Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Pc wont detect any usb drives. [Solved]

Started by istring , Jan 10 2013 09:19 PM

  • This topic is locked This topic is locked

#1
istring
Posted 10 January 2013 - 09:19 PM

istring

    Member

  • Member
  • PipPip
  • 36 posts
Sorry for the noobness :0)

OK whenever I try to mount a flash drive, phone, MP3 player or anything into my USB ports the PC seems to slow right down then explorer stops responding. I have a new "VANTEC Multi-Memory Internal card reader with usb 2.0" installed Model # UGT-Cr905. I also just installed MINT 14 Nadia on a second hard drive.
Anyhow I hace deleted all the drivers for the new card reader but the usb ports still dont work :(

Heres the OTL log

Thanks in advance.


OTL logfile created on: 10/01/2013 10:10:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ian\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.00 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 57.69% Memory free
10.00 Gb Paging File | 7.47 Gb Available in Paging File | 74.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 130.62 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive E: | 7.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 18.32 Gb Total Space | 18.24 Gb Free Space | 99.52% Space Free | Partition Type: NTFS
Drive G: | 65.23 Gb Total Space | 65.14 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/10 22:10:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\Downloads\OTL.com
PRC - [2012/07/16 19:52:18 | 000,548,264 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012/06/08 03:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/15 00:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2010/05/20 14:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/09 17:49:37 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 17:49:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/16 19:52:18 | 000,548,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012/03/15 00:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/05/20 14:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2009/11/01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 03:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3131886

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3131886
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 96 C4 EA 27 05 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {656461ef-40f6-4115-9ff1-bced9812ccbb} - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002191829cc5
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3131886
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/07/29 10:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/29 10:21:00 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/07/29 09:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/16 18:00:28 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/ig
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/ig
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ian\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Latitude Notifications = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akbjdpjajhamhcijmmboebgfmlecjlnb\1.4.1_1\
CHR - Extension: Google Drive = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: HelloFax - Free Online Faxing & Signing = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.1_0\
CHR - Extension: Google Search = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\
CHR - Extension: Google+ = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.0.1.424_0\
CHR - Extension: Invoice2go = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmjkikjpbpaehaclfdkmjdofdgodaakp\1.0.0.0_0\
CHR - Extension: Google Calendar = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_1\
CHR - Extension: continuetosave = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\flejcgcmidibfgclphhkkefcejngjpde\3.9_0\
CHR - Extension: AdBlock = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_1\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Google Play Music = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\4.0_0\
CHR - Extension: Zoho Sheet = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj\1.2_0\
CHR - Extension: Fast save = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbboklhnbgnjmalpbaeicanobdbicgbi\1.1_0\
CHR - Extension: Google+ Hangouts = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpgddbgniojgndnhlkjbkpknjhppkbk\1.3_1\
CHR - Extension: Google Play = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_1\
CHR - Extension: Evernote Web = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_1\
CHR - Extension: Google Maps = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Phone 2 Google Chrome\u2122 = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlgojabfogikedjanecphloghlegpdm\4.1_1\
CHR - Extension: Quick Contacts = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmndbbjandnckiimgpaokedbminbikg\1.1.0_0\
CHR - Extension: Awesome New Tab Page = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2012.147.2.0_0\
CHR - Extension: Google Mail Checker = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_1\
CHR - Extension: Quick Note = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\
CHR - Extension: Google Play Books = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Weather Underground = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: Gmail = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11548EBC-22FA-4804-98A7-3DBDB2E61270}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/27 13:45:25 | 000,000,000 | ---D | M] - C:\AutoSave OfficeDocuments 1 -- [ NTFS ]
O32 - AutoRun File - [2012/04/27 09:14:20 | 000,000,000 | ---D | M] - C:\AutoSave PicturesAndPhotos 1 -- [ NTFS ]
O32 - AutoRun File - [2012/04/27 09:14:17 | 000,000,000 | ---D | M] - C:\AutoSave SoundsAndMusic 1 -- [ NTFS ]
O32 - AutoRun File - [2011/11/10 12:48:27 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d6de6088-716f-11e1-bfa9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d6de6088-716f-11e1-bfa9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/11/10 12:48:56 | 001,834,216 | R--- | M] (BioWare, LucasArts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/03 14:58:31 | 000,000,000 | R--D | C] -- C:\Users\Ian\Documents
[2013/01/02 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\Ian\Music\Documents\Add-in Express
[2013/01/02 17:08:24 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\Old HTC
[2013/01/02 15:27:42 | 000,000,000 | R--D | C] -- C:\Users\Ian\Dropbox
[2013/01/02 15:24:59 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\MigWiz
[2013/01/02 11:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WoW Worldwide Software LTD
[2013/01/02 11:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave
[2013/01/02 08:17:08 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Chromium
[2013/01/02 08:11:04 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\The Lord of the Rings Online
[2013/01/02 08:04:38 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Turbine
[2013/01/02 08:04:38 | 000,000,000 | ---D | C] -- C:\Users\Ian\Music\Documents\The Lord of the Rings Online
[2013/01/02 07:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Turbine
[2013/01/02 07:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/10 21:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 21:36:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3340696756-4068621371-1334216621-1001UA.job
[2013/01/10 21:24:49 | 000,019,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 21:24:49 | 000,019,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 21:21:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/10 19:32:37 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/10 19:31:55 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/01/10 19:31:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/10 19:31:11 | 4025,344,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/10 19:16:49 | 000,740,226 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/10 19:16:49 | 000,637,328 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/10 19:16:49 | 000,114,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 17:40:07 | 000,436,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/07 13:36:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3340696756-4068621371-1334216621-1001Core.job
[2013/01/02 19:45:06 | 1008,878,977 | ---- | M] () -- C:\Users\Ian\Music\Documents\NewZip.zip
[2013/01/02 12:26:10 | 000,000,279 | ---- | M] () -- C:\Windows\WININIT.INI
[2013/01/02 12:25:01 | 000,007,597 | ---- | M] () -- C:\Users\Ian\AppData\Local\Resmon.ResmonCfg
[2013/01/02 08:00:52 | 000,748,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/20 09:26:14 | 000,314,368 | ---- | M] () -- C:\Users\Ian\Music\Documents\AHS brochure.pub
[2012/12/20 09:19:42 | 000,178,688 | ---- | M] () -- C:\Users\Ian\Music\Documents\Publication4.pub
[2012/12/19 17:43:15 | 000,160,768 | ---- | M] () -- C:\Users\Ian\Music\Documents\Proposal.pub
[2012/12/16 08:22:38 | 000,014,922 | ---- | M] () -- C:\Users\Ian\Desktop\photo.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/02 19:58:21 | 1008,878,977 | ---- | C] () -- C:\Users\Ian\Music\Documents\NewZip.zip
[2013/01/02 12:22:52 | 000,000,279 | ---- | C] () -- C:\Windows\WININIT.INI
[2012/12/16 08:22:38 | 000,014,922 | ---- | C] () -- C:\Users\Ian\Desktop\photo.jpg
[2012/12/14 15:18:35 | 000,160,768 | ---- | C] () -- C:\Users\Ian\Music\Documents\Proposal.pub
[2012/08/18 21:05:24 | 000,000,000 | ---- | C] () -- C:\Users\Ian\netstat
[2012/08/18 20:54:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\14ea057c2a916715fa41b9c69246afc2_c
[2012/08/18 20:49:20 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Local\rx_audio.Cache
[2012/08/18 20:48:22 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Local\rx_image32.Cache
[2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/05/23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/05/23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/05/23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/05/23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/05/17 18:02:24 | 000,049,152 | ---- | C] () -- C:\Users\Ian\01076886.dot
[2012/04/23 16:21:30 | 000,000,098 | ---- | C] () -- C:\Windows\mylabels32.INI
[2012/04/09 07:22:03 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/04/09 07:20:44 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/04/09 07:20:44 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/04/09 07:20:44 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/04/08 08:59:33 | 000,000,091 | ---- | C] () -- C:\Users\Ian\AppData\Local\fusioncache.dat
[2012/03/19 16:55:56 | 000,205,702 | ---- | C] () -- C:\Windows\hpoins50.dat
[2012/03/18 19:26:51 | 000,007,597 | ---- | C] () -- C:\Users\Ian\AppData\Local\Resmon.ResmonCfg
[2012/03/18 14:56:59 | 000,748,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/18 12:00:47 | 000,001,318 | ---- | C] () -- C:\Windows\ODBCINST.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/16 18:00:26 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Babylon
[2013/01/10 20:31:32 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\BitTorrent
[2013/01/10 20:06:39 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Dropbox
[2012/03/18 12:03:51 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\InterTrust
[2012/06/08 15:15:58 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Origin
[2012/06/29 10:41:32 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Samsung
[2012/04/09 06:19:16 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Simple Star
[2012/08/31 20:53:09 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SPORE
[2012/04/07 09:33:42 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Ubisoft
[2012/06/25 13:12:28 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Windows Live Writer
[2012/07/29 10:21:00 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
WhiteHat
Posted 11 January 2013 - 01:42 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

I also just installed MINT 14 Nadia on a second hard drive.

USB ports works on Linux Mint?

I really don't think this is caused by a malware. ;)

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000002191829cc5
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3131886
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3131886
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3131886
[2012/05/16 18:00:28 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT:

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
istring
Posted 11 January 2013 - 02:27 PM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks for the speedy reply.

The drives don't respond on Linux either.

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Ian
->Temp folder emptied: 35935552 bytes
->Temporary Internet Files folder emptied: 65035 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 119666088 bytes
->Flash cache emptied: 3172 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 5720 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88834 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 149.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01112013_151906
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-11 15:29:47
-----------------------------
15:29:47.639 OS Version: Windows x64 6.1.7601 Service Pack 1
15:29:47.639 Number of processors: 2 586 0x4303
15:29:47.640 ComputerName: IAN-PC UserName: Ian
15:29:48.265 Initialize success
15:30:19.622 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
15:30:19.625 Disk 0 Vendor: WDC_WD25 10.0 Size: 238475MB BusType: 3
15:30:19.629 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000065
15:30:19.631 Disk 1 Vendor: WDC_WD16 08.0 Size: 152627MB BusType: 3
15:30:19.645 Disk 0 MBR read successfully
15:30:19.647 Disk 0 MBR scan
15:30:19.649 Disk 0 unknown MBR code
15:30:19.658 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:30:19.661 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
15:30:19.668 Disk 0 scanning C:\Windows\system32\drivers
15:30:25.692 Service scanning
15:30:42.685 Modules scanning
15:30:42.691 Disk 0 trace - called modules:
15:30:42.707 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
15:30:42.714 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800581e2d0]
15:30:42.720 3 CLASSPNP.SYS[fffff88001b8143f] -> nt!IofCallDriver -> [0xfffffa80055498e0]
15:30:42.726 5 ACPI.sys[fffff88000f5e7a1] -> nt!IofCallDriver -> \Device\00000064[0xfffffa800560f9c0]
15:30:42.735 Scan finished successfully
15:31:14.699 Disk 0 MBR has been saved successfully to "C:\Users\Ian\Desktop\MBR.dat"
15:31:14.704 The log file has been saved successfully to "C:\Users\Ian\Desktop\aswMBR.txt"

Edited by istring, 11 January 2013 - 02:31 PM.

  • 0

#4
WhiteHat
Posted 13 January 2013 - 01:55 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

The drives don't respond on Linux either.

Ok, so it's a Hardware's problem.

Nothing wrongs with aswMBR log.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#5
istring
Posted 13 January 2013 - 08:27 PM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks Again for your help

Here's the ESET File

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=b83b27d92e321b42bbe1dafbb8a58137
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-14 02:18:29
# local_time=2013-01-13 09:18:29 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 24879925 109673359 0 0
# scanned=138386
# found=6
# cleaned=4
# scan_time=6652
C:\Users\All Users\continuetosave\50e463bbcbb3f.dll Win32/Adware.MultiPlug.G application (unable to clean) D4622558BA366F2F94560DA301A81C6C16F95A3C I
C:\Users\All Users\continuetosave\flejcgcmidibfgclphhkkefcejngjpde.crx Win32/Adware.MultiPlug.H application (unable to clean) 815C6E708EEAB1ABB8BF0FDAF90306A83133612B I
C:\ProgramData\continuetosave\50e463bbcbb3f.dll Win32/Adware.MultiPlug.G application (cleaned by deleting - quarantined) D4622558BA366F2F94560DA301A81C6C16F95A3C C
C:\ProgramData\continuetosave\flejcgcmidibfgclphhkkefcejngjpde.crx Win32/Adware.MultiPlug.H application (deleted - quarantined) 815C6E708EEAB1ABB8BF0FDAF90306A83133612B C
C:\Users\Ian\AppData\Local\Temp\C610.tmp Win32/OpenCandy application (cleaned by deleting - quarantined) 4DFB63597DB48F5574BDB31E84B55FA0B19E57E1 C
C:\Windows\AutoKMS\AutoKMS.exe a variant of Win32/HackKMS.B application (cleaned by deleting - quarantined) 13EE8C9FCE6F74512DCD188CCA0655C5EDE37612 C
  • 0

#6
WhiteHat
Posted 14 January 2013 - 05:03 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

As I said to you, the problem with the USB ports seems to be a hardware defect.

I suggest you ask for help here:
http://www.geekstogo...nd-peripherals/

Is there any other problem with the computer?
  • 0

#7
istring
Posted 14 January 2013 - 08:00 PM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Everything else is running OK. Thank you for your assistance.
  • 0

#8
WhiteHat
Posted 15 January 2013 - 07:09 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0

#9
istring
Posted 15 January 2013 - 07:18 PM

istring

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks again.
  • 0

#10
WhiteHat
Posted 15 January 2013 - 07:34 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP