Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
17 replies to this topic

#1 hellopleasehelp

hellopleasehelp

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 25 August 2013 - 03:23 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:36:01 PM, on 8/25/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 23.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\prime op\My Documents\SuperCog\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTSyncService] "C:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe" /StartRunKey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-21-1844237615-1417001333-839522115-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1321513932607
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10336 bytes
 

 



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 28 August 2013 - 09:37 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 hellopleasehelp

hellopleasehelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 August 2013 - 12:45 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by prime op (administrator) on 29-08-2013 10:29:35
Running from C:\Documents and Settings\prime op\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
(Creative Technology Ltd) C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Creative Technology Ltd) C:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Macrovision Europe Ltd.) C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
() C:\WINDOWS\system32\PnkBstrA.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1040384 2008-03-16] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [884736 2008-03-24] (Analog Devices, Inc.)
HKLM\...\Run: [VolPanel] - C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [221288 2008-02-11] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [CTSyncService] - C:\Program Files\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe [1233196 2008-04-17] (Creative Technology Ltd)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15668512 2013-03-14] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\System32\NvMCTray.dll [223008 2013-03-14] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-03-14] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)
HKU\Administrator.VELOTRAN-BE6710\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
ShortcutTarget: hp psc 2000 Series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
ShortcutTarget: hpoddt01.exe.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=050613&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=050613&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {3C480B9E-BED6-484B-BC7C-363E86D0FEF4} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 68.87.69.146

FireFox:
========
FF ProfilePath: C:\Documents and Settings\prime op\Application Data\Mozilla\Firefox\Profiles\zyob18xk.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\prime op\Application Data\Mozilla\Firefox\Profiles\zyob18xk.default\searchplugins\bingp.xml
FF Extension: DownloadHelper - C:\Documents and Settings\prime op\Application Data\Mozilla\Firefox\Profiles\zyob18xk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: tinyurl.addon - C:\Documents and Settings\prime op\Application Data\Mozilla\Firefox\Profiles\zyob18xk.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi
FF Extension: No Name - C:\Documents and Settings\prime op\Application Data\Mozilla\Firefox\Profiles\zyob18xk.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

========================== Services (Whitelisted) =================

R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-07-10] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-11-16] (Creative Labs)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]

==================== Drivers (Whitelisted) ====================

R3 AmbFilt; C:\Windows\System32\drivers\Ambfilt.sys [1683712 2008-02-13] (Creative)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-01] (DT Soft Ltd)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42648 2011-09-01] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12184 2011-09-01] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [150568 2008-06-10] (Marvell Semiconductor, Inc.)
R3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [288896 2008-04-29] (Marvell)
S4 IntelIde; No ImagePath
S3 USBPNPA; system32\drivers\CM108.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 10:24 - 2013-08-29 10:25 - 00019404 _____ C:\Documents and Settings\prime op\Desktop\Addition.txt
2013-08-29 10:23 - 2013-08-29 10:23 - 00000000 ____D C:\FRST
2013-08-29 10:19 - 2013-08-29 10:20 - 01072975 _____ (Farbar) C:\Documents and Settings\prime op\Desktop\FRST.exe
2013-08-28 03:00 - 2013-08-28 03:00 - 00004367 _____ C:\WINDOWS\KB2834902-v2.log
2013-08-28 03:00 - 2013-08-28 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$
2013-08-25 17:49 - 2013-08-25 17:49 - 00022328 _____ C:\Documents and Settings\Administrator.VELOTRAN-BE6710\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-08-25 13:51 - 2013-08-25 13:51 - 00000000 ____D C:\Documents and Settings\Administrator.VELOTRAN-BE6710\Application Data\Malwarebytes
2013-08-25 13:50 - 2013-08-26 09:45 - 00000178 ___SH C:\Documents and Settings\Administrator.VELOTRAN-BE6710\ntuser.ini
2013-08-25 13:50 - 2013-08-25 13:50 - 00000000 ____D C:\Documents and Settings\Administrator.VELOTRAN-BE6710
2013-08-25 13:50 - 2013-07-10 03:07 - 00000000 __SHD C:\Documents and Settings\Administrator.VELOTRAN-BE6710\IETldCache
2013-08-25 13:50 - 2011-11-23 21:33 - 00000000 ____D C:\Documents and Settings\Administrator.VELOTRAN-BE6710\Application Data\Macromedia
2013-08-23 15:52 - 2013-08-23 15:52 - 00000000 ____D C:\Documents and Settings\prime op\Application Data\DDMSettings
2013-08-23 11:12 - 2013-08-23 15:49 - 00001485 _____ C:\Documents and Settings\prime op\Desktop\DivX Movies.lnk
2013-08-23 11:12 - 2013-08-23 15:49 - 00000824 _____ C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
2013-08-23 11:12 - 2013-08-23 15:49 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
2013-08-23 11:09 - 2013-08-23 12:16 - 00000000 _____ C:\END
2013-08-19 10:57 - 2013-08-19 10:57 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache
2013-08-16 21:47 - 2013-08-17 01:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-14 03:12 - 2013-08-14 03:12 - 00012273 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-14 03:05 - 2013-08-14 03:05 - 00005136 _____ C:\WINDOWS\KB2863058.log
2013-08-14 03:05 - 2013-08-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 03:05 - 2013-08-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 03:05 - 2013-08-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 03:05 - 2013-08-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-13 13:09 - 2013-08-14 03:05 - 00010580 _____ C:\WINDOWS\KB2859537.log
2013-08-13 13:09 - 2013-08-14 03:05 - 00009803 _____ C:\WINDOWS\KB2850869.log
2013-08-13 05:14 - 2013-08-13 05:15 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\illuminature
2013-08-04 09:44 - 2013-08-04 09:44 - 00001922 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-08-04 09:17 - 2013-08-04 09:17 - 00000000 ____D C:\Documents and Settings\prime op\Desktop\Unused Desktop Shortcuts

==================== One Month Modified Files and Folders =======

2013-08-29 10:27 - 2013-08-29 10:27 - 00000000 ____D C:\Documents and Settings\prime op\Desktop\FRST
2013-08-29 10:25 - 2013-08-29 10:24 - 00019404 _____ C:\Documents and Settings\prime op\Desktop\Addition.txt
2013-08-29 10:23 - 2013-08-29 10:23 - 00000000 ____D C:\FRST
2013-08-29 10:23 - 2011-11-14 20:08 - 00000000 ____D C:\Documents and Settings\prime op\Application Data\vlc
2013-08-29 10:20 - 2013-08-29 10:19 - 01072975 _____ (Farbar) C:\Documents and Settings\prime op\Desktop\FRST.exe
2013-08-29 10:16 - 2013-02-18 23:41 - 00005810 _____ C:\WINDOWS\system32\nvAppTimestamps
2013-08-29 10:16 - 2013-01-15 10:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-29 10:14 - 2011-11-19 05:44 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\SuperSurvive
2013-08-29 09:43 - 2013-07-12 20:38 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 07:09 - 2011-11-09 17:55 - 02061893 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-29 06:58 - 2013-03-05 11:46 - 00000424 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2013-08-29 06:55 - 2012-06-22 22:33 - 00000000 ____D C:\Program Files\Steam
2013-08-29 06:53 - 2013-07-12 20:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-29 06:53 - 2011-11-09 17:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-29 06:53 - 2011-11-09 09:46 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-29 06:53 - 2011-11-09 09:46 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-29 02:31 - 2011-11-09 17:59 - 00032506 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-29 02:30 - 2011-11-30 22:50 - 00000000 ____D C:\Documents and Settings\prime op\Application Data\uTorrent
2013-08-29 02:30 - 2011-11-09 18:03 - 00000278 ___SH C:\Documents and Settings\prime op\ntuser.ini
2013-08-29 01:42 - 2012-05-01 11:58 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-08-28 18:57 - 2012-04-12 02:14 - 00447925 _____ C:\WINDOWS\setupapi.log
2013-08-28 13:05 - 2013-06-02 04:08 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\FEM9
2013-08-28 03:00 - 2013-08-28 03:00 - 00004367 _____ C:\WINDOWS\KB2834902-v2.log
2013-08-28 03:00 - 2013-08-28 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834902-v2_WM10$
2013-08-28 03:00 - 2011-11-09 09:42 - 01773627 _____ C:\WINDOWS\FaxSetup.log
2013-08-28 03:00 - 2011-11-09 09:42 - 00854054 _____ C:\WINDOWS\ocgen.log
2013-08-28 03:00 - 2011-11-09 09:42 - 00679702 _____ C:\WINDOWS\tsoc.log
2013-08-28 03:00 - 2011-11-09 09:42 - 00483287 _____ C:\WINDOWS\comsetup.log
2013-08-28 03:00 - 2011-11-09 09:42 - 00291078 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-28 03:00 - 2011-11-09 09:42 - 00281142 _____ C:\WINDOWS\iis6.log
2013-08-28 03:00 - 2011-11-09 09:42 - 00088780 _____ C:\WINDOWS\msgsocm.log
2013-08-28 03:00 - 2011-11-09 09:42 - 00078680 _____ C:\WINDOWS\ocmsn.log
2013-08-28 03:00 - 2011-11-09 09:42 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-28 02:37 - 2011-11-18 02:10 - 00282296 _____ C:\WINDOWS\system32\PnkBstrB.xtr
2013-08-28 02:37 - 2011-11-18 01:39 - 00282296 _____ C:\WINDOWS\system32\PnkBstrB.exe
2013-08-28 02:37 - 2011-11-18 01:39 - 00139048 _____ C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2013-08-27 23:18 - 2011-11-14 20:21 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-08-27 23:18 - 2011-11-10 00:45 - 00247808 _____ C:\Documents and Settings\prime op\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-27 11:51 - 2006-02-28 05:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-27 05:44 - 2011-11-18 01:39 - 00282296 _____ C:\WINDOWS\system32\PnkBstrB.ex0
2013-08-27 04:27 - 2011-12-06 03:16 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\SelfPower
2013-08-27 01:54 - 2012-01-12 20:52 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\SunLove
2013-08-26 18:11 - 2012-11-21 18:17 - 00000000 ____D C:\Crash
2013-08-26 09:46 - 2012-05-13 02:38 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2013-08-26 09:45 - 2013-08-25 13:50 - 00000178 ___SH C:\Documents and Settings\Administrator.VELOTRAN-BE6710\ntuser.ini
2013-08-26 01:55 - 2012-06-11 14:17 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\MysticWarrior
2013-08-25 17:49 - 2013-08-25 17:49 - 00022328 _____ C:\Documents and Settings\Administrator.VELOTRAN-BE6710\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-08-25 16:19 - 2011-12-08 05:33 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\DriveSport
2013-08-25 13:51 - 2013-08-25 13:51 - 00000000 ____D C:\Documents and Settings\Administrator.VELOTRAN-BE6710\Application Data\Malwarebytes
2013-08-25 13:50 - 2013-08-25 13:50 - 00000000 ____D C:\Documents and Settings\Administrator.VELOTRAN-BE6710
2013-08-25 13:37 - 2011-11-17 05:55 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\SuperCog
2013-08-24 23:17 - 2011-12-01 05:12 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\BookCog
2013-08-24 23:15 - 2011-11-21 00:54 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\ThingKs
2013-08-24 10:37 - 2011-11-10 00:49 - 00022328 _____ C:\Documents and Settings\prime op\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-08-24 10:36 - 2011-11-09 09:39 - 00138056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-23 15:52 - 2013-08-23 15:52 - 00000000 ____D C:\Documents and Settings\prime op\Application Data\DDMSettings
2013-08-23 15:49 - 2013-08-23 11:12 - 00001485 _____ C:\Documents and Settings\prime op\Desktop\DivX Movies.lnk
2013-08-23 15:49 - 2013-08-23 11:12 - 00000824 _____ C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
2013-08-23 15:49 - 2013-08-23 11:12 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
2013-08-23 15:49 - 2013-02-08 13:05 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2013-08-23 15:49 - 2013-02-08 13:03 - 00000000 ____D C:\Program Files\DivX
2013-08-23 15:49 - 2013-02-08 13:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2013-08-23 12:16 - 2013-08-23 11:09 - 00000000 _____ C:\END
2013-08-23 03:07 - 2011-11-19 05:45 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\MustEatTV
2013-08-22 15:22 - 2011-11-09 18:03 - 00000000 ____D C:\Documents and Settings\prime op
2013-08-22 15:09 - 2012-01-22 03:50 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\People
2013-08-21 08:19 - 2012-12-14 08:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2013-08-21 02:16 - 2012-03-31 11:35 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-21 02:16 - 2011-11-17 05:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-20 22:08 - 2011-12-09 21:18 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\Absurdio
2013-08-20 22:07 - 2011-12-12 17:50 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\HomeSong
2013-08-19 10:57 - 2013-08-19 10:57 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache
2013-08-19 10:57 - 2013-05-06 13:48 - 00000000 ___RD C:\Program Files\Skype
2013-08-17 22:06 - 2012-07-02 20:57 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\StripPlease
2013-08-17 22:05 - 2011-11-23 08:04 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\Adventurama
2013-08-17 03:38 - 2012-04-24 23:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-17 01:59 - 2013-08-16 21:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 00:25 - 2011-11-19 02:05 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\MovieCog
2013-08-14 11:38 - 2011-12-10 22:42 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-14 03:12 - 2013-08-14 03:12 - 00012273 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-14 03:12 - 2013-07-21 19:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-14 03:12 - 2011-11-17 00:15 - 00211538 _____ C:\WINDOWS\updspapi.log
2013-08-14 03:12 - 2011-11-09 09:42 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-14 03:09 - 2011-11-17 00:43 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-14 03:06 - 2011-11-09 09:42 - 00588886 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-14 03:05 - 2013-08-14 03:05 - 00005136 _____ C:\WINDOWS\KB2863058.log
2013-08-14 03:05 - 2013-08-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 03:05 - 2013-08-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 03:05 - 2013-08-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 03:05 - 2013-08-14 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-14 03:05 - 2013-08-13 13:09 - 00010580 _____ C:\WINDOWS\KB2859537.log
2013-08-14 03:05 - 2013-08-13 13:09 - 00009803 _____ C:\WINDOWS\KB2850869.log
2013-08-14 03:05 - 2011-11-17 00:45 - 00032064 _____ C:\WINDOWS\system32\TZLog.log
2013-08-13 05:15 - 2013-08-13 05:14 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\illuminature
2013-08-07 02:49 - 2012-02-26 07:56 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\PublicModel
2013-08-06 18:46 - 2012-01-17 04:30 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\Games
2013-08-05 22:25 - 2012-11-12 02:50 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\Animals
2013-08-04 09:44 - 2013-08-04 09:44 - 00001922 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-08-04 09:44 - 2013-07-12 20:38 - 00000000 ____D C:\Program Files\Google
2013-08-04 09:17 - 2013-08-04 09:17 - 00000000 ____D C:\Documents and Settings\prime op\Desktop\Unused Desktop Shortcuts
2013-08-03 12:36 - 2013-02-08 13:00 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\VideoCog
2013-08-03 01:39 - 2011-12-24 11:55 - 00000000 ____D C:\Documents and Settings\prime op\Application Data\dvdcss
2013-08-02 21:45 - 2011-11-19 21:55 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\RandomGadgets
2013-07-31 19:26 - 2006-02-28 05:00 - 00868528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmvdmod.dll
2013-07-31 19:26 - 2006-02-28 05:00 - 00868528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmvdmod.dll
2013-07-30 22:52 - 2011-11-29 02:36 - 00000000 ____D C:\Documents and Settings\prime op\My Documents\TurboDate

Files to move or delete:
====================
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\AskSLib.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\BingBarSetup-Partner.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\DivXSetup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\DWPUpgradeInstaller.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\PCCheckupInstaller.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\SecurityScan_Release.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\SkypeSetup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\WdfCoInstaller01009.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\_is3.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\_isC0.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\_isDBF.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\_UNCm108rm.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{BD032B47-117F-4F76-B6EE-F0A2F93EA031}\InstallFlashPlayer.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{AC65D3CC-806E-4DAA-AC0E-DC3DF589C8F6}\setup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{A7AEC191-3FE2-4BDB-9A6E-6620DA73FDCE}\{A53D0C88-663A-4340-9260-A508C02240D3}\SyncService.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{A4B0850F-3C83-45F6-B5D7-AE589B4F74D3}\ISSetup.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{A4B0850F-3C83-45F6-B5D7-AE589B4F74D3}\_Setup.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{73BFF9C3-6C80-41D4-8880-DBAA3C337445}\InstallFlashPlayer.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{70EA2A81-12FC-406A-A589-A7A63A8015B2}\_Setup.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{6D9B879E-782B-42FC-98D1-61813D5AE76C}\{34886F85-EF53-425F-B7EC-2B361B6208CC}\HADetect\Setup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{1ACA0883-CAF6-4C64-AC4D-13AE28808A01}\ISSetup.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\{1ACA0883-CAF6-4C64-AC4D-13AE28808A01}\_Setup.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\PCCUStubInstaller\SymcPCCUInstaller.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\nsu17AA\Helper.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\lu\1_spp_10000a1.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\lu\sp_10032_5_setpoint_logitech_32.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\lu\sp_20032_6_unifying_logitech_32.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\lu\sp_30032_3a_redistr32_logitech_32.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\lu\sp_40032_7a_lu_logitech_32.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Logitech\SetPointSI_1\MSetup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Logitech\SetPointSI_1\Setup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Logitech\SetPointSI_1\SetupDll.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Logitech\SetPointSI_1\tools\Expr_Dll.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Logitech\SetPointSI_1\tools\SetClean.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Logitech\SetPointSI_1\6-Unifying\setup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Logitech\SetPointSI_1\5-SetPoint\Setup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\Logitech\SetPointSI_1\2-Install\setup.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\IXP000.TMP\VCREDI~3.EXE
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\DB.dir\InstallFlashPlayer.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\2.dir\InstallFlashPlayer.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\GoogleEarth.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\icudt.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\Leap.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemyext.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\earthps.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\icudt.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGCore.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGGfx.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGMath.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGOpt.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGSg.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\IGUtils.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\Leap.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtCore4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtGui4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
C:\DOCUME~2\PRIMEO~1\LOCALS~1\Temp\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 29 August 2013 - 05:46 PM

Please do this next:

icon11.gif  Go to this page and download Malwarebytes Anti-Rootkit (MBAR)

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe.  Please post those for me to review.

Please include the following in your next post:
  • MBAR log(s)


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 hellopleasehelp

hellopleasehelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 August 2013 - 07:21 PM

Hello, 

 

The results of MBAR scan: 

 

"Scan Finished: No malware found!"

 

I was unable to locate any logs.

 

Why has my computer recently began running so sluggishly ?

 

Thanks



#6 hellopleasehelp

hellopleasehelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 August 2013 - 11:40 PM

Hello,

 

MBAR results:   no malware found!

 

(I could not find any logs to send)

 

Why has my computer recently started being so sluggish, and btw my computer just crashed & restarted by itself, and sporting a Blue Screen warning/info url/page displayed via Firefox

 

btw, the congestion/clog-up seems to start/show-up in context of Firefox ... and often Firefox finally locks up

 

????  

 

Thanks



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 30 August 2013 - 08:52 AM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 hellopleasehelp

hellopleasehelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 30 August 2013 - 11:55 AM

Hello,

 

I was unable to paste ComboFix.txt ... so I added it as attachment

 

Thanks

Attached Files



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 30 August 2013 - 01:45 PM

Please do this next:

icon11.gif   Download AdwCleaner from  here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

icon11.gif   Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please include the following in your next post:

  • adwCleaner log
  • JRT log

Edited by RPMcMurphy, 30 August 2013 - 01:46 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 hellopleasehelp

hellopleasehelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 01 September 2013 - 06:53 PM

here they are

 

thanks ;-)

Attached Files



#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 02 September 2013 - 08:38 AM

How is it running now?  Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:

  • How is the computer running now?
  • ESET log

Edited by RPMcMurphy, 02 September 2013 - 08:38 AM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 hellopleasehelp

hellopleasehelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 05 September 2013 - 04:31 PM

ESET found 4 items

 

and, yes my computer is running better. Thanks for asking!  ;-)

 

however, I would also like to submit a follow-up report after a few days use please.

 

Thanks  ;-)

 

 

ps ~  I think it's probably time to re-install my OS?

 

 (I am planning to go from XP to Win7 64 and from 2gigs ram to 8gigs or 16gigs ram)

 

comments?

Attached Files

  • Attached File  eset.txt   627bytes   1 downloads


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 05 September 2013 - 09:55 PM

Navigate to this file and delete it:  C:\Documents and Settings\prime op\My Documents\Downloads\Thomas_Paine_-_Common_Sense.exe

 

Those other detections were flagged because they are considered adware, install toolbars or have other unclear objectives.  If you no longer want those apps, uninstall them via Control Panel > Programs > Uninstall a program.

 

Go ahead and use it normally for a day or two and report back.  I think you will like Win7.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 hellopleasehelp

hellopleasehelp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 06 September 2013 - 02:30 PM

howdy,

I've already deleted all 4 items found by ESET.

 

btw, do you think 8gigs of ram is enough, or do you think I would notice a noticeable performance advantage of 16gigs instead of just 8gigs ram?

 

thanks  ;-)



#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 07 September 2013 - 10:05 AM

I'd suggest you post your RAM question in our Questions and Advice for Buying a New Computer forum.  Personally, I'd think 8 GB would be fine depending on the types of applications you use.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users