Users\Neil\Desktop\Combo-Fix.exe
[2012/03/03 18:13:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/01 23:19:58 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Neil\Desktop\tdsskiller.exe
[2012/03/01 15:05:49 | 000,000,000 | ---D | C] -- C:\Users\Neil\Desktop\RK_Quarantine
[2012/02/29 22:13:01 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Neil\Desktop\aswMBR.exe
[2012/02/20 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\Malwarebytes
[2012/02/20 12:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/20 12:24:40 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/02/20 12:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/20 12:19:37 | 000,000,000 | ---D | C] -- C:\Users\Neil\Documents\Matt
[2012/02/20 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/20 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\Neil\AppData\Roaming\f-secure
[2012/02/20 08:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/02/20 00:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/02/20 00:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012/02/19 23:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/19 23:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/19 23:36:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/02/19 23:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/02/18 19:01:26 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

========== Files - Modified Within 30 Days ==========

[2012/03/13 19:07:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272434487-2648937278-582245549-1001UA.job
[2012/03/13 11:07:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272434487-2648937278-582245549-1001Core.job
[2012/03/13 03:01:41 | 000,744,818 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/13 03:01:41 | 000,627,316 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/13 03:01:41 | 000,107,600 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/12 13:07:56 | 000,002,403 | ---- | M] () -- C:\Users\Neil\Desktop\Google Chrome.lnk
[2012/03/12 07:29:06 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 07:29:06 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 07:21:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/12 07:21:25 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/11 16:00:25 | 000,049,159 | ---- | M] () -- C:\Users\Neil\Documents\Fw_ Diamondbacks Roster.eml
[2012/03/11 16:00:25 | 000,010,072 | ---- | M] () -- C:\Users\Neil\Documents\Game 7-10-06.eml
[2012/03/11 16:00:24 | 000,060,430 | ---- | M] () -- C:\Users\Neil\Documents\HAPPY BIRTHDAY.eml
[2012/03/11 16:00:24 | 000,015,827 | ---- | M] () -- C:\Users\Neil\Documents\Re_ Scrimmage on Wed & Tournament Info_.eml
[2012/03/11 12:03:02 | 000,075,520 | ---- | M] () -- C:\Users\Neil\Desktop\karen.jpg
[2012/03/11 12:02:41 | 000,081,378 | ---- | M] () -- C:\Users\Neil\Desktop\friends.jpg
[2012/03/11 12:02:16 | 000,149,645 | ---- | M] () -- C:\Users\Neil\Desktop\tcu.jpg
[2012/03/11 12:01:36 | 000,157,103 | ---- | M] () -- C:\Users\Neil\Desktop\family.jpg
[2012/03/07 18:21:12 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Neil\Desktop\OTL.exe
[2012/03/06 17:16:27 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/03/06 17:06:07 | 004,428,059 | R--- | M] (Swearware) -- C:\Users\Neil\Desktop\Combo-Fix.exe
[2012/03/03 00:46:32 | 000,088,438 | ---- | M] () -- C:\Users\Neil\Desktop\shoes.jpg
[2012/03/01 23:20:18 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Neil\Desktop\tdsskiller.exe
[2012/03/01 15:05:30 | 001,339,904 | ---- | M] () -- C:\Users\Neil\Desktop\RogueKiller.exe
[2012/02/29 23:08:34 | 000,000,602 | ---- | M] () -- C:\Users\Neil\Desktop\MBR.zip
[2012/02/29 23:05:46 | 000,000,512 | ---- | M] () -- C:\Users\Neil\Desktop\MBR.dat
[2012/02/29 22:13:10 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Neil\Desktop\aswMBR.exe
[2012/02/20 00:01:58 | 000,101,446 | ---- | M] () -- C:\cc_20120219_230149.reg
[2012/02/19 17:32:08 | 000,015,807 | ---- | M] () -- C:\Users\Neil\Desktop\cousins.jpg
[2012/02/17 22:11:27 | 000,012,429 | ---- | M] () -- C:\Users\Neil\Desktop\matt and rachel vday.jpg
[2012/02/16 17:11:49 | 000,426,200 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/03/11 12:03:07 | 000,075,520 | ---- | C] () -- C:\Users\Neil\Desktop\karen.jpg
[2012/03/11 12:02:47 | 000,081,378 | ---- | C] () -- C:\Users\Neil\Desktop\friends.jpg
[2012/03/11 12:02:23 | 000,149,645 | ---- | C] () -- C:\Users\Neil\Desktop\tcu.jpg
[2012/03/11 12:01:51 | 000,157,103 | ---- | C] () -- C:\Users\Neil\Desktop\family.jpg
[2012/03/06 17:07:40 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/06 17:07:40 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/06 17:07:40 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/06 17:07:40 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/06 17:07:40 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/03/03 00:47:00 | 000,088,438 | ---- | C] () -- C:\Users\Neil\Desktop\shoes.jpg
[2012/03/01 15:05:28 | 001,339,904 | ---- | C] () -- C:\Users\Neil\Desktop\RogueKiller.exe
[2012/02/29 23:08:34 | 000,000,602 | ---- | C] () -- C:\Users\Neil\Desktop\MBR.zip
[2012/02/29 23:05:46 | 000,000,512 | ---- | C] () -- C:\Users\Neil\Desktop\MBR.dat
[2012/02/20 12:02:33 | 000,002,403 | ---- | C] () -- C:\Users\Neil\Desktop\Google Chrome.lnk
[2012/02/20 12:02:07 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272434487-2648937278-582245549-1001UA.job
[2012/02/20 12:02:06 | 000,000,852 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272434487-2648937278-582245549-1001Core.job
[2012/02/20 00:01:56 | 000,101,446 | ---- | C] () -- C:\cc_20120219_230149.reg
[2012/02/19 17:32:08 | 000,015,807 | ---- | C] () -- C:\Users\Neil\Desktop\cousins.jpg
[2012/02/17 22:11:27 | 000,012,429 | ---- | C] () -- C:\Users\Neil\Desktop\matt and rachel vday.jpg
[2011/11/16 09:12:15 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2011/08/14 23:15:31 | 000,000,354 | ---- | C] () -- C:\Users\Neil\AppData\Roaming\CamStudioPortableBackup.reg
[2011/06/25 16:39:30 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/06/25 16:37:34 | 000,000,016 | ---- | C] () -- C:\windows\popcinfo.dat
[2010/12/05 02:21:52 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/07 12:12:58 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010/08/11 01:13:46 | 000,220,916 | ---- | C] () -- C:\windows\hpoins35.dat.temp
[2010/08/11 01:13:46 | 000,000,778 | ---- | C] () -- C:\windows\hpomdl35.dat.temp
[2010/08/10 16:21:58 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/04/21 11:14:54 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/04/21 11:14:52 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/04/21 11:14:52 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/04/21 10:22:50 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/04/21 10:22:50 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2011/06/25 16:42:46 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Alawar
[2011/05/17 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Auslogics
[2012/02/02 22:07:19 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Canon
[2010/08/09 21:48:50 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\ESET
[2012/02/20 08:27:45 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\f-secure
[2010/10/16 12:18:13 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Foxit Software
[2011/11/16 09:13:15 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\funkitron
[2011/11/24 23:49:02 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\InfraRecorder
[2010/09/28 15:54:09 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Miode
[2012/02/20 12:17:27 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Opera
[2010/09/29 07:06:13 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Paby
[2010/09/28 20:32:00 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Sihie
[2011/06/25 16:33:17 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Skip-Bo
[2010/08/09 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Toshiba
[2010/09/28 07:36:42 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Vyugpo
[2011/06/25 16:41:43 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\Wildfire
[2010/08/09 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\Neil\AppData\Roaming\WinBatch
[2011/12/24 09:48:49 | 000,032,552 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 836 bytes -> C:\Users\Neil\Documents\Re_ Scrimmage on Wed & Tournament Info_.eml:OECustomProperty
@Alternate Data Stream - 676 bytes -> C:\Users\Neil\Documents\HAPPY BIRTHDAY.eml:OECustomProperty
@Alternate Data Stream - 626 bytes -> C:\Users\Neil\Documents\Fw_ Diamondbacks Roster.eml:OECustomProperty
@Alternate Data Stream - 1096 bytes -> C:\Users\Neil\Documents\Game 7-10-06.eml:OECustomProperty

< End of report >
  • 0

#24
Render
Posted 14 March 2012 - 06:39 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

So Im curious, did you guys find anything?

Nothing critical so far. How is your computer running now? Any visible progress?
  • 0

#25
nbuddy
Posted 14 March 2012 - 08:52 PM

nbuddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Its running better, doesn't seem to be running to bad.
  • 0

Advertisements

#26
Render
Posted 15 March 2012 - 04:20 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#27
nbuddy
Posted 18 March 2012 - 11:47 AM

nbuddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Im running Eset Smart Security 5 by the way but for some reason it did now show up.

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.6
Java™ 6 Update 31
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
  • 0

#28
Render
Posted 18 March 2012 - 03:19 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#29
Render
Posted 18 June 2012 - 02:27 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP