Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer! [Closed]


  • Please log in to reply

#31
cros4t

cros4t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
The securith check log:

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Common Files Authentium AntiVirus5 vsedsps.exe
Common Files Authentium AntiVirus5 vseamps.exe
Common Files Authentium AntiVirus5 vseqrts.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

The system has not changed since my last report, but I am still liking the improvements.
  • 0

Advertisements


#32
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

The system has not changed since my last report, but I am still liking the improvements.

I am pleased to hear that!

Step 1.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step 2.

Update Mozilla FireFox

Your version of FireFox is 14 and the current release is 15

Please open FireFox and click Help then About and finally apply update. Allow it to restart.


Step 3.

Let me know when you have completed these updates.
  • 0

#33
cros4t

cros4t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
I have updated FireFox, but I am unsure as to which Java to download. I know I don't have linux, mac or solaris, but not sure which windows to select. Pardon my ignorance please.
  • 0

#34
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
You have:

Windows Vista Service Pack 2 x86 so you will need the one that says i586 in it for windows.

Not a bad question, I am glad you asked!

Regards,

CompCav
  • 0

#35
cros4t

cros4t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Java has now been loaded and updated. The Start up is still slow, but it is moving faster. Thank you!
  • 0

#36
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK let's look at your startup.

Please download CCleaner from here. Please do not use the registry cleaner in this tool. Registry cleaners can hurt and rarely help.

Double click on the file to install CCleaner.
During the install it may ask you to install a toolbar, uncheck the toolbar install, we do not want it!
Once it is installed it will run.
When it gets to the main screen, click on the Tools button on the left.
Click on the Startup button.
The windows tab should be showing, click on the Save to text file... button.
Click on Desktop and save startup.txt.
Double click on startup.txt to open it with Notepad.
Click Edit >> Select all >> Edit >> Copy .
Right click in the reply box to post in your topic. Click Paste

Then post your reply.
  • 0

#37
cros4t

cros4t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Okay, here is that log:

Yes HKCU:Run Octoshape Streaming Services Octoshape ApS "C:\Users\jasmine\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
Yes HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run avast AVAST Software "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
Yes HKLM:Run DPService CyberLink Corp. "C:\Program Files\HP\DVDPlay\DPService.exe"
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run hpqSRMon Hewlett-Packard C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
Yes HKLM:Run hpsysdrv Hewlett-Packard Company c:\hp\support\hpsysdrv.exe
Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Yes HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Yes HKLM:Run OsdMaestro OsdMaestro "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
Yes HKLM:Run RtHDVCpl Realtek Semiconductor RtHDVCpl.exe
Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TkBellExe RealNetworks, Inc. "c:\program files\real\realplayer\Update\realsched.exe" -osboot
Yes HKLM:Run Windows Mobile-based device management Microsoft Corporation %windir%\WindowsMobile\wmdSync.exe
Yes HKLM:Run WPCUMI Microsoft Corporation C:\Windows\system32\WpcUmi.exe
Yes HKLM:RunOnce Launcher soft thinks %WINDIR%\SMINST\launcher.exe
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
  • 0

#38
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Please restart CCleaner and go to Tools >> Startup
1. Click on each line listed below in CCleaner, make sure you are on the right one..
2. Then click Disable.

Repeat these two steps for each line below.

Yes HKCU:Run Octoshape Streaming Services Octoshape ApS "C:\Users\jasmine\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run DPService CyberLink Corp. "C:\Program Files\HP\DVDPlay\DPService.exe"
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Yes HKLM:Run NvMediaCenter Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Yes HKLM:Run OsdMaestro OsdMaestro "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
Yes HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run TkBellExe RealNetworks, Inc. "c:\program files\real\realplayer\Update\realsched.exe" -osboot
Yes HKLM:Run Windows Mobile-based device management Microsoft Corporation %windir%\WindowsMobile\wmdSync.exe
Yes HKLM:RunOnce Launcher soft thinks %WINDIR%\SMINST\launcher.exe
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Yes Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe



Once you are finished verify that all of the lines listed above are in faint grey.
Close CCleaner.

Reboot your computer and see how it performs.


Step 2.

Reopen OTL
  • Click Scan all users
  • Click Quickscan
  • A single log, OTL.txt will be produced, please post it in your next reply.


Step 3.

As I mentioned earlier to really get improvement you need to add memory.

  • Please post OTL.txt
  • Update me on your computer's performance, especially the startup.
Regards,

CompCav
  • 0

#39
cros4t

cros4t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Here is the OTL Log:

OTL logfile created on: 10/14/2012 9:45:27 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jasmine\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.82 Mb Total Physical Memory | 250.49 Mb Available Physical Memory | 28.02% Memory free
2.00 Gb Paging File | 0.90 Gb Available in Paging File | 44.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.67 Gb Total Space | 88.94 Gb Free Space | 63.22% Space Free | Partition Type: NTFS
Drive D: | 8.38 Gb Total Space | 1.05 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive E: | 3.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CROSKEY | User Name: jasmine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/14 09:11:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jasmine\Desktop\OTL.exe
PRC - [2012/10/08 20:57:47 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/08 17:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 17:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 17:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/03/01 10:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 07:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/10/08 21:49:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 21:26:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/08 17:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 17:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 17:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 02:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 02:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\jasmine\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 18:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/12 03:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B2A5E245-AD71-484D-A6F0-D2CFBB43231F}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKLM\..\SearchScopes\{F21EE9D8-5723-4F76-866F-2CD49B3624D1}: "URL" = http://search.yahoo....ing}&fr=hp-psdt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7RNRM_en
IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..\SearchScopes\{B2A5E245-AD71-484D-A6F0-D2CFBB43231F}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..\SearchScopes\{F21EE9D8-5723-4F76-866F-2CD49B3624D1}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..\SearchScopes\{FE0D65CA-6DC4-4A6D-9C34-E48939DE0C98}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120938,6902,0,53,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.yhs4.searc...8,16900,0,53,0"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...94&searchterm="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\jasmine\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\jasmine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/14 14:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/15 07:52:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/06 19:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/08 21:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/06 07:26:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/14 14:08:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/08 21:49:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/06 07:26:53 | 000,000,000 | ---D | M]

[2011/10/20 19:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jasmine\AppData\Roaming\mozilla\Extensions
[2012/10/05 15:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jasmine\AppData\Roaming\mozilla\Firefox\Profiles\ymptqbu8.default\extensions
[2012/10/05 15:32:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jasmine\AppData\Roaming\mozilla\Firefox\Profiles\ymptqbu8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/20 19:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/06 19:04:54 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/09/02 03:01:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/10/08 21:49:17 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/08 21:49:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/08 21:49:12 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\jasmine\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\jasmine\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\jasmine\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: avast! WebRep = C:\Users\jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\jasmine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/10/06 07:27:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.76.84.102 75.76.84.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{015EC064-039A-44FB-930A-94C209392E85}: DhcpNameServer = 75.76.84.102 75.76.84.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA3C3D64-94D7-4663-BC90-4A616B136DF6}: DhcpNameServer = 69.1.30.11 69.1.30.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jasmine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\jasmine\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/10 14:00:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 09:11:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jasmine\Desktop\OTL.exe
[2012/10/13 07:03:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/11 22:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/10/11 22:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/09 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/08 06:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/07 22:41:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/07 22:41:18 | 000,000,000 | ---D | C] -- C:\Users\jasmine\AppData\Local\temp
[2012/10/07 22:17:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/07 22:17:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/07 22:17:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/07 22:09:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/07 22:03:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/06 19:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/06 19:05:27 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/06 19:05:27 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/06 19:05:25 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/06 19:05:25 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/10/06 19:05:24 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/06 19:05:22 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/06 19:04:31 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/06 19:04:29 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/06 19:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/06 19:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/06 07:26:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/30 16:04:51 | 000,000,000 | ---D | C] -- C:\Users\jasmine\AppData\Roaming\HpUpdate
[2012/09/30 16:04:40 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/09/26 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\jasmine\AppData\Roaming\Malwarebytes
[2012/09/26 19:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/26 19:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/26 19:43:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/26 19:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 08:30:17 | 000,000,000 | ---D | C] -- C:\Users\jasmine\AppData\Roaming\Catalina Marketing Corp
[2012/09/20 15:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

========== Files - Modified Within 30 Days ==========

[2012/10/14 09:40:32 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/14 09:40:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/14 09:22:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/14 09:14:25 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/14 09:11:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jasmine\Desktop\OTL.exe
[2012/10/14 09:01:28 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_jasmine.job
[2012/10/13 13:53:03 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_jasmine.job
[2012/10/13 13:41:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 13:41:43 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 13:37:37 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_jasmine.job
[2012/10/11 22:55:06 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/11 22:41:50 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/07 16:31:56 | 000,113,336 | ---- | M] () -- C:\Users\jasmine\Documents\ayza's 6_1_work_file[1] (P.S. Eeeeewwww).rtf
[2012/10/07 09:59:12 | 000,002,688 | ---- | M] () -- C:\Users\jasmine\AppData\Roaming\wklnhst.dat
[2012/10/06 19:05:28 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/06 19:05:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/06 07:27:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/05 18:50:16 | 000,000,512 | ---- | M] () -- C:\Users\jasmine\Documents\MBR.dat
[2012/10/01 06:07:46 | 000,000,632 | RHS- | M] () -- C:\Users\jasmine\ntuser.pol
[2012/09/30 13:54:26 | 000,000,512 | ---- | M] () -- C:\Users\jasmine\Desktop\MBR.dat
[2012/09/26 19:43:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 21:42:49 | 000,364,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/10/11 22:55:06 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/07 22:17:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/07 22:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/07 22:17:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/07 22:17:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/07 22:17:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/07 16:31:55 | 000,113,336 | ---- | C] () -- C:\Users\jasmine\Documents\ayza's 6_1_work_file[1] (P.S. Eeeeewwww).rtf
[2012/10/06 19:05:28 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/05 18:50:15 | 000,000,512 | ---- | C] () -- C:\Users\jasmine\Documents\MBR.dat
[2012/09/30 13:54:26 | 000,000,512 | ---- | C] () -- C:\Users\jasmine\Desktop\MBR.dat
[2012/09/28 15:53:56 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_jasmine.job
[2012/09/28 15:53:48 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_jasmine.job
[2012/09/28 15:53:44 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_jasmine.job
[2012/09/26 19:43:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 14:56:48 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/07/14 13:47:16 | 000,207,226 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012/07/14 10:41:22 | 000,000,632 | RHS- | C] () -- C:\Users\jasmine\ntuser.pol
[2011/06/29 18:14:47 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/01/09 17:01:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/02/15 21:50:05 | 000,010,240 | ---- | C] () -- C:\Users\jasmine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/10 10:01:34 | 000,002,688 | ---- | C] () -- C:\Users\jasmine\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/03 16:06:20 | 000,000,000 | ---D | M] -- C:\Users\Ayza\AppData\Roaming\WildTangent
[2012/09/22 08:30:17 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\Catalina Marketing Corp
[2010/01/07 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\Ludia
[2009/01/14 20:22:18 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\MSNInstaller
[2012/01/20 23:22:27 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\Octoshape
[2011/01/23 18:43:10 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\PlayFirst
[2007/12/24 03:37:37 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\Snapfish
[2008/02/10 10:01:36 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\Template
[2012/09/03 22:01:49 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\WildTangent
[2009/06/29 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\jasmine\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

The system has not changed since the last time. Startup is still slow but system moves faster. I will get the memory. I know this may sound like stupid question, but is there info/files stored on the current memory?
  • 0

#40
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

I know this may sound like stupid question, but is there info/files stored on the current memory?

There are no stupid questions. Ask away! The current memory does not store anything when powered off.

Since you no longer have Authentium on this machine we will remove the visible remnants now:

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-3135770982-1872037628-2177936509-1000\..\SearchScopes\{FE0D65CA-6DC4-4A6D-9C34-E48939DE0C98}: "URL" = http://www.mysearchr...q={searchTerms}
    
    :files
    C:\Program Files\Common Files\Authentium
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Please post the OTL fix log


Also update me on the computer's performance.


  • 0

Advertisements


#41
cros4t

cros4t

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Here is the OTL Log:

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3135770982-1872037628-2177936509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FE0D65CA-6DC4-4A6D-9C34-E48939DE0C98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE0D65CA-6DC4-4A6D-9C34-E48939DE0C98}\ not found.
========== FILES ==========
C:\Program Files\Common Files\Authentium\AntiVirus5\ampse folder moved successfully.
C:\Program Files\Common Files\Authentium\AntiVirus5\ampmf folder moved successfully.
C:\Program Files\Common Files\Authentium\AntiVirus5 folder moved successfully.
C:\Program Files\Common Files\Authentium folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jasmine\Desktop\cmd.bat deleted successfully.
C:\Users\jasmine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Arielle Chanae
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ayza
->Temp folder emptied: 2708288 bytes
->Temporary Internet Files folder emptied: 2255581 bytes
->FireFox cache emptied: 105143578 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1022 bytes

User: Dad
->Temp folder emptied: 149318 bytes
->Temporary Internet Files folder emptied: 79514 bytes
->FireFox cache emptied: 23146673 bytes
->Google Chrome cache emptied: 6697042 bytes
->Flash cache emptied: 492 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jasmine
->Temp folder emptied: 4379587 bytes
->Temporary Internet Files folder emptied: 186927342 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67529522 bytes
->Google Chrome cache emptied: 7149705 bytes
->Flash cache emptied: 2350 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Twins
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2893279 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 390.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10162012_062105

Files\Folders moved on Reboot...
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QWTH5A8F\xpromo[2].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY0IKU8K\ai[6].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY0IKU8K\flash[2].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY0IKU8K\page__st__30__p__2217092__fromsearch__1[1].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY0IKU8K\sound_iframe[1].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KY0IKU8K\xhr[1].htm moved successfully.
File\Folder C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6G6GJDCP\12[2].htm not found!
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6G6GJDCP\like[3].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6G6GJDCP\proxy[1].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2GV5I900\bubblesafari[1].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2GV5I900\xd_arbiter[1].htm moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\jasmine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


The startup seems to be improved... no long black screen.
  • 0

#42
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.



Open MalwareBytes'
  • Click the Update tab and then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP