XCowboy

Good Afternoon! I just completed another complete AD-AWARE scan of the entire system including boot sector, etc. and the same 4 errors came up as yesterday ( obviously they are all already quarantined files as I mentioned yesterday ). As far as system behavior in general -> It is virtually concistant and the same as recently since I disabled PRTG runtime and boot loaded software for LAN systems management ( I do not run a LAN ) and is not necessary I believe for me to load it. ( 5 minutes extra time to complete boot process ). Looks good to me! XCowboy

Good day! And here is the created Fixlog.txt just created! Fixlog.txt

I will run these tools tomorrow since I am heading out right now on a assignment. I am well aware of certain runtime events that are asked for in the registry which I have still not removed and who's executables I have disable ( renamed from .exe tp .ex ) to speed up my system most notably the un-necessary and very time consuming upon system boot-up PRTG software. ie. Directory of C:\usr\snmp\persist 11/06/2013 09:33 PM <DIR> .11/06/2013 09:33 PM <DIR> ..10/28/2013 08:01 PM <DIR> mib_indexes11/06/2013 09:33 PM 700 prtg.conf 1 File(s) 700 bytes 3 Dir(s) 11,629,273,088 bytes free Volume in drive C is IBM_PRELOAD Volume Serial Number is 8C05-D993 Directory of C:\PROGRA~1\PRTGNE~1 10/17/2013 04:18 PM 8,814,304 PRTG Probe.ex10/17/2013 04:18 PM 7,232,736 PRTG Server.ex If some of these types of programs are the ones you are referring to then they are not a problem but a result of deliberate action on my part. Thankx and talk to you tomorrow! XCowboy

OK so I did what you requested. I rebooted twice. I have added attachment of the log files I deleted frst directory tree I downloaded and ran FRST I include the addition.txt and FRST.txt files newly created files FRST.txt Addition.txt 20131226T211716.828125PID1952_AdAwareService.log 20131226T211857.234375PID3488_AdAwareDesktop.log 20131226T211900.843750PID3684_AdAwareTray.log Quarantine.txt

Apres Christmas Greetings! My only problem ad-Aware finds now I believe have been quarantined by previous passes of other Softwares. They are as follows: adaware.dealply.F c:\program files\dealply\dealply.dealply.crx.virgen.heur.VIZ.7 C:\system volume information\_restore(29FD9B63-4F58-4DB0-B2C4-8709D5244F27\RP55\A0031676.vpxgen.heur.VIZ.7 C:\system volume information\_restore(29FD9B63-4F58-4DB0-B2C4-8709D5244F27\RP55\A0031682.vpxgen.heur.VIZ.7 C:\system volume information\_restore(29FD9B63-4F58-4DB0-B2C4-8709D5244F27\RP55\A0031755.vpx XCowboy

"Well I'm sorry but I'm not going to get into any philosophical debates or discussions with you. SUPERAntispyware is not an antivirus product and if you think it is that's up to you, I won't discuss it any further." Yes I still need your assistance however I feel compelled to segway into the very essence of what I see is a more general issues you people have brought to the fore via our Internet discussions. As it turns out you were right that SUPERAntispyware is NOT a antivirus program according to feedback I received last night from the company itself: "Your support ticket CSR00114907 has been updated " Q1) When a scan takes place, does your software still maintain vigilance on intruders, malware, agents etc.? Q2) Is your Trial version of SuperAntiSpyware considered a official AV program? Microsoft Security Center ( in Windows Control Panel ) does not recognize SUPERAntiSpyware as a anti-virus detecting agent because when I have it running it advises me my computer is UNPROTECTED! ANSWER Dec 23 2013 (Mon) 2:51:56 PM PST SUPERAntiSpyware.com Replied: Chris, 1.) Yes. 2.) No. SUPERAntiSpyware is an anti-malware/spyware product. You should still be running a dedicated anti-virus as well. Avast is a very good free option. 1) Note: It is not I who said that SUPERAntispyware was a antivirus program. It is in fact that it is listed in your "List of Uninstaller Tools" on your link below allong with plenty of other AV programs. I assumed SUPERAntispyware was a antivirus program itself! It's all too confusing now. Your listing of AV products and removal instructions: https://forums.malwarebytes.org/index.php?showtopic=127580 Information: List of Uninstaller Tools Started by AdvancedSetup, Jun 10 2013 08:25 PM Norman Virus Control / Norman Security Suite: Site 1 | Site 2 | Norman Ad-Aware : Site | File PDF Norton Antivirus: Site | File Norton [Toshiba] PC Checkup Uninstall: Site Novell Cheyenne InocuLAN Anti-Virus: Site | File nProtect Anti-Virus/Spyware: Site | File no longer appears to be available SUPERAntiSpyware Support.com: Site | File x86 | File x64 In fact on December 18th. I have on record in its archives, SUPERAntiSpyware found the following Rootkit virus when none of your tools ever reported it to my knowledge. Trojan.Agent/Gen-Cryptor D:\SYSTEM VOLUME INFORMATION\_RESTORE{9DA9F6DF-D0BF-4EC3-B32B-87D275394BBF}\RP22\A0007499.EXE According to SUPERAntiSpyware archives, it was removed Thursday Dec 19th. when I commanded the program to clean everything. None of all the other so called REAL AV programs I was previously running including AVAST, AVG, StopZilla, ESET, MalwareBytes Anti Malware, etc. found Trojan.Agent/Gen-Cryptor. So what gives here? I now installed AD-AWARE and it found 3 copies of Trojan.html.fakealert.P 1) c:\documents and settings\administrator\desktop\combofix_files\7848fda04 I had all put into quarantine. "As for installing SP3 on your other computer again if you don't want to that's up to you." My other computer is a ACER Laptop, I just thought when I first opened this topic/thread ( exactly 1 month ago ) someone in your area of expertise ( being that you people deal with dozens or hundreds of people a year ) would have known of a AV tool that still worked on systens that ran XP (SP NULL/0). --> THUS THE name of this thread. I know it's my decision to upgrade or not. I guess the unavailability of a AV tool precludes the neccessity to upgrade so in effect it really is not my decision to make either so in effect with the feedback I get from you all I have no choice but to upgrade or effectively trash the laptop. "If you no longer want any help or don't believe what I'm telling you that's fine - just say so and I'll go ahead and close your topic as there are many other users looking for help." As I said above, I really do need your continued help and assistance! "Detecting and removing an infection requires a lot of review and and scanning and even then things can slip by. If you want a 100% clean system with no questions asked then FDISK, FORMAT and reinstall Windows from scratch and you won't have any infections." I really don't want to get philosophical either but again like the upgrade issue it is really not my decision to make but the call to do what has to be done, so now I have to get philosophical to the point where now even doctors have been forced to listen to their patients for a change: As you people seem to act as though you were doctors: This thread Posted 14 December 2013 - 11:10 PM "No problem. I will assist you. Please just follow my directions and don't self medicate following other topics." Telling me not to Self Medicate I thought I'd throw in an analogy with my very real experience with medical doctors themselves. I myself was near death ( down from 155 lbs to 90 lbs and yet looking like I was a pregnant woman with twins - hospitalized then for over 2 months ) when my doctor told me I needed a liver transplant if I wanted to live. I had found on the Internet a poisoning called PA's (Pyrrolizidine Alkoloids) and was sure that was what I had and did not follow his advice and I'm still alive and well nearly 20 years later. http://www.vif.com/users/chris-m/mcgill~1.html Back to now 5'11 and 155 lbs. On a recent radio show a well known doctor Goldman brings up that very topic. "That victory convinced deBronkart that the internet's access to knowledge could turn patients into powerful agents who have to ability to manage their own health." http://www.cbc.ca/whitecoat/2013/12/09/e-patient-dave-extended-interview-with-dave-debronkart/ More and more doctors are realizing they need to listen to their patients and occasionally even learn from them. I know it is tempting to simply Fdisk the thing but boot sector virus's or in this case probably Rootkit/Trojan Trojan.Agent/Gen-Cryptor found by my ( your so called non AV agent/product ) AV tool SUPERAntiSpyware ( btw: after none of your tools appeared to even notice it on my system) are removable. The tools are available today like WINICE that used to work on Win95 and NT. If you (we) give up then I guess the hackers won and we'll all just FDISK every HD, Bootable Memory Stick with boot sector, etc.. on every system! I don't think that is an option given the tools at our disposal! And YES I still appreciate and respect your all ability, knowledge, and experience! It surpasses mine to be sure and I'm sure together we can beat these malwares thrust upon us by people with apparently nothing better to do like graffiti artists only they don't affect millions of people. My knowledge is dated to say the least but the same principals still apply. I hope you continue to work with me and that you also understand where I'm coming from. XCowboy

Microsoft Security Center does not recognize SUPERAntiSpyware as a anti-virus detecting agent yet even your AV removal site on MalwareBytes as I show below lists it as a virus detector software. SUPERAntiSpyware Support.com: Site | File x86 | File x SUPERAntiSpyware caught a ( What we used to call a boot track virus ) RootKit virus and as I previously said on one of my discussions with you people" "I ended up downloading FREE SUPERAntiSpyware. It found Trojan Trojan.Agent/Gen-Cryptor on my 16G dual bootable Memory Stick It also found:Memory items scanned : 435Memory threats detected : 0Registry items scanned : 36637Registry threats detected : 0File items scanned : 55053File threats detected : 430 And best of all, it did not demand anything from me! Now I installed mbar.exe in c:\mbar and ran it.I left my UBUNTU bootable memory stick in as drive F:I wonder if mbar will catch and destroy the Rootkit/Trojan Trojan.Agent/Gen-Cryptor because I didnot allow SUPERAntiSpyware to remove anything in fact itis currently ready and requesting if I want to removeall malware agents and Adware Tracking cookies it found." None of your programs as I am aware of ever saw this agentyet you and Micro$lop says that SUPERAntiSpyware is nota antivirus tool/agent. I found as again I mentioned earlier AVIRA acts more like a virusitself as much as it might be a good AV detector. As for AVAST, when I got the computer it had AVAST on it and itseems like it let a lot of [PUP] agents onto the OS and files. As for some of your programs, as I mentioned earlier, it flaggedSYS.BAT as a contaminated file when I know for a fact it was NOTand in fact as I said earlier, it's twin sister ( exactly the same filesize only named in its stead SYS.BAK ) was not flagged.Search back into the first page of this forum item. Which brings me to ask a lot of questions about who knows whatabout what? I purchased the laptop XP ( 0 SP ) because I could afford the $20to get it as well I inherited the problems that came with the IBMTower PC XP (SP3) when I purchased it second hand because Icould afford it.Some people are not as lucky or have not been screwed aroundby a system that invariably screws with people! With due respect Regards, XCowboy

I just removed iyogi from the system. It was running ( I don't even know what?) ESET NOD32 Antivirus has expired according to what messages I recieve yet I'm not sure? Aside from the just completed SUPERAntiSpyware run which took 2 hours, and I received 322 cookie type threats found which are deemed NOT critical and I did not remove ( I don't necessarily want to play around with cookies since often then you need to re-enter passwords and details when visiting sites you normally have instant access. ) Other than that the computer behaves well all in all. It never really had any serious issues, only some AV programs bring out the fear in people and some AV online programs want to scare people into purchasing their probably virus and trojan infested stuff? Where are we now? What about my previous query about my XP ( NO SP ) machine? Are there any AV programs that will work on the old XP straight up systems or do I have to upgrade it to XP SP+++? Meanwhile thank you for your assistance! XCowboy

The latest incarnation of: DDS.txt and Attach.txt dds.txt attach.txt

If SuperAntiSpyware is not a antivirus program why does it have a ENABLE REAL TIME PROTECTION box ? Yes I ran fixdamage.exe, where I even made a note in my files as I have cut and copied here for your viewing pleasure. See below: I think you should warn people how long it could take for your Icons to reappear after rebooting, I was ready to reboot to a older version of the registry because I thought the system was screwed up for good. NOTE:*** It takes forever after rebooting for the screen ICONS program links to re-appear after running FIXDAMAGE.EXE. It looks like your system has lost it! I will have DDS.txt and Attach.txt in my next post

What is very strange is that Windows Security Center tells me that virus protection is OFF when in fact when I look into my SuperAntiSpyware AV program I go into PREFERENCES --> REAL-TIME PROTECTION ---> ENABLE REAL TIME PROTECTION box is checked! What gives here? I have ( Perhaps a illusion ) thought I had REAL TIME PROTECTION enabled and when I went back some time later to check it was unchecked. XCowboy

Here we go again! Nothing found except I do not believe the program MBAR checked my bootable F: drive with 16G memory stick! System-Log.txt mbar-log-2013-12-20 (08-31-08).txtsystem-log.txt mbar-log-2013-12-20 (08-31-08).txt

Here we go again: DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702Run by Administrator at 22:48:56 on 2013-12-19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1888 [GMT -5:00].AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}.============== Running Processes ================.C:\WINDOWS\system32\spoolsv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\igfxpers.exeC:\WINDOWS\system32\ICO.EXEC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\system32\FSRremoS.EXEC:\Program Files\VIAudioi\SBADeck\ADeck.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\QF9700\DriverMax\drivermax.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exeC:\Program Files\iYogi Support Dock\iYogiSupportDock.exeC:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exeC:\WINDOWS\System32\snmp.exeC:\FILEMON.EXEC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\system32\ntvdm.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k LocalService.============== Pseudo HJT Report ===============.uProxyOverride = <-loopback>;<local>BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocxEB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>uRun: [DriverMax] "c:\qf9700\drivermax\drivermax.exe" -agentuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [Mouse Suite 98 Daemon] ICO.EXEmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exemRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1mRun: [iYogi Support Dock] "c:\program files\iyogi support dock\sdstartup.exe" c:\program files\iyogi support dock\iYogiSupportDock.exemRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitserviceStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tl-wn3~1.lnk - c:\program files\tp-link\tl-wn321g\common\TWCU.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDrives = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTCP: NameServer = 192.168.1.1TCP: Interfaces\{739FC658-6BE2-4B84-A589-74133BBBD2CA} : DHCPNameServer = 172.16.31.18 172.16.31.12 172.16.31.19TCP: Interfaces\{D40E0885-9B75-41B1-9171-61698CD2812D} : DHCPNameServer = 192.168.1.1Notify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-18 37664]R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2013-9-17 134248]R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2013-9-17 118768]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-18 418376]R2 PPPoEService;PPPoE Service;c:\progra~1\effici~1\entern~1\app\pppoeservice.exe [2013-10-26 49152]R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\tp-link\tl-wn321g\common\RegistryWriter.exe [2013-10-16 69632]R3 FILEMON;FILEMON;c:\windows\system32\drivers\FILEM.SYS [2013-12-19 57612]R4 REGMON;REGMON;c:\windows\system32\drivers\REGSYS.SYS [2013-12-19 38220]S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-18 701512]S2 PRTGCoreService;PRTG Core Server Service;c:\program files\prtg network monitor\PRTG Server.exe [2013-10-28 7232736]S2 PRTGProbeService;PRTG Probe Service;c:\program files\prtg network monitor\PRTG Probe.exe [2013-10-28 8814304]S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]S2 SupportDockService.exe;Support Dock Service;c:\program files\iyogi support dock\services\commagent\SupportDockService.exe [2012-8-7 78336]S2 Util Lizardlink;Util Lizardlink;"c:\program files\lizardlink\bin\utillizardlink.exe" --> c:\program files\lizardlink\bin\utilLizardlink.exe [?]S3 ENIMSR;ENIMSR;c:\progra~1\effici~1\entern~1\app\ENIMSR.SYS [2013-10-26 12924]S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys --> c:\windows\system32\drivers\gfiark.sys [?]S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [2013-10-26 161640]S3 NTSTPL1;NTSTPL1;c:\progra~1\effici~1\entern~1\app\NTSTPL1.SYS [2013-10-26 16096]S3 NTSTPL2;NTSTPL2;c:\progra~1\effici~1\entern~1\app\NTSTPL2.SYS [2013-10-26 16096]S3 QF97USB;QF9700 USB2.0 To Fast Ethernet Adapter;c:\windows\system32\drivers\qf97usb.sys [2013-10-19 15232]S3 RAWESR;RAWESR;c:\progra~1\effici~1\entern~1\app\RAWESR.SYS [2013-10-26 12924]S3 TAPBIND;TAPBIND;c:\progra~1\effici~1\entern~1\app\TAPBIND1.SYS [2013-10-26 44544]S3 USB_Ethernet_Adaptor;USB to Ethernet Adapter;c:\windows\system32\drivers\USB_Ethernet_Adaptor.sys [2013-10-18 16512]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1980-1-1 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\wpro_41_2001.sys --> c:\windows\system32\drivers\WPRO_41_2001.sys [?].=============== Created Last 30 ================.2013-12-20 02:06:04 38220 ------w- c:\windows\system32\drivers\REGSYS.SYS2013-12-20 00:15:52 1231 ----a-w- C:\FSK.BAT2013-12-19 22:24:23 57612 ------w- c:\windows\system32\drivers\FILEM.SYS2013-12-19 17:53:14 -------- d-----w- C:\FRST2013-12-19 13:41:47 4709 ----a-w- C:\mbam.bat2013-12-19 03:16:03 -------- d-----w- c:\windows\ERUNT2013-12-19 03:14:31 -------- d-----w- C:\jrt2013-12-18 20:36:47 -------- d-----w- C:\SUPERDelete2013-12-18 17:12:00 -------- d-----w- c:\program files\InstallConverter2013-12-18 14:54:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)2013-12-18 14:50:10 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2013-12-18 14:46:11 -------- d-----w- C:\mbar2013-12-18 06:09:51 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com2013-12-18 06:09:19 -------- d-----w- c:\program files\SUPERAntiSpyware2013-12-18 06:09:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com2013-12-18 04:47:15 -------- d-----w- c:\documents and settings\all users\application data\Avira2013-12-18 02:35:42 22856 ----a-w- C:\mbam.sys2013-12-17 17:00:25 -------- d-----w- C:\facebook2013-12-16 15:58:28 -------- d-sha-r- C:\cmdcons2013-12-16 15:56:13 98816 ----a-w- c:\windows\sed.exe2013-12-16 15:56:13 256000 ----a-w- c:\windows\PEV.exe2013-12-16 15:56:13 208896 ----a-w- c:\windows\MBR.exe2013-12-15 10:50:26 -------- d-----w- C:\ComboFix A guide and tutorial on using ComboFix_files2013-12-14 20:04:39 891200 ----a-w- C:\SecurityCheck (1).exe2013-12-14 19:00:41 3050 ----a-w- C:\PUP-ELIM.BAT2013-12-14 14:58:25 891200 ----a-w- C:\SecurityCheck (2).exe2013-12-14 14:39:34 891200 ----a-w- C:\SecurityCheck.exe2013-12-06 18:36:20 -------- d-----w- C:\Vif-Billing service_files2013-12-06 06:19:52 -------- d-----w- C:\Videotron-Gmail - SVP --- ISP connection options in 2007 to postal code H3K2R5 required for legal matter._files2013-11-25 06:16:45 -------- d-----w- C:\Toledo former capital of Spain - Google Search_files2013-11-21 16:48:18 -------- d-----w- C:\What to do with old XPSP-NULL or maybe 3 second hand - Malware Removal Help - Malwarebytes Forum_files2013-11-20 19:01:14 -------- d-----w- C:\Trouble with LAN and Proxy settings - Resolved HijackThis Logs - Malwarebytes Forum_files2013-11-20 18:15:23 1085542 ----a-w- C:\adwcleaner (1).exe.==================== Find3M ====================.2013-11-20 23:51:22 819 ----a-w- C:\avast.bat2013-11-19 17:42:00 1682336 ----a-w- C:\eset_nod32_antivirus_live_installer.exe2013-11-19 17:38:25 5146522 ----a-w- C:\ComboFix.exe2013-11-19 17:30:49 304 ----a-w- C:\EXCEPTI.BAT2013-11-19 05:26:09 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2013-11-19 03:39:29 377856 ----a-w- C:\1q6l0gue.exe2013-11-19 03:38:49 377856 ----a-w- C:\zovgj0m1.exe2013-11-18 19:07:23 10285040 ----a-w- C:\mbam-setup-1.75.0.1300 (2).exe2013-11-16 18:29:13 65048 ---ha-w- c:\windows\system32\drivers\PROCMON23.SYS2013-11-16 15:37:51 89088 ----a-w- C:\mbr.exe2013-11-16 15:37:39 4745728 ----a-w- C:\aswmbr.exe2013-11-16 15:36:37 28672 ----a-w- C:\catchme02.exe2013-11-16 15:36:02 377856 ----a-w- C:\0gc1oz0r.exe2013-11-16 15:34:54 377856 ----a-w- C:\v7olehrc.exe2013-11-16 02:11:41 122 ----a-w- C:\1.BAT2013-11-15 16:00:04 35 ----a-w- C:\cannot-get.bat2013-11-15 13:26:29 93548 ----a-w- C:\system-volume.bat2013-11-15 11:20:06 1610 ----a-w- C:\mydocs.bat2013-11-14 23:27:04 5746904 ----a-w- C:\Iyogi-1MB-fileburst-SDSetup.exe2013-11-14 22:04:20 3658 ----a-w- C:\stopzilla.bat2013-11-14 18:40:14 94721720 ----a-w- C:\ManageEngine_DesktopCentral.exe2013-11-14 18:39:29 430852 ----a-w- C:\xpkv-setup.exe2013-11-14 15:43:18 19641384 ----a-w- C:\Stackify v1.2.162.1.exe2013-11-14 15:01:26 688992 ------r- C:\dds.scr2013-11-14 01:38:02 6352640 ----a-w- C:\RecoverKeysDemo.exe2013-11-14 00:59:21 751688 ----a-w- C:\decrypt_mblblock.exe2013-11-13 20:11:12 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat2013-11-13 18:56:41 991232 ----a-w- C:\MicrosoftFixit50267 (1).msi2013-11-13 18:56:24 991232 ----a-w- C:\MicrosoftFixit50267.msi2013-11-13 18:50:27 10285040 ----a-w- C:\mbam-setup-1.75.0.1300 (1).exe2013-11-13 18:46:16 1085542 ----a-w- C:\adwcleaner.exe2013-11-13 18:29:49 10285040 ----a-w- C:\mbam-setup-1.75.0.1300.exe2013-11-13 18:01:51 5955760 ----a-w- C:\SparkTrust PC Cleaner Plus Setup (1).exe2013-11-13 17:59:42 5955760 ----a-w- C:\SparkTrust PC Cleaner Plus Setup.exe2013-11-13 17:35:54 707664 ----a-w- C:\SZSetup_AID10121_AV.exe2013-11-13 03:37:24 369 ----a-w- C:\studioDV.bat2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-12 03:16:34 35800192 ----a-w- C:\sketchupwen.exe2013-11-11 02:57:14 210 ----a-w- C:\D-LINK.BAT2013-11-10 16:02:00 951 ----a-w- C:\QF9700.BAT2013-11-09 18:56:36 147 ----a-w- C:\tracert.bat2013-11-09 18:55:24 96 ----a-w- C:\ping-vif.bat2013-11-09 18:54:57 354 ----a-w- C:\pingit.bat2013-11-08 19:08:07 70 ----a-w- C:\hypert.bat2013-11-07 21:51:42 4741 ----a-w- C:\chest.bat2013-11-07 17:35:47 502 ----a-w- C:\blat-mailer.bat2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-07 01:12:31 1632 ----a-w- C:\telnet-modem.bat2013-11-07 01:05:23 0 ----a-w- C:\d-link-op.bat2013-11-06 18:46:31 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys2013-11-06 14:40:20 2188 ----a-w- C:\VIR-X.BAT2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-11-05 18:22:11 55 ----a-w- C:\d-link4.bat2013-11-05 17:25:22 497 ----a-w- C:\win7drv.bat2013-11-05 05:09:23 55 ----a-w- C:\d-link2.bat2013-11-04 18:08:59 900 ----a-w- C:\TP-LINK.BAT2013-11-04 00:21:44 28 ----a-w- C:\SYSFILES.BAT2013-11-04 00:09:28 69 ----a-w- C:\FIX.BAT2013-10-31 21:30:40 19391 ----a-w- C:\deltree.exe2013-10-31 00:03:17 98 ----a-w- C:\dosbox-cfg.bat2013-10-30 14:45:22 2093 ----a-w- C:\vir-loc.bat2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys2013-10-29 16:06:53 462 ----a-w- C:\dlink.bat2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-29 07:57:33 43520 ------w- c:\windows\system32\licmgr10.dll2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec2013-10-26 16:05:15 354 ----a-w- C:\dsl.bat2013-10-25 13:02:54 37 ----a-w- C:\ipcon.bat2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll2013-10-21 03:27:04 2324 ----a-w- C:\MS-err.bat2013-10-20 20:23:58 267 ----a-w- C:\drv-long-dir.bat2013-10-19 11:40:53 548 ----a-w- C:\win95-drivers.bat2013-10-17 05:31:32 371 ----a-w- C:\adobe.bat2013-10-17 05:10:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-17 05:10:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-17 04:34:51 545 ----a-w- c:\documents and settings\administrator\win95-drivers.bat2013-10-17 03:35:26 1071832 ----a-w- C:\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih2.exe2013-10-16 20:29:05 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll2013-10-12 13:26:05 31 ----a-w- C:\drv.bat2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll2013-09-24 17:03:42 3361 ----a-w- C:\findme.bat2013-09-24 01:01:44 745 ----a-w- C:\find-me.bat.============= FINISH: 22:49:52.34 =============== ATTACH.TXT attach.txt

It may well be that I should have disabled my SuperAntiSpyware before running FRST to start with because after F8 and loading back to "Last time ..." I also decided to disable SuperAntiSpyware as well. Perhaps I should have done that first around but I don't believe I was instructed to do so. Is there a way to go forwards rather than backwards in the registry loaded and try that again? XCowboy

OK That worked, you know I waited for over an hour with my TP-Link Wireless Modem flashing like crazy. I thought maybe you people were remotely fiddling with my computer so I didn't intervene. You people should give us an idea of how long each process is expected to take. Here it is Fixlog.txt Fixlog.txt