[coditoni]

I asked my friend to do a clean install of windows 7, when I got my Dell latitude e6400 back, I noticed these drivers that werent there before and just odd behavior on my computer. I keep seeing among different areas the word "SmartCard". Somewhere I had seen that there was "Driver (x)" . I also see this phrase come up often when looking around files "System 32". I keep getting a message about a cardbus, or installing a driver for sound or audio. My internet explorer doesnt even look or act like a normal IE browser..it hardly lets me go to a website with out an error, the icon for MSN doesnt appear normal..I thought maybe he hijacked my browser or something. I also notied when I hit F12, it now gives me the option to boot from 4 different options:
·CD/DVD/CD-RW Drive (even if no dvd)
·Internal (HDD) (IRRT)
·Cardbus NIC
·Onboard

When I asked him if he put stuff in my computer, he acted like an idiot, and started speaking stupid, and I didnt really know what I could show him that was a clear indicator or solid proof that he did in fact hack because I dont really know how to navigate to where to go to show him or provivde evidence that he cant deny...I need help with a way to show that its clear he has done something so that he cant play it off and also how to get all this off...I have nothing on my laptop that needs saving or backing up, I use it merely for browsing and emails so I am fine to wipe out anything and everything and use the Windows 7 Ultimate or Windows 7 premium disk I have. Please help me, or tell me if I am just paranoid and that these are just everyday issues that are a quick fix. Again its a Dell Latitude E6400

Edited by coditoni, 15 March 2015 - 10:31 AM.

[Advertisements]

Probably just paranoid but we can check:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

click on the Addition.txt box. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

 

 

 

Download OTL from

http://www.geekstogo...timers-list-it/

and Save it to your desktop.

 

Copy the text in the code box:

 

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

 

Run OTL (Vista or Win 7 => right click and Run As Administrator)

 

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

 

Select the All option in the Extra Registry group then Run Scan.

 

You should get two logs.  Please copy and paste both of them.

[RKinner]

Probably just paranoid but we can check:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

click on the Addition.txt box. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

 

 

 

Download OTL from

http://www.geekstogo...timers-list-it/

and Save it to your desktop.

 

Copy the text in the code box:

 

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

 

Run OTL (Vista or Win 7 => right click and Run As Administrator)

 

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

 

Select the All option in the Extra Registry group then Run Scan.

 

You should get two logs.  Please copy and paste both of them.