Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pc is slow /unresponsive scripts error.

Started by sicilian , Sep 17 2011 02:38 PM

  • This topic is locked This topic is locked

#91
Render
Posted 26 September 2011 - 12:32 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Please access this site with Internet Explorer.

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Click on the Browse button near "Suspicious files to scan" box on the top of the page and navigate to the file below:

    • C:\Program Files\mozilla firefox\plugins\snpnul32.dll
  • Click on Open and then on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

Advertisements

#92
sicilian
Posted 26 September 2011 - 12:46 PM

sicilian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
it wont let me click copy to clip board? I have a red x in top left corner of the box "copy to clipboard" Im also getting adobe flash pop ups to install? I just closed it. Should i install adobe flash? It does say note above copy to clipboard Note:
"This file has been scanned before. Therefore, this file's scan result will not be stored in the database."

but its finished and there is no option to rescan.

Edited by sicilian, 26 September 2011 - 12:52 PM.

  • 0

#93
Render
Posted 26 September 2011 - 12:59 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Don't install Flash yet.

Please using Windows Explorer copy this file to your desktop:

C:\Program Files\mozilla firefox\plugins\snpnul32.dll

Then right click on it and select Send to and then click on Compressed (zipped) folder.
Please attach this zipped file in your next reply here.
  • 0

#94
sicilian
Posted 26 September 2011 - 01:10 PM

sicilian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
okay here is the zip attachment...

Attached Files


  • 0

#95
Render
Posted 26 September 2011 - 01:22 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It seems clean but anyway proceed with this fix and fresh OTL scan please:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[2011/09/02 20:00:31 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\snpnul32.dll
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#96
sicilian
Posted 26 September 2011 - 01:44 PM

sicilian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
okay for some reason a bunch of files or something, appeared on my desktop. About 8 album art.jpg, something called desktop.ini and photothumb.db. I can make a screenshot and circle the ones that appeared. Here are my logs.

All processes killed
========== OTL ==========
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff not found.
C:\Program Files\Mozilla Firefox\plugins\snpnul32.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Josh Grassi\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Josh Grassi\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Josh Grassi
->Temp folder emptied: 588264 bytes
->Temporary Internet Files folder emptied: 4644483 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Josh Grassi
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.29.1 log created on 09262011_153305

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



________QUICK SCAN_____________________________


OTL logfile created on: 9/26/2011 3:36:06 PM - Run 6
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Josh Grassi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 3.10 Gb Available Physical Memory | 88.48% Memory free
5.34 Gb Paging File | 5.08 Gb Available in Paging File | 95.23% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 685.14 Gb Free Space | 98.07% Space Free | Partition Type: NTFS

Computer Name: JOSH-51E3862688 | User Name: Josh Grassi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/22 17:33:56 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Grassi\Desktop\OTL.exe
PRC - [2011/06/23 19:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 03:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/23 19:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/17 03:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/14 12:46:28 | 000,047,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/04/30 08:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 08:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 07:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/07/12 13:37:23 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/11/19 21:30:24 | 000,002,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\io02.sys -- (io02)
DRV - [2008/02/14 05:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 10:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/10/11 12:10:52 | 000,030,008 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff


O1 HOSTS File: ([2011/09/26 15:33:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1257537500812 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1BAE528-D7B1-42EB-A977-A3D86823FC2B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Josh Grassi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh Grassi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/06 15:45:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/24 19:38:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/24 18:34:48 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/09/24 18:34:48 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/09/24 18:34:48 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/09/24 17:55:32 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/09/24 14:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh Grassi\Desktop\cbs-log
[2011/09/22 19:36:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/22 17:33:55 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Josh Grassi\Desktop\OTL.exe
[2011/09/22 17:15:31 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Josh Grassi\Desktop\aswMBR.exe
[2011/09/22 14:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/09/22 14:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/21 17:32:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Josh Grassi\IECompatCache
[2011/09/20 23:15:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Josh Grassi\PrivacIE
[2011/09/20 23:13:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Josh Grassi\IETldCache
[2011/09/20 23:10:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/09/20 23:08:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/09/17 18:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

========== Files - Modified Within 30 Days ==========

[2011/09/26 15:34:34 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/26 15:34:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/26 15:33:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/26 15:07:22 | 000,034,419 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\snpnul32.zip
[2011/09/26 12:37:33 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/09/24 20:28:56 | 000,481,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/24 20:28:56 | 000,079,862 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/24 20:24:20 | 000,107,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/24 20:16:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/24 20:12:37 | 002,002,997 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2011/09/24 19:52:13 | 000,035,693 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\.recently-used.xbel
[2011/09/24 18:39:10 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/09/24 17:54:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/09/24 17:54:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/09/24 17:54:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/09/24 17:54:47 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/09/24 17:52:58 | 000,023,332 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/09/24 17:51:44 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2011/09/24 17:50:14 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/09/24 17:43:45 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/09/24 17:43:45 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/09/24 17:43:36 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/09/24 14:03:18 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\cbs-log.zip
[2011/09/24 13:40:37 | 000,548,791 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/09/24 10:55:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/22 21:28:08 | 000,013,953 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\avptool_sysinfo.zip
[2011/09/22 20:36:53 | 098,211,704 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\setup_11.0.0.1245.x01_2011_09_23_03_11.exe
[2011/09/22 17:33:56 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh Grassi\Desktop\OTL.exe
[2011/09/22 17:32:11 | 000,000,497 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\MBR.zip
[2011/09/22 17:29:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\MBR.dat
[2011/09/22 17:15:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Josh Grassi\Desktop\aswMBR.exe
[2011/09/20 23:53:08 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\SNOOP_DOGG_MAFIA_WARS_ARMORED_TRUCK_EXPLOSION__ (2).lnk
[2011/09/20 23:53:08 | 000,000,535 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\Alfred John Pipino (2).lnk
[2011/09/20 23:53:08 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\autoexecbackup (2).lnk
[2011/09/20 23:53:00 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\SNOOP_DOGG_MAFIA_WARS_ARMORED_TRUCK_EXPLOSION__.lnk
[2011/09/20 23:53:00 | 000,000,535 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\Alfred John Pipino.lnk
[2011/09/20 23:53:00 | 000,000,535 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\14_Split_Your_Face.lnk
[2011/09/20 23:53:00 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\spqradmin.cfgoriginal.lnk
[2011/09/20 23:53:00 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Desktop\autoexec2.lnk
[2011/09/17 18:59:49 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/09/17 18:50:39 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/04 19:21:15 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Josh Grassi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/26 15:07:22 | 000,034,419 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\snpnul32.zip
[2011/09/24 19:52:13 | 000,035,693 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\.recently-used.xbel
[2011/09/24 17:55:54 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/09/24 17:55:47 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/09/24 17:55:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/09/24 17:55:34 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/09/24 17:40:44 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/09/24 17:40:44 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/09/24 17:40:44 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/09/24 17:40:44 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/09/24 17:40:44 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/09/24 17:40:44 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/09/24 17:40:44 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/09/24 17:40:44 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/09/24 17:40:44 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/09/24 17:40:44 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/09/24 17:40:44 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/09/24 17:40:44 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/09/24 17:40:44 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/09/24 17:40:44 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/09/24 17:40:43 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/09/24 17:40:43 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/09/24 17:40:43 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/09/24 17:40:43 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/09/24 14:03:21 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\cbs-log.zip
[2011/09/22 21:42:03 | 000,013,953 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\avptool_sysinfo.zip
[2011/09/22 20:36:53 | 098,211,704 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\setup_11.0.0.1245.x01_2011_09_23_03_11.exe
[2011/09/22 17:32:11 | 000,000,497 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\MBR.zip
[2011/09/22 17:27:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\MBR.dat
[2011/09/20 23:53:08 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\SNOOP_DOGG_MAFIA_WARS_ARMORED_TRUCK_EXPLOSION__ (2).lnk
[2011/09/20 23:53:08 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\Alfred John Pipino (2).lnk
[2011/09/20 23:53:08 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\autoexecbackup (2).lnk
[2011/09/20 23:53:00 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\SNOOP_DOGG_MAFIA_WARS_ARMORED_TRUCK_EXPLOSION__.lnk
[2011/09/20 23:53:00 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\Alfred John Pipino.lnk
[2011/09/20 23:53:00 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\14_Split_Your_Face.lnk
[2011/09/20 23:53:00 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\spqradmin.cfgoriginal.lnk
[2011/09/20 23:53:00 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Desktop\autoexec2.lnk
[2011/07/27 14:09:14 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/27 14:09:14 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/27 14:09:14 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/27 14:09:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/01/01 00:59:02 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Local Settings\Application Data\fusioncache.dat
[2010/12/31 23:50:08 | 000,068,276 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2010/12/31 23:50:08 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2010/10/18 21:09:11 | 000,068,963 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/10/18 21:09:11 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/07/12 13:35:10 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/11/12 18:41:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/08 00:10:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/10 12:33:16 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Application Data\setup_ldm.iss
[2009/02/05 16:03:32 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Josh Grassi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 20:24:21 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/22 17:19:15 | 000,000,435 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/11/19 21:30:24 | 000,002,688 | ---- | C] () -- C:\WINDOWS\System32\io02.sys
[2008/11/08 12:56:26 | 000,139,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/08 12:56:23 | 000,189,744 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2008/11/08 12:56:08 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2008/11/06 16:19:49 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/11/06 15:47:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/06 15:43:18 | 000,023,332 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/05 10:19:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/05 10:16:55 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,481,406 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,079,862 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/03/24 20:52:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2010/07/12 13:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/12 14:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/07/12 15:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/09 18:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/01/09 18:13:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/01/09 17:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Grassi\Application Data\Auslogics
[2008/11/10 23:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Grassi\Application Data\Canneverbe_Limited
[2011/09/24 19:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Grassi\Application Data\gtk-2.0
[2008/11/08 02:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Grassi\Application Data\Leadertech
[2011/02/10 21:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Grassi\Application Data\PhotoScape
[2009/01/09 18:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh Grassi\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >

Edited by sicilian, 26 September 2011 - 01:44 PM.

  • 0

#97
Render
Posted 26 September 2011 - 01:52 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes please make a screenshot and post it.

Now go here and download then install Firefox.
  • 0

#98
sicilian
Posted 26 September 2011 - 02:05 PM

sicilian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
okay - well, i have no idea what just happend here is the screenshot of the files that appeared inside yellow circle. However, after closing my paint up, and going back to my desktop they are gone? Also the file you had me copy and paste to my desktop snpnull32.dll is gone from the path but on my desktop? All i did was copy and paste it. But its gone from c:/programs/mozilla/plugins? Do you still want me to install firefox?

Attached Thumbnails

  • appeared on desktop.png

  • 0

#99
Render
Posted 26 September 2011 - 02:12 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes, install FF now.
  • 0

#100
Render
Posted 26 September 2011 - 02:19 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

But its gone from c:/programs/mozilla/plugins?

Yep, I deleted it.
  • 0

Advertisements

#101
sicilian
Posted 26 September 2011 - 02:25 PM

sicilian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
okay im installing FF, its asking me if i want to import options, bookmarks, history, passwords, and other data from: a)microsoft or b)dont import nothing. I usually click dont import anything is that ok?
  • 0

#102
Render
Posted 26 September 2011 - 02:29 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes.
  • 0

#103
sicilian
Posted 26 September 2011 - 02:33 PM

sicilian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
okay, installed, now did you want me to delete the .dll that u removed, theres 1 left on my desktop?
  • 0

#104
Render
Posted 26 September 2011 - 02:35 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes, you can delete it. And tell me what current problems are.
  • 0

#105
sicilian
Posted 26 September 2011 - 02:41 PM

sicilian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
should i go ahead and try this adobe plug in, that never would install in firefox? 1 thing i noticed when i start my pc, is stops at the black window, where the countdown begins for me to chose what to open. Windows xp professional, or system recovery. I have to either hit a key or let the clock run out.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP