nray53

Thanks....I sent you a small gift of my appreciation.

Thank you! Do you work for Malwarebytes? One more question...what were those files found in System restore? I so appreciate your help. Thanks.

Also...what about the files ESET found?

SecurityCheck results: Results of screen317's Security Check version 0.99.64 Windows XP Service Pack 3 x86 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Free Antivirus ESET Online Scanner v3 PC Tools Firewall Plus 7.0 `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 33 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader XI Mozilla Firefox (21.0) Mozilla Thunderbird (17.0.6) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe PC Tools Firewall Plus FWService.exe PC Tools Firewall Plus FirewallGUI.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````

I have been using AdwCleaner: # AdwCleaner v2.303 - Logfile created 06/10/2013 at 13:21:13 # Updated 08/06/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Norm - UPSTAIRS # Boot Mode : Normal # Running from : C:\Downloads\adwcleaner(4).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) ************************* AdwCleaner[R1].txt - [907 octets] - [09/05/2013 08:18:54] AdwCleaner[R2].txt - [966 octets] - [10/05/2013 06:46:49] AdwCleaner[R3].txt - [1025 octets] - [11/05/2013 12:08:06] AdwCleaner[R4].txt - [1086 octets] - [11/05/2013 19:14:53] AdwCleaner[R5].txt - [1277 octets] - [24/05/2013 19:57:23] AdwCleaner[R6].txt - [1337 octets] - [24/05/2013 19:57:47] AdwCleaner[R7].txt - [1325 octets] - [27/05/2013 20:22:36] AdwCleaner[R8].txt - [1505 octets] - [31/05/2013 21:36:27] AdwCleaner[s10].txt - [1020 octets] - [10/06/2013 13:21:13] AdwCleaner[s1].txt - [2507 octets] - [07/05/2013 18:27:42] AdwCleaner[s2].txt - [305 octets] - [08/05/2013 19:20:09] AdwCleaner[s3].txt - [308 octets] - [08/05/2013 19:23:12] AdwCleaner[s4].txt - [848 octets] - [08/05/2013 19:25:44] AdwCleaner[s5].txt - [1402 octets] - [24/05/2013 19:58:11] AdwCleaner[s6].txt - [1386 octets] - [27/05/2013 20:22:54] AdwCleaner[s7].txt - [1446 octets] - [28/05/2013 13:26:49] AdwCleaner[s8].txt - [1566 octets] - [09/06/2013 18:09:19] AdwCleaner[s9].txt - [1686 octets] - [09/06/2013 20:39:39] ########## EOF - C:\AdwCleaner[s10].txt - [1618 octets] ########## Now running SecurityCheck.

Thank you so much. So...what was the problem that I had ? What about the files ESET found? I am using Avast free antivirus. What is recommended? Thanks again.

Nothing was found after a quick scan: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.10.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Norm :: UPSTAIRS [administrator] Protection: Disabled 6/10/2013 12:38:00 PM mbam-log-2013-06-10 (12-38-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 414114 Time elapsed: 4 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

It found 15 threats. Yikes. C:\Documents and Settings\Norm\Desktop\kmp.exe a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP514\A0286564.exe a variant of Win32/RegistryNuke application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP515\A0286710.exe a variant of Win32/RegistryNuke application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP566\A0308767.dll a variant of Win32/Adware.Yontoo.B application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308956.exe Win32/Adware.1ClickDownload.AI application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308959.exe Win32/OpenCandy application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308960.exe Win32/Adware.RK.AO.Gen application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308961.exe probably a variant of Win32/CNETInstaller.A application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308962.exe Win32/OpenCandy application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308963.exe Win32/DownloadAdmin.G application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308986.exe Win32/OpenCandy application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0308987.exe Win32/DownloadAdmin.G application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP567\A0309000.exe Win32/OpenCandy application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP572\A0313611.exe a variant of Win32/SmartInline.A application C:\System Volume Information\_restore{02F3C04D-1526-42F2-A103-E4B79838DBE8}\RP572\A0313613.dll a variant of Win32/SmartInline.A application

I found where the logs are stored.

It found 3: Protection: Enabled 6/10/2013 8:48:04 AM mbam-log-2013-06-10 (08-48-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 413208 Time elapsed: 3 minute(s), 29 second(s) Memory Processes Detected: 1 C:\Program Files\Mozilla Firefox\firefox.exe (Trojan.Agent) -> 328 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Firefox (Trojan.Agent) -> Data: C:\Program Files\Mozilla Firefox\firefox.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files\Mozilla Firefox\firefox.exe (Trojan.Agent) -> Delete on reboot. (end)

Here is attached Gmer.txt: Gmer.txt

I am so sorry....I have to go for a bit. Gmer is running....I will post when I can.

I am using XP.

Here is screen shot:

It is under the Quarantine tab in Malwarebytes.