Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

allinfree.net - Warned by Google Chrome Visiting for Every Website aft

Started by Phebotalus , Jan 16 2012 11:03 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 17 January 2012 - 03:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes click the remove and I will run a sweep with OTL to ensure they have gone. Looks like I will have to install Chrome to see how it works

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agmhonoepgcnakccfpidhjehlocaeaaj
    C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#17
Phebotalus
Posted 17 January 2012 - 08:29 PM

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ran the fix in Safe Mode to not get any errors as per the first time this was done (not having access to host file).

Noticed that the computer is still running extremely slowly upon start up after this (boot time is quite extended still), as well as when entering the actual desktop. Again I'm not sure if this is the Malware doing this or something else, as the computer only started running slowly when I tried running GMER to obtain a log and the computer froze and crash. Before this, the redirects were happening, but the computer seemed to be running at normal speed.

Performed the scan in normal Windows mode:



OTL logfile created on: 1/17/2012 8:55:08 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Leo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 72.94% Memory free
3.35 Gb Paging File | 2.85 Gb Available in Paging File | 85.11% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 16.38 Gb Free Space | 8.63% Space Free | Partition Type: NTFS

Computer Name: NOAM | User Name: Leo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Leo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_65186d77\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_27d12aac\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a1bf9796\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6ce6231c\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_1983c408\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll ()
MOD - C:\WINDOWS\system32\CTMMACTL.DLL ()
MOD - C:\WINDOWS\system32\PRTMATE.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (bckwfs) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe (Blue Coat Systems, Inc.)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (bckd) -- C:\WINDOWS\system32\drivers\bckd.sys (Blue Coat Systems, Inc.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/09 13:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/09 13:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/20 18:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/11 10:48:35 | 000,000,000 | ---D | M]

[2010/02/18 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Extensions
[2010/02/18 10:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions
[2009/09/02 13:37:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/28 19:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/12/12 18:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}-trash
[2009/11/28 19:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\staged-xpis
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Documents and Settings\Leo\Application Data\Mozilla\Firefox\Profiles\ef14bxg8.default\extensions\wecarereminder@bryan
[2009/12/23 22:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Search = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: Gmail = C:\Documents and Settings\Leo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/17 17:06:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\Leo\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Registration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....026/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1158077826781 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://www.cramster....nt/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15026/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Leo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/12 10:05:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 17:06:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/17 16:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leo\Desktop\GooredFix Backups
[2012/01/17 16:36:20 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Leo\Desktop\GooredFix.exe
[2012/01/17 15:15:05 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leo\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/17 13:21:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/17 13:17:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/17 13:17:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/17 13:17:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/17 13:17:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/17 13:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/17 13:17:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/17 13:15:56 | 004,386,439 | R--- | C] (Swearware) -- C:\Documents and Settings\Leo\Desktop\ComboFix.exe
[2012/01/16 18:17:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 18:16:07 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Leo\Desktop\aswMBR.exe
[2012/01/16 11:39:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leo\Desktop\OTL.exe
[2012/01/15 16:56:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Leo\Desktop\dds.scr
[2012/01/14 18:32:42 | 009,027,648 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Leo\Desktop\McAffee Stinger.exe
[2012/01/07 17:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/01/02 12:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/12/20 00:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
[2011/12/20 00:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Blue Coat K9 Web Protection
[2011/12/20 00:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2005/12/08 10:52:08 | 000,010,240 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe
[2005/06/18 01:04:56 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2012/01/17 20:15:10 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-448539723-725345543-1004UA.job
[2012/01/17 18:15:03 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-448539723-725345543-1004Core.job
[2012/01/17 17:21:15 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10211102}.CDF
[2012/01/17 17:14:47 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/17 17:12:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/17 17:06:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/01/17 17:00:09 | 000,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/17 17:00:09 | 000,030,600 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/17 17:00:09 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/17 17:00:09 | 000,029,604 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/17 17:00:09 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000005-00001102-00000008-10211102}.rfx
[2012/01/17 16:32:24 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Leo\Desktop\GooredFix.exe
[2012/01/17 15:15:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/17 15:11:00 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leo\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/17 13:22:06 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012/01/17 12:53:26 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000005-00001102-00000008-10211102}.BAK
[2012/01/17 12:48:30 | 004,386,439 | R--- | M] (Swearware) -- C:\Documents and Settings\Leo\Desktop\ComboFix.exe
[2012/01/16 20:57:24 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\MBR.dat
[2012/01/16 18:12:12 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Leo\Desktop\aswMBR.exe
[2012/01/16 11:23:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leo\Desktop\OTL.exe
[2012/01/15 20:38:32 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Word 2003.lnk
[2012/01/15 17:17:51 | 004,423,382 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\google_warning.bmp
[2012/01/15 16:57:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\gmer.exe
[2012/01/15 16:56:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Leo\Desktop\dds.scr
[2012/01/15 00:03:42 | 002,159,983 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.rar
[2012/01/14 21:47:38 | 000,000,062 | RH-- | M] () -- C:\Documents and Settings\Leo\Desktop\stinger.opt
[2012/01/14 18:33:05 | 009,027,648 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Leo\Desktop\McAffee Stinger.exe
[2012/01/14 07:08:28 | 000,226,304 | ---- | M] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 22:56:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/07 17:23:00 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/07 01:17:05 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Leo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/07 01:17:04 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Google Chrome.lnk
[2012/01/04 16:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/02 12:19:22 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Project 2007.lnk
[2011/12/30 01:47:01 | 000,527,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/30 01:47:01 | 000,096,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/21 13:18:41 | 000,255,950 | ---- | M] () -- C:\Documents and Settings\Leo\My Documents\chrome_bookmarks.html
[2011/12/19 13:59:22 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/12/19 13:59:21 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/12/19 13:59:20 | 000,494,816 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/12/19 13:59:19 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/12/19 13:58:56 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/12/19 13:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/12/19 12:56:55 | 000,016,663 | ---- | M] () -- C:\Documents and Settings\Leo\Desktop\TA duties DDAH.PDF

========== Files Created - No Company Name ==========

[2012/01/17 13:22:06 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012/01/17 13:21:59 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/17 13:17:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/17 13:17:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/17 13:17:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/17 13:17:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/17 13:17:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/16 20:57:24 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\MBR.dat
[2012/01/15 17:17:47 | 004,423,382 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\google_warning.bmp
[2012/01/15 00:05:42 | 002,159,886 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.pdf
[2012/01/15 00:03:28 | 002,159,983 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\InfluencePsychologyPersuasion.rar
[2012/01/14 21:47:38 | 000,000,062 | RH-- | C] () -- C:\Documents and Settings\Leo\Desktop\stinger.opt
[2012/01/13 12:50:58 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 17:23:00 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/01/04 16:25:42 | 000,002,485 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\Microsoft Office Project 2007.lnk
[2011/12/21 13:18:41 | 000,255,950 | ---- | C] () -- C:\Documents and Settings\Leo\My Documents\chrome_bookmarks.html
[2011/12/19 12:56:57 | 000,016,663 | ---- | C] () -- C:\Documents and Settings\Leo\Desktop\TA duties DDAH.PDF
[2011/06/01 22:27:37 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/02/19 21:27:54 | 003,614,370 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-436374069-448539723-725345543-1004-0.dat
[2011/02/19 21:27:53 | 000,251,838 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/27 23:16:34 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/27 23:16:30 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/27 23:16:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/16 23:33:11 | 001,382,264 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/20 19:23:07 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2010/01/30 15:52:27 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/05/27 23:06:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/05/04 11:39:24 | 000,000,560 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/05/04 11:39:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/05/04 11:32:28 | 000,053,630 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2009/05/04 11:32:28 | 000,002,037 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/03 18:47:56 | 000,035,382 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008/12/21 00:03:02 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/10/10 14:15:43 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/09/17 08:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/04 20:02:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/05 21:19:38 | 000,220,160 | ---- | C] () -- C:\WINDOWS\PRINTERS.EXE
[2008/04/05 21:19:38 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\PRTMATE.DLL
[2008/03/02 01:10:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008/02/01 07:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/12/11 21:23:11 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/12/11 21:23:11 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/12/02 13:43:00 | 000,000,057 | ---- | C] () -- C:\WINDOWS\CATT2.INI
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/14 20:22:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2007/08/14 20:22:39 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2007/08/05 17:20:00 | 000,000,601 | ---- | C] () -- C:\WINDOWS\Sin_Setup.INI
[2007/06/24 20:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/03 10:22:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
[2007/06/03 10:22:06 | 000,000,508 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DAT
[2007/05/05 23:07:21 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/05 23:07:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\4319F7B84B.sys
[2007/04/12 07:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 11:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 11:32:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\psconv.exe
[2007/04/09 11:24:30 | 000,046,273 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2007/04/09 11:19:18 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe
[2006/10/27 10:41:06 | 000,226,304 | ---- | C] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/14 23:50:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2006/09/14 23:49:53 | 000,000,551 | ---- | C] () -- C:\WINDOWS\Qiii.INI
[2006/09/14 19:14:07 | 000,640,957 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/09/14 19:14:07 | 000,000,805 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/09/14 17:52:55 | 000,050,410 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini
[2006/09/14 16:35:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/12 19:26:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/12 17:50:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/12 17:49:29 | 000,517,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/09/12 10:39:10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/09/12 10:28:43 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/09/12 10:25:17 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Leo\Local Settings\Application Data\fusioncache.dat
[2006/09/12 10:07:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/12 10:03:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,527,380 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,096,728 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/08 11:24:52 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/12/08 11:06:14 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2005/12/08 10:59:34 | 000,293,747 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2005/12/08 10:54:38 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe
[2005/12/08 10:54:20 | 000,149,838 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2005/12/08 10:52:38 | 000,274,587 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat
[2005/12/08 10:52:30 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2005/12/08 10:52:30 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2005/12/08 10:52:12 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2005/12/08 10:52:12 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003/03/21 16:56:12 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2001/03/29 01:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/12/22 02:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/04/13 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bell
[2007/05/09 21:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/01/06 12:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/01/11 16:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/11/09 21:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/05/23 13:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/11/23 22:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/10/02 15:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thomson.ResearchSoft.Installers
[2008/05/01 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/12/20 00:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2010/01/02 00:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Auslogics
[2010/12/30 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Azureus
[2009/04/13 19:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Bell
[2009/01/05 17:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Bioshock
[2011/05/23 14:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Blackberry Desktop
[2008/12/24 00:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Command & Conquer 3 Kane's Wrath
[2008/12/21 19:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Command & Conquer 3 Tiberium Wars Demo
[2011/03/22 21:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\CoreFTP
[2009/01/06 12:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools
[2009/04/25 19:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools Lite
[2009/01/06 12:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DAEMON Tools Pro
[2006/09/14 15:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Dev-Cpp
[2010/12/23 14:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Dropbox
[2008/03/02 01:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\DWGeditor
[2011/10/02 16:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\EndNote
[2008/01/25 20:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\FileOpen
[2008/03/31 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Moyea
[2009/12/12 17:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Nitro PDF
[2011/02/19 14:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Nvu
[2007/08/07 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Opera
[2011/12/19 03:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\PrimoPDF
[2009/01/06 13:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Red Alert 3
[2008/12/21 20:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Red Alert 3 Demo
[2011/05/23 13:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Research In Motion
[2009/12/27 21:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\runic games
[2009/12/20 14:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Smart Recorder
[2010/02/18 10:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Thunderbird
[2012/01/14 22:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\uTorrent
[2011/04/24 12:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Windows Desktop Search
[2011/10/10 19:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leo\Application Data\Windows Search

========== Purity Check ==========



< End of report >
  • 0

#18
Essexboy
Posted 18 January 2012 - 03:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets clear my tools and then attack the speed - let me know how it runs on completion of this, run in normal mode please

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)

    :Commands
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#19
Phebotalus
Posted 19 January 2012 - 12:22 AM

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks for all your help Essexboy, glad to know it's clean!! :)

Unfortunately the computer is still slugging along. Again, it happened after a freeze and BSOD then re-start after trying to run GMER. Other than that, I don't know if there's any other information I can provide.

Any thoughts on how to proceed?
  • 0

#20
Essexboy
Posted 19 January 2012 - 04:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run the OTL cleanup and that will remove the traces of GMER

This does sometimes happen with the GMER programme as all systems are different

After the cleanup then defragment the drive and let me know how it is behaving
  • 0

#21
Essexboy
Posted 22 January 2012 - 06:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#22
Essexboy
Posted 22 January 2012 - 03:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Continuing
  • 0

#23
Phebotalus
Posted 22 January 2012 - 03:23 PM

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK, OTL clean was run before.

Defragmented the hard drive using AusLogics Disk Defrag, it took over 50 hours. It finished, but the computer is still running at a snail's pace.

Any ideas of how to proceed?
  • 0

#24
Essexboy
Posted 22 January 2012 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok download the startup control panel from here select the standalone.exe
Install the programme
Go to Control Panel where you will find the startup control
Run the programme and following the guide on the download page disable everything except for the antivirus
Reboot and let me know if that makes a difference

With the defrag taking so long I would assume that the disc was severely fragmented
  • 0

#25
Phebotalus
Posted 22 January 2012 - 05:36 PM

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
No real difference. Start-up took just as long or even longer, then when getting to the desktop loading the start-up programs was maybe a minute faster.
  • 0

Advertisements

#26
Essexboy
Posted 23 January 2012 - 01:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It may be a conflict with Avira and Commodo - are you using the Commod antivirus element ?
  • 0

#27
Phebotalus
Posted 23 January 2012 - 01:29 PM

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
No, I specifically only installed the Firewall suite. They've been working fine together for years so I doubt that's the issue.

Do you think the hard drive, physically, is starting to go, and slow down? The computer's about five years old now. But at the same time, I find it weird that this would happen now coincidentally. Though again, even with whatever Malware was installed, the computer was running at normal speeds. It was only after the failed GMER scan that it started behaving like this.
  • 0

#28
Essexboy
Posted 23 January 2012 - 01:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will have a nose around and see what I can find out - but all the GMER drivers are removed
  • 0

#29
Essexboy
Posted 25 January 2012 - 03:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Have you run a chkdisc recently ?
  • 0

#30
Phebotalus
Posted 25 January 2012 - 03:12 PM

Phebotalus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
No. How do I go about doing that?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP