Solved Problem with the process wmiprvse.exe

Toshiba / Satellite a100
May 8, 2014 at 09:49:50
Specs: Windows XP, x86 1995 MHz
What is this process: wmiprvse.exe and what is its function? I noticed that it consumes a lot of CPU speed and slows down the computer

See More: Problem with the process wmiprvse.exe

Report •

✔ Best Answer
May 8, 2014 at 23:14:23
2nd step: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

3rd step: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.



#1
May 8, 2014 at 12:16:37
If it is in the right place it is a valid Windows process (Windows Management Instrumentation).

However, as with any valid file, a bogus copy can be put in some other place and cause issues. Best run MalwareBytes on your computer to see if it finds anything. Get it from the green button top right here:
http://filehippo.com/download_malwa...

It often finds and fixes what your AV can miss. Please copy/paste its log on here.

Always pop back and let us know the outcome - thanks


Report •

#2
May 8, 2014 at 22:58:55
I already have the MBAM. I found 32 objects in the scan. Here is the log:


Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2014.05.08.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mulham :: MYTOSHIBA [administrator]

Protection: Enabled

5/9/2014 9:15:24 AM
MBAM-log-2014-05-09 (09-33-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238774
Time elapsed: 13 minute(s), 33 second(s)

Memory Processes Detected: 1
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 364 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 37
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\CLSID\{30f06672-0e95-41a9-80cb-dee386af99ad} (PUP.Optional.Outobox.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3042DF7A-E900-4389-9B94-923DF0DAA57E} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3042DF7A-E900-4389-9B94-923DF0DAA57E} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{58376892-60E7-4F63-ACA0-0F686AF554D6} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{58376892-60E7-4F63-ACA0-0F686AF554D6} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EB534FB-2001-45C4-B860-BC904865A379} (PUP.Optional.MindSpark.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EB534FB-2001-45C4-B860-BC904865A379} (PUP.Optional.MindSpark.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00AA00389B71} (Rogue.WinAntiVirus) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\Software\outobox (PUP.Optional.Outobox.A) -> No action taken.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken.
HKLM\Software\outobox (PUP.Optional.Outobox.A) -> No action taken.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.

Registry Values Detected: 4
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.23.0 -> No action taken.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {EC6977AC-118A-11DE-9ADD-0019D28AD62C} -> No action taken.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.23.0 -> No action taken.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {EC6977AC-118A-11DE-9ADD-0019D28AD62C} -> No action taken.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 5
C:\Program Files\Security Central (Rogue.SecurityCentral) -> No action taken.
C:\Documents and Settings\Mulham\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.

Files Detected: 22
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> No action taken.
C:\Documents and Settings\Mulham\Local Settings\Application Data\genienext\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Documents and Settings\Mulham\Desktop\Control Center.lnk (Rogue.ControlCenter) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\addon.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\amazon_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\DT.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\ebay_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\facebook_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\searchhere.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\search_here_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\twitter_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Documents and Settings\Mulham\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.

(end)


Report •

#3
May 8, 2014 at 23:10:46
" No action taken"
1st step Gentleman, is to check/tick all those & Delete.

message edited by Johnw


Report •

Related Solutions

#4
May 8, 2014 at 23:14:23
✔ Best Answer
2nd step: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

3rd step: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#5
May 9, 2014 at 11:56:07
The objects were deleted already. This is the log from JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Mulham on Fri 05/09/2014 at 19:54:35.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

Failed to stop: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Failed to stop: [Service] hsswd

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babydict
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babygloss
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babyloniepi.babyloniebho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babyloniepi.babyloniebho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babylonofficeaddin.officeaddin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babyoptfile
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\babyloniepi.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\translate this web page with babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\translate with babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imside1egate.application.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\babylon.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3CDA46B7-9CB9-4B41-B20C-BE70BCAFD7C8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\hotspot shield"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Application Data\getrighttogo"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Application Data\goforfiles"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Application Data\hotspot shield"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Application Data\thinstall"
Successfully deleted: [Folder] "\hotspot shield"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Local Settings\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Local Settings\Application Data\genienext"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Local Settings\Application Data\ilivid player"
Successfully deleted: [Folder] "C:\Documents and Settings\Mulham\Local Settings\Application Data\thinstall"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\hotspot shield"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\babylon"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/09/2014 at 20:05:37.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#6
May 9, 2014 at 14:36:30
"2nd step: Run AdwCleaner"
Have you?

Report •

#7
May 10, 2014 at 01:56:24
Yes I have. It found only the program Hotspot shield which is a VPN program.

Report •

#8
May 10, 2014 at 02:56:55
"Malwarebytes Anti-Malware (PRO) 1.70.0.1100:"
Update to the new version 2, run again & post the log please. Quick scan is all you need.

Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...

message edited by Johnw


Report •

#9
May 12, 2014 at 10:40:07
Ok now there is nothing detected:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2014.05.11.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mulham :: MYTOSHIBA [administrator]

Protection: Enabled

5/12/2014 8:54:04 PM
mbam-log-2014-05-12 (20-54-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239532
Time elapsed: 15 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#10
May 12, 2014 at 14:12:28
"Ok now there is nothing detected:"
Thanks, good result.

Download Security Check by screen317 from one of the following links and save it onto your Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#11
May 13, 2014 at 10:07:41
Ok this is the log

Results of screen317's Security Check version 0.99.83
Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Disabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
V
G
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
F
r
e
ECHO is off.
E
d
i
t
i
o
n
ECHO is off.
2
0
1
ECHO is off.
A
v
i
r
a
ECHO is off.
D
e
s
k
t
o
p
ECHO is off.
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
WinPatrol
WinPatrol 2009 [color=red][b](Outdated! Latest version is WinPatrol 2012)[/color][/b]
Windows Defender
Malwarebytes Anti-Malware version 1.70.0.1100
[color=red][b]Out of date Malwarebytes Anti-Malware installed![/b][/color]
TuneUp Utilities 2004
Wise Disk Cleaner 5.93
Wise Registry Cleaner 5.9.4
Java(TM) 6 Update 24
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 13.0.0.206
Mozilla Firefox (29.0.1)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Ashampoo FireWall FireWall.exe
WinDefender MsMpEng.exe
WinDefender MSASCui.exe
All Users Application Data Etisalat LTE Modem OnlineUpdate\ouc.exe
All Users Application Data Etisalat LTE Modem OnlineUpdate\LiveUpd.exe
WinPatrol WinPatrol.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 2%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#12
May 13, 2014 at 16:56:14
"Results of screen317's Security Check version 0.99.83"
Thanks.

"Malwarebytes Anti-Malware version 1.70.0.1100
[color=red][b]Out of date Malwarebytes Anti-Malware installed![/b][/color]"
Not too sure what is happening with Malwarebytes, have you bought the PRO version?
If you have bought the PRO version, it is one of the few realtime AV's that can run in conjuction with another AV, in your case Avira.
The FREE version is fine also ( no realtime checking ) In other words, you use it when you already have a problem.

You may need to uninstall Malwarebytes & start again with the latest version 2.

"WinPatrol 2009 [color=red][b](Outdated! Latest version is WinPatrol 2012)[/color][/b]"
Uninstall or update.

"TuneUp Utilities 2004"
Uninstall.

"Java(TM) 6 Update 24
[color=red][b]Java version out of Date![/b][/color]"
Out of date Java is a very high security risk, most people do not need Java, uninstall or update.

Here is the uninstaller I use.

Use IObit Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/IObit-...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerfull Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif


Report •

#13
May 13, 2014 at 17:00:31
After finishing everything in my post #11, here is more to do.

If Hotspot Shield isn't working, reinstall it again, be careful, note my screenshot.
http://www.softpedia.com/get/Securi...
Screenshot
http://i.imgur.com/whK69oN.gif

As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/ElPCyMq.gif
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.

message edited by Johnw


Report •

#14
May 14, 2014 at 11:00:43
Yes this is quite interesting. I thought I was secure with a good number of security programs but obviously I lacked a lot of details. I will take care of everything. Thanks.

Report •

#15
May 14, 2014 at 14:30:48
You should be Ok now, happy computing.

Report •

#16
May 14, 2014 at 14:36:59
Nice one "Gentleman" and "Johnw. Good to hear computer is now clean.

Always pop back and let us know the outcome - thanks


Report •

Ask Question