What to do with old XPSP-NULL or maybe 3 second hand

XCowboy · November 21, 2013

Good day / Bon Jour!

I have had the unfortunate reality of loss of my

computer equipment due to bed-bug infestation and

neccessity to buy second hand equipment to get

back my files, etc.

I purchased a second hand IBM Tower

Pentium 4 CPU 3.2GHz 3.19GHz

IBM ThinkCentre Tower

Mother Board IBM 814334F

BIOS Type Phoenix 814334F AC79

2.49 GB Ram

Software WIndows XP Professional

version 2002 SP3

Also I got a ACER old laptop running XP professional

with NO SP ie. SP0

Since we cannot easily get access to virus or trojan removal from

XP NON SP upgraded OS --->

What are the consequences of trying to upgrade XP systems to SP3

without first removing those viruses and TROJANS?

I began with the IBM Thinkcentre to remove unwanted

viruses, etc.

I used a free download version of "STOPZilla" Nov. 2013

upgrade of virus signature files.

I refrained from removing the NON-Necessary auto removal

files that STOPZilla does as well as while using your

prescribed anti-intrusion software such as DMER.exe,

Combofix, ESET.

However I did go ahead with AWDcleaner and allow for removal

of recommended offensive programs.

What exactly is your perspective on what to do and not do

when it comes to virus-trojan hunter programs out there?

STOPZilla also found other offensive malwares which it may

or may not have removed including:

Recognized possible offensive malware was indicated as follows:

* Trojan.Win32.Generic!SB.0

C:\AV-AVAST\Codec performersetup.exe

C:\docume~1\...\speeditupfree-knowledge[1].exe

C:\" " ....\downloads\aviraa~1.exe

( aviraantivirpersonal\freeantivirus+softangodownloader(1).exe )

* * * * * * * * *

rem Other viruses found:

rem Conduit (fs)

rem InstallBrain (fs)

rem Trojan.win32.Generic!SB.0

rem Trojan.win32.Mal.Gen.37905

rem Trojan.win32.Vundo.gena75

rem Yantoo(fs)

rem Wajam (fs)

rem Softonic Downloader (fs) Hundreds of occurances!!!!

* * * * * * * * * * * * * * * * * *

rem Trojan Net-worm.win32.koobface

dir mad3201.dll

pause

dir

pause

rem Trojan.win32.mal.gen.35645

rem Trojan.win32.generic!BT

c:

attr system*.*

cd system~1

dir a00*.exe /s

pause

cd \docume~1

dir winrar.exe /s

pause

rem Trojan Qoologic

dir installer.exe /s

* * * * * * * * * * * * * *

rem CONDUIT TOOLBAR (v)

rem Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\CRE

cd C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\CRE

dir

pause

cd C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\Google\Chrome\USERDA~1\Default\EXTENS~1

rem DOS dir commands do not work this high up in the directory tree!

rem Many files deemed virulant are above this tree structure

rem like:

rem aboutbox.html

rem bubble.js

rem showhandler.js

rem menu.js

rem lgf.view.js

rem lgf.html

rem gf.view.js

rem popups.js

rem outbox.js

dir

pause

rem 11/06/2013 01:08 PM <DIR> .

rem 11/06/2013 01:08 PM <DIR> ..

rem 10/26/2013 03:17 PM 2,894,118 iehjklkgijkjfcfmmjmjlmcccholamaf.crx

rem 10/31/2013 09:50 PM 3,070,695 lipgolpfajiadodbcbljdpmbmbdmfcil.crx

rem 2 File(s) 5,964,813 bytes

rem 2 Dir(s) 11,989,233,664 bytes free

rem Volume in drive C is IBM_PRELOAD

rem Volume Serial Number is 8C05-D993

rem Directory of C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\Google\Chrome\USERDA~1\Default\EXTENS~1

rem 11/15/2013 09:00 AM <DIR> .

rem 11/15/2013 09:00 AM <DIR> ..

rem 10/13/2013 09:13 PM 361 000005.sst

rem 10/18/2013 08:24 PM 196 000055.sst

rem 10/20/2013 11:20 PM 194 000070.sst

rem 10/26/2013 06:10 AM 196 000103.sst

rem 10/30/2013 10:10 AM 196 000128.sst

rem 11/02/2013 11:32 AM 0 000173.log

rem 11/02/2013 11:32 AM 16 CURRENT

rem 10/13/2013 07:59 PM 0 LOCK

rem 11/15/2013 09:00 AM 0 LOG

rem 11/15/2013 09:00 AM 0 LOG.old

rem 11/02/2013 11:32 AM 1,083 MANIFEST-000172

rem 11 File(s) 2,242 bytes

rem 2 Dir(s) 11,990,388,736 bytes free

rem Virus Install Core.b (fs)

cd C:\DOCUME~1\ADMINI~1\MYDOCU~1\Downloads

rem 10/18/2013 05:28 PM 1,311,216 DriverGuide_Driver_Download_1871977 (1).exe

rem 10/18/2013 05:29 PM 1,311,216 DriverGuide_Driver_Download_1871977 (2).exe

rem 10/18/2013 05:30 PM 1,311,216 DriverGuide_Driver_Download_1871977 (3).exe

rem 10/18/2013 05:31 PM 1,311,216 DriverGuide_Driver_Download_1871977 (4).exe

rem 10/18/2013 05:31 PM 1,311,216 DriverGuide_Driver_Download_1871977 (5).exe

rem 10/18/2013 05:27 PM 1,311,216 DriverGuide_Driver_Download_1871977.exe

rem 6 File(s) 7,867,296 bytes

rem 0 Dir(s) 11,989,090,304 bytes free

rem CONDUIT TOOLBAR (v)

cd C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\Google\Chrome\USERDA~1\Default\Extensions\LIPGOL~1\10.22.3.518_0\tb\al\ui\menu\js

rem 11/13/2013 07:36 PM <DIR> .

rem 11/13/2013 07:36 PM <DIR> ..

rem 11/13/2013 07:36 PM 2,210 jquery.ellipsis.js

rem 11/13/2013 07:36 PM 2,262 jquery.scrollTo-1.4.2-min.js

rem 11/13/2013 07:36 PM 20,538 menu.js

rem 11/13/2013 07:36 PM 6,957 renderHandler.js

rem 11/13/2013 07:36 PM 5,256 scrollers.js

rem 11/13/2013 07:36 PM 5,353 showHandler.js

rem 6 File(s) 42,576 bytes

rem 2 Dir(s) 11,989,360,640 bytes free

Volume in drive C is IBM_PRELOAD

Volume Serial Number is 8C05-D993

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1

Volume in drive C is IBM_PRELOAD

Volume Serial Number is 8C05-D993

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1\Misc-Drivers\CAMERA\X64\Vista

10/08/2009 10:37 PM 937,984 RemoveSM37X.exe

1 File(s) 937,984 bytes

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1\Misc-Drivers\CAMERA\X64\Vista\x64

10/08/2009 10:37 PM 937,984 RemoveSM37X.exe

1 File(s) 937,984 bytes

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1\Misc-Drivers\CAMERA\X64\Xp

10/08/2009 10:37 PM 937,984 RemoveSM37X.exe

1 File(s) 937,984 bytes

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1\Misc-Drivers\CAMERA\X64\Xp\x64

10/08/2009 10:37 PM 937,984 RemoveSM37X.exe

1 File(s) 937,984 bytes

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1\Misc-Drivers\CAMERA\X86\Vista

10/08/2009 10:37 PM 937,984 RemoveSM37X.exe

1 File(s) 937,984 bytes

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1\Misc-Drivers\CAMERA\X86\Xp

10/08/2009 10:37 PM 937,984 RemoveSM37X.exe

1 File(s) 937,984 bytes

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1\Misc-Drivers\DriversMic\LAN\RTL8139\DMI\WINEXE

08/14/1998 09:44 AM 20,480 REMOVE.EXE

1 File(s) 20,480 bytes

Directory of C:\DOCUME~1\ADMINI~1\MYDOCU~1\MISCDR~1\p4p800\swsetup\SP27103\SMAXWDM\W2K_XP

10/04/2001 02:49 PM 35,328 Remove.exe

1 File(s) 35,328 bytes

Total Files Listed:

8 File(s) 5,683,712 bytes

0 Dir(s) 11,989,860,352 bytes free

- -- - - - - - - - - - - - -

After running Adwcleaner the fillowing things happened in

reverse order ie. the top issues are the latest and have not

re-occured!

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-4F...A0031888.dll

.

. .

. . .

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-4F...A0031885.dll

.

. .

. . .

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-4F...A0031878.dll

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-4F...A0031877.dll

Some time later again"

Immediately after removal a new WARNING came up:

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-4F...A0031876.dll

Prior:

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-4F...A0031875.dll

- - - - - - - ---

NB: No Internet connection was active at the time!

Immediately after removal a new WARNING came up:

Removed, now only toolbar is left of Chrome Browser screen!

- - -- - - -

Immediately after removal a new WARNING came up:

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-...A0031874.dll

- - -- - - - - - - -

Immediately after removal a new WARNING came up:

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-...A0031873.dll

- - - - - - - - - - -

Immediately after removal a new WARNING came up:

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-...A0031872.dll

NB: No Internet connection was active!

-- - - - - - -

After I had ESET Node32 clean C:\System Volume Information\_restore{29FD9B63-...A0031870.exe

A new Warning came up:

Object: C:\System Volume Information\_restore{29FD9B63-4F...A0031871.dll

Threat: a variant of Win32/Toolbar.Conduit.P potentially unwanted application

his Event occured during an attempt to access file by the application

C:\Windows\system32\svchost.exe Please submit this object to ESET for analysis.

-- - - - - -

After MalwareBytes did its removal:

Later

ESETNOD32 Antivirus 7 came up with new potential App.

Object: C:\System Volume Information\_restore{29FD9B63-...A0031870.exe

Threat: Win32/FileScout.A potentially unwanted application

This Event occured during an attempt to access file by the application

C:\Windows\system32\svchost.exe Please submit this object to ESET for analysis.

I had it cleaned!

http://kb.eset.com/esetkb/index?page=content&id=SOLN2629&viewlocale=en_US&locale=en_US&utm_source=Application&utm_medium=Application&utm_campaign=PUA

Search Tips

What is a potentially unwanted application?

KB Solution ID: SOLN2629|Last Revised: September 25, 2013

A potentially unwanted application is a program that contains adware,

installs toolbars or has other unclear objectives. There are some

situations where a user may feel that the benefits of a potentially

unwanted application outweigh the risks.

For this reason, ESET assigns such applications a lower-risk category

compared to other types of malicious software, such as trojan horses

or worms. While installing your ESET product, you can decide whether

to enable detection of potentially unwanted applications, as shown

below (Figure 1-1):

Many thanks in advance!

XCowboy

AdwCleanerS0.txt

LOGS.TXT

AdvancedSetup · December 10, 2013

Sorry for the delay but it looks like your post was overlooked. Did you still need help with this?

XCowboy · December 14, 2013

Yea people I still need help with all these various recommended virus/trojan/keystroke monitor ....... removal tools

It's mind boggling.

I ran most of your recommended software but I am puzzled by what to do when the files are not removed or put under quarantine

by the software that is supposed to have the capacity to make these decisions. I cannot for the life of me without having backups and tonnes of time start fiddling with these things.

Batch file I created about what I have done to date ( abv. version ) ------ > PUP-ELIM.bat

- - - - - - - - - - - - - - - - - - - - - - - - -

rem SEE FILE C:PUP-Elimination.txt

rem NOTE: I suddenly was no longer allowed to download any

rem files "BLOCKED" message.

rem I managed to save the files to D:\

rem I somehow got ESET to remove a bad copy of

rem cmd.exe, regsvr32 and urlmon.dll

rem Malewarebytes Anti-malware

rem Logs

rem c:\documents and settings\administrator\application data\malewarebytes\Malewarebytes'Anti-malware\logs\MBAM-log2013-12-14(12-52-19).txt

rem cd c:\"documents and settings"\"administrator"\"local settings"\temp

rem copy dds.txt \

rem copy attach.txt \

cd c:\"documents and settings"\"administrator"\"application data"\"Malwarebytes"\"Malwarebytes' Anti-malware"\logs

rem copy mbam*.txt \

rem Directory of C:\

rem 11/18/2013 02:22 PM 178,926 MBAM-log-2013-11-18 (14-22-20).txt

rem 12/01/2013 08:26 PM 10,324 MBAM-log-2013-12-01 (20-25-29).txt

rem 12/01/2013 08:30 PM 10,324 MBAM-log-2013-12-01 (20-30-26).txt

rem 12/14/2013 01:02 PM 20,086 MBAM-log-2013-12-14 (12-52-19).txt

rem 4 File(s) 219,660 bytes

rem 0 Dir(s) 13,575,258,112 bytes free

rem 11/18/2013 11:28 PM 1,205 Gmer-1.log

rem combofix.exe

rem BE CAREFUL With this one!

rem eset_nod32_antivirus_live_installer.exe

rem 12/06/2013 02:14 AM 1,549 ESET-06-12-13.txt

rem 11/13/2013 01:46 PM 1,085,542 adwcleaner.exe

rem 12/14/2013 09:31 AM 891,200 SecurityCheck.exe

- - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - -

Current MBAM scan results file:

- - - - - - - - - - - - - - - - - -- - -

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.12.14.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: IBM-F400B3CC723 [administrator]

12/14/2013 10:02:00 AM

MBAM-log-2013-12-14 (12-52-19).txt

Scan type: Full scan (C:\|D:\|F:\|)

Scan options disabled: P2P

Objects scanned: 320649

Time elapsed: 2 hour(s), 13 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

Registry Values Detected: 1

HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_fileopenerpro-display-dco-CA-300x250-25759757202 -> No action taken.

Registry Data Items Detected: 6

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearch.A) -> Bad: (http://do-search.com/?type=hp&ts=1384374789&from=adks&uid=HDS728040PLA320_PFDA10S1SMR3MLSMR3MLX) Good: (http://www.google.com) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.DoSearch.A) -> Bad: (http://do-search.com/web/?type=ds&ts=1384374789&from=adks&uid=HDS728040PLA320_PFDA10S1SMR3MLSMR3MLX&q={searchTerms}) Good: (http://www.google.com) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.DoSearch.A) -> Bad: (http://do-search.com/?type=hp&ts=1384374789&from=adks&uid=HDS728040PLA320_PFDA10S1SMR3MLSMR3MLX) Good: (http://www.google.com) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.DoSearch.A) -> Bad: (http://do-search.com/web/?type=ds&ts=1384374789&from=adks&uid=HDS728040PLA320_PFDA10S1SMR3MLSMR3MLX&q={searchTerms}) Good: (http://www.google.com/) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|CustomizeSearch (PUP.Optional.DoSearch.A) -> Bad: (http://do-search.com/web/?type=ds&ts=1384374789&from=adks&uid=HDS728040PLA320_PFDA10S1SMR3MLSMR3MLX&q={searchTerms}) Good: (http://www.google.com/) -> No action taken.

HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.DoSearch.A) -> Bad: (http://do-search.com/?type=hp&ts=1384374789&from=adks&uid=HDS728040PLA320_PFDA10S1SMR3MLSMR3MLX) Good: (http://www.google.com) -> No action taken.

Folders Detected: 4

C:\Program Files\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> No action taken.

C:\Documents and Settings\All Users\VisualBee (PUP.Optional.Visualbee) -> No action taken.

Files Detected: 54

C:\nc.exe (PUP.Netcat) -> No action taken.

C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Application Data\Searchprotect\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\CT3279412\appbario13AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\CT3298581\MixiDJ_V45AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Conduit\CT3306061\Connect_DLC_5AutoUpdateHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\appbario13\appbario13ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\Connect_DLC_5\Connect_DLC_5ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\Lizardlink\bin\plugins\Lizardlink.FFUpdate.dll.vir (PUP.Optional.Lizardlink.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\Lizardlink\bin\plugins\Lizardlink.IEUpdate.dll.vir (PUP.Optional.Lizardlink.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\MixiDJ_V45\MixiDJ_V45ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\optimizer pro\OptProReminder.ex.vir (PUP.Optional.OptimizerPro) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\Speed Analysis 3\uninst.exe.vir (PUP.Optional.7Go.A) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\Wajam\IE\priam_bho.dll.vir (PUP.Optional.Wajam) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\update.exe.vir (PUP.Optional.Wajam) -> No action taken.

C:\D-Link\utility\NETCAP\nc.exe (PUP.Netcat) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\adks_do-search.exe (PUP.Optional.DoSearch.A) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\fullpackage_temp1384374771\Baofeng.exe (PUP.Optional.NationZoom.A) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\fullpackage_temp1384374771\package1.zip (PUP.Optional.NationZoom.A) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EXC9W4QW\GreatArcadeHits[1].exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\P2L0AL3L\adks_do-search[1].exe (PUP.Optional.DoSearch.A) -> No action taken.

C:\Documents and Settings\Administrator\My Documents\Downloads\InstallRARFileOpenKnife.exe (PUP.Optional.OpenCandy) -> No action taken.

C:\IBMTOOLS\APPS\ACCSUPT\as_setup.ex2 (Trojan.Agent) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP42\A0027649.exe (PUP.Optional.Wajam) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP43\A0027751.exe (PUP.Optional.Wajam) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP44\A0028002.exe (PUP.Optional.Wajam) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP49\A0029462.exe (PUP.Optional.Wajam) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP55\A0031443.exe (PUP.Optional.Wajam) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031913.dll (PUP.Optional.Lizardlink.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031915.dll (PUP.Optional.Lizardlink.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031928.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031944.exe (PUP.Optional.7Go.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031947.exe (PUP.Optional.Wajam) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031950.dll (PUP.Optional.Wajam) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031951.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031957.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031963.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0032000.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0032001.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0032002.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0032025.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0032071.exe (PUP.Optional.OptimizerPro) -> No action taken.

C:\SYS.BAT (Trojan.Agent) -> No action taken.

C:\Program Files\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\install.log (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Program Files\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\WINDOWS\Tasks\BrowserSafeguard Update Task.job (PUP.Optional.BrowserSafeGuard.A) -> No action taken.

C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> No action taken.

(end)

I have still taken no action and the file is still open on my computer!

Help

XCowboy

AdvancedSetup · December 15, 2013

No problem. I will assist you. Please just follow my directions and don't self medicate following other topics.

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

XCowboy · December 15, 2013

Thankx!

I just read through the elaborate detail and complexity in potentially using COMBOfix.exe and it's detailed and potentially very risky especially if you don't have an original CD which I don't since my computer was purchased 3rd hand.

Also what about my still active Current MBAM scan active report? Should I not act on any of their recommendations

before I shut down the computer and kill the active process and results screen?

Also in the recommendations for people without Windows XP installation CD it says the following:

If you use Windows XP and do not have the Windows CD, ComboFix

includes a method of installing the Windows Recovery console by

downloading a file from Microsoft. To install the Windows Recovery

Console when you do not have the Windows XP CD, please follow these

instructions:

1) Click on the following link to go to Microsoft's Web site:

http://support.microsoft.com/kb/310994

How to obtain Windows XP Setup disks for a floppy boot installation

NB: They say in STEP 3

The Setup process starts. Insert the other floppy disks when you are

prompted. You must use the Windows XP CD-ROM to finish the Setup process.

My Question ----> : Is this step required to give the product key because if that is all that is required I have it.

keyfinder.exe Installation after reboot was real fast!

Microsoft Windows XP Professional Service Pack 3

Product Part No.: A22-00001

Installed from 'OEM' media.

Product ID: 55274-OEM-0011903-00107 match to CD Key data

CD Key: HCBR8-FGC2K-RY7BM-HM3KT-BKVRW

Computer Name: IBM-F400B3CC723

Registered Owner: user

Registered Organization:

- - - - - - - --

According to:

Magical Jelly Bean KeyFinder

Microsoft Windows XP

Professional

HCBR8-FGC2K-RY7BM-HM3KT-BKVRW

- - - - -

According to:

XP-KEY-Viewer

HCBR8-FGC2K-RY7BM-HM3KT-BKVRW

- - - - - -

According to:

i386 Directory UNATTEND.TXT

[userData]

ProductKey=HCBR8-FGC2K-RY7BM-HM3KT-BKVRW

FullName="IBM USER"

OrgName="IBM CUSTOMER"

ComputerName=*

Do you think I could make the 6 startup disks without the CD

by having the PRODUCTkey code number?

Thankx again

XCowboy

AdvancedSetup · December 16, 2013

Please just go ahead and run Combofix. Those are warnings. Yes there is always a potential issue that can happen when cleaning any computer but I've never had it mess one up on me now in over 5 years of using that tool.

Thanks

XCowboy · December 16, 2013

All Right, everything went smoothly and swingingly. Never need to use any Windows Recovery Console backup files that ComboFix

created and the scanning took ~ 10 min.

Here is the ComboFix.Txt file created:

ComboFix 13-12-13.01 - Administrator 12/16/2013 11:02:09.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1819 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrator\Local Settings\Application Data\Adobe\EDITOR.EXE

c:\documents and settings\Administrator\Local Settings\Application Data\Adobe\GREP.EXE

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Lizardlink_iels

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Guest\WINDOWS

C:\install.exe

C:\nc.exe

C:\Windows-KB890830-V5.6.exe

c:\windows\system32\Cache

c:\windows\system32\Cache\075884af680ff6dc.fb

c:\windows\system32\Cache\227113dfa1ca894d.fb

c:\windows\system32\Cache\402bba6c6cba5b1b.fb

c:\windows\system32\Cache\49fbbc5a8678d502.fb

c:\windows\system32\Cache\613e8ce7ab7106af.fb

c:\windows\system32\Cache\633a76311867bd11.fb

c:\windows\system32\Cache\691f14230153a9e1.fb

c:\windows\system32\Cache\6935f3d587938875.fb

c:\windows\system32\Cache\6cb409d7ac73d9f1.fb

c:\windows\system32\Cache\7614bd6cfa99e546.fb

c:\windows\system32\Cache\77664b6ccc36be9f.fb

c:\windows\system32\Cache\881b3593316772f0.fb

c:\windows\system32\Cache\98657d0579ae1930.fb

c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb

c:\windows\system32\Cache\d9ca663388d21ec0.fb

c:\windows\system32\Cache\f2cda51fd108941f.fb

c:\windows\system32\Cache\f34d8db84131d925.fb

c:\windows\system32\config\systemprofile\WINDOWS

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_FILEMON

-------\Service_FILEMON

.

((((((((((((((((((((((((( Files Created from 2013-11-16 to 2013-12-16 )))))))))))))))))))))))))))))))

.

2013-12-15 10:50 . 2013-12-15 10:50 -------- d-----w- C:\ComboFix A guide and tutorial on using ComboFix_files

2013-12-15 02:47 . 2013-12-15 02:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2013-12-14 20:04 . 2013-12-14 20:04 891200 ----a-w- C:\SecurityCheck (1).exe

2013-12-14 19:00 . 2013-12-15 11:36 2966 ----a-w- C:\PUP-ELIM.BAT

2013-12-14 14:58 . 2013-12-14 14:58 891200 ----a-w- C:\SecurityCheck (2).exe

2013-12-14 14:39 . 2013-12-14 14:31 891200 ----a-w- C:\SecurityCheck.exe

2013-12-06 18:36 . 2013-12-06 18:36 -------- d-----w- C:\Vif-Billing service_files

2013-12-06 06:19 . 2013-12-06 06:19 -------- d-----w- C:\Videotron-Gmail - SVP --- ISP connection options in 2007 to postal code H3K2R5 required for legal matter._files

2013-11-25 06:16 . 2013-11-25 06:16 -------- d-----w- C:\Toledo former capital of Spain - Google Search_files

2013-11-21 16:48 . 2013-11-21 16:48 -------- d-----w- C:\What to do with old XPSP-NULL or maybe 3 second hand - Malware Removal Help - Malwarebytes Forum_files

2013-11-20 19:01 . 2013-11-20 19:01 -------- d-----w- C:\Trouble with LAN and Proxy settings - Resolved HijackThis Logs - Malwarebytes Forum_files

2013-11-20 18:15 . 2013-11-20 18:15 1085542 ----a-w- C:\adwcleaner (1).exe

2013-11-19 22:26 . 2013-11-19 22:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET

2013-11-19 19:54 . 2013-11-19 19:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2013-11-19 17:57 . 2013-11-19 17:57 -------- d-----w- c:\program files\ESET

2013-11-19 17:57 . 2013-11-19 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2013-11-19 17:41 . 2013-11-19 17:42 1682336 ----a-w- C:\eset_nod32_antivirus_live_installer.exe

2013-11-19 17:29 . 2013-11-19 17:30 304 ----a-w- C:\EXCEPTI.BAT

2013-11-19 03:39 . 2013-11-19 03:39 377856 ----a-w- C:\1q6l0gue.exe

2013-11-19 03:38 . 2013-11-19 03:38 377856 ----a-w- C:\zovgj0m1.exe

2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-11-18 19:08 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-11-18 19:07 . 2013-11-18 19:07 10285040 ----a-w- C:\mbam-setup-1.75.0.1300 (2).exe

2013-11-16 18:29 . 2013-11-16 18:29 65048 ---ha-w- c:\windows\system32\drivers\PROCMON23.SYS

2013-11-16 18:29 . 2013-05-31 20:54 2489024 ----a-w- C:\Procmon.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-20 23:51 . 2013-11-13 03:34 819 ----a-w- C:\avast.bat

2013-11-19 05:26 . 2013-10-18 23:01 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-11-16 15:37 . 2013-11-16 15:37 89088 ----a-w- C:\mbr.exe

2013-11-16 15:37 . 2013-11-16 15:37 4745728 ----a-w- C:\aswmbr.exe

2013-11-16 15:36 . 2013-11-16 15:36 28672 ----a-w- C:\catchme02.exe

2013-11-16 15:36 . 2013-11-16 15:36 377856 ----a-w- C:\0gc1oz0r.exe

2013-11-16 15:34 . 2013-11-16 15:34 377856 ----a-w- C:\v7olehrc.exe

2013-11-16 02:11 . 2013-11-16 02:09 122 ----a-w- C:\1.BAT

2013-11-15 16:00 . 2013-11-15 15:57 35 ----a-w- C:\cannot-get.bat

2013-11-15 13:26 . 2013-11-15 13:20 93548 ----a-w- C:\system-volume.bat

2013-11-15 11:20 . 2013-11-15 11:17 1610 ----a-w- C:\mydocs.bat

2013-11-15 04:22 . 2013-11-15 04:22 23003 ----a-w- C:\FILEM.zip

2013-11-15 04:21 . 2013-11-15 04:21 15226 ----a-w- C:\RegSys.zip

2013-11-14 23:27 . 2013-11-14 23:27 5746904 ----a-w- C:\Iyogi-1MB-fileburst-SDSetup.exe

2013-11-14 22:04 . 2013-11-13 23:32 3658 ----a-w- C:\stopzilla.bat

2013-11-14 18:40 . 2013-11-14 18:37 94721720 ----a-w- C:\ManageEngine_DesktopCentral.exe

2013-11-14 18:39 . 2013-11-14 18:39 430852 ----a-w- C:\xpkv-setup.exe

2013-11-14 15:43 . 2013-11-14 15:42 19641384 ----a-w- C:\Stackify v1.2.162.1.exe

2013-11-14 15:01 . 2013-11-14 15:01 688992 ------r- C:\dds.scr

2013-11-14 01:38 . 2013-11-14 01:37 6352640 ----a-w- C:\RecoverKeysDemo.exe

2013-11-14 00:59 . 2013-11-14 00:59 751688 ----a-w- C:\decrypt_mblblock.exe

2013-11-14 00:44 . 2013-11-14 00:44 490040 ----a-w- C:\meosetup.exe

2013-11-13 21:01 . 2013-11-13 21:01 1174617 ----a-w- C:\KeyFinderInstaller (1).exe

2013-11-13 20:59 . 2013-11-13 20:59 1174617 ----a-w- C:\KeyFinderInstaller.exe

2013-11-13 20:11 . 2013-11-13 20:11 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat

2013-11-13 18:56 . 2013-11-13 18:56 991232 ----a-w- C:\MicrosoftFixit50267 (1).msi

2013-11-13 18:56 . 2013-11-13 18:56 991232 ----a-w- C:\MicrosoftFixit50267.msi

2013-11-13 18:50 . 2013-11-13 18:49 10285040 ----a-w- C:\mbam-setup-1.75.0.1300 (1).exe

2013-11-13 18:46 . 2013-11-13 18:46 1085542 ----a-w- C:\adwcleaner.exe

2013-11-13 18:29 . 2013-11-13 18:29 10285040 ----a-w- C:\mbam-setup-1.75.0.1300.exe

2013-11-13 18:01 . 2013-11-13 18:01 5955760 ----a-w- C:\SparkTrust PC Cleaner Plus Setup (1).exe

2013-11-13 17:59 . 2013-11-13 17:59 5955760 ----a-w- C:\SparkTrust PC Cleaner Plus Setup.exe

2013-11-13 17:35 . 2013-11-13 17:35 707664 ----a-w- C:\SZSetup_AID10121_AV.exe

2013-11-13 03:37 . 2013-11-13 03:22 369 ----a-w- C:\studioDV.bat

2013-11-13 02:59 . 1980-01-01 08:00 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-12 03:16 . 2013-11-12 03:15 35800192 ----a-w- C:\sketchupwen.exe

2013-11-11 02:57 . 2013-11-04 21:41 210 ----a-w- C:\D-LINK.BAT

2013-11-10 16:02 . 2013-10-19 11:54 951 ----a-w- C:\QF9700.BAT

2013-11-09 18:56 . 2013-10-25 15:05 147 ----a-w- C:\tracert.bat

2013-11-09 18:55 . 2013-11-09 07:57 96 ----a-w- C:\ping-vif.bat

2013-11-09 18:54 . 2013-10-25 13:20 354 ----a-w- C:\pingit.bat

2013-11-08 19:08 . 2013-10-30 21:46 70 ----a-w- C:\hypert.bat

2013-11-07 21:51 . 2013-10-27 15:22 4741 ----a-w- C:\chest.bat

2013-11-07 17:35 . 2013-11-07 17:35 502 ----a-w- C:\blat-mailer.bat

2013-11-07 05:38 . 2007-02-05 21:15 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-07 01:12 . 2013-11-07 00:52 1632 ----a-w- C:\telnet-modem.bat

2013-11-07 01:05 . 2013-11-07 01:05 0 ----a-w- C:\d-link-op.bat

2013-11-06 18:46 . 2013-11-06 18:46 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys

2013-11-06 14:40 . 2013-11-06 14:38 2188 ----a-w- C:\VIR-X.BAT

2013-11-06 01:03 . 2013-01-03 19:08 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-11-05 18:22 . 2013-11-05 18:22 55 ----a-w- C:\d-link4.bat

2013-11-05 17:25 . 2013-11-05 17:25 497 ----a-w- C:\win7drv.bat

2013-11-05 05:09 . 2013-11-05 05:09 55 ----a-w- C:\d-link2.bat

2013-11-04 18:08 . 2013-10-28 15:12 900 ----a-w- C:\TP-LINK.BAT

2013-11-04 00:29 . 2013-10-28 23:23 1659 ----a-w- C:\SYS.BAT

2013-11-04 00:21 . 2013-11-04 00:21 28 ----a-w- C:\SYSFILES.BAT

2013-11-04 00:09 . 2013-10-21 00:59 69 ----a-w- C:\FIX.BAT

2013-10-31 21:30 . 2013-11-04 20:11 19391 ----a-w- C:\deltree.exe

2013-10-31 00:03 . 2013-10-30 23:21 98 ----a-w- C:\dosbox-cfg.bat

2013-10-30 14:45 . 2013-10-30 13:59 2093 ----a-w- C:\vir-loc.bat

2013-10-30 02:26 . 1980-01-01 08:00 1879040 ----a-w- c:\windows\system32\win32k.sys

2013-10-29 16:06 . 2013-10-29 16:06 462 ----a-w- C:\dlink.bat

2013-10-29 07:57 . 1980-01-01 08:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-29 07:57 . 1980-01-01 08:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-10-29 07:57 . 1980-01-01 08:00 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-29 07:57 . 1980-01-01 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-10-29 00:45 . 2007-02-06 00:10 385024 ------w- c:\windows\system32\html.iec

2013-10-26 16:05 . 2013-10-26 14:06 354 ----a-w- C:\dsl.bat

2013-10-25 13:02 . 2013-10-25 13:02 37 ----a-w- C:\ipcon.bat

2013-10-23 23:45 . 1980-01-01 08:00 172032 ----a-w- c:\windows\system32\scrrun.dll

2013-10-21 12:10 . 2013-10-14 00:07 269216 ----a-w- c:\windows\system32\aswBoot.exe

2013-10-21 03:27 . 2013-10-20 21:22 2324 ----a-w- C:\MS-err.bat

2013-10-20 20:23 . 2013-10-20 20:24 267 ----a-w- C:\drv-long-dir.bat

2013-10-19 11:40 . 2013-10-17 04:35 548 ----a-w- C:\win95-drivers.bat

2013-10-17 05:31 . 2013-10-17 04:43 371 ----a-w- C:\adobe.bat

2013-10-17 05:10 . 2013-10-15 17:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-17 05:10 . 2013-10-15 17:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-17 04:34 . 2013-10-17 04:34 545 ----a-w- c:\documents and settings\Administrator\win95-drivers.bat

2013-10-17 03:35 . 2013-10-17 03:35 1071832 ----a-w- C:\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih2.exe

2013-10-16 20:29 . 2013-10-16 20:29 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2013-10-12 15:56 . 1980-01-01 08:00 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-12 13:26 . 2013-10-12 12:51 31 ----a-w- C:\drv.bat

2013-10-09 13:12 . 1980-01-01 08:00 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-07 10:59 . 2002-09-23 23:10 603136 ----a-w- c:\windows\system32\crypt32.dll

2013-09-24 17:03 . 2013-10-15 19:45 3361 ----a-w- C:\findme.bat

2013-09-24 01:01 . 2013-09-24 00:26 745 ----a-w- C:\find-me.bat

2013-09-17 20:17 . 2013-09-17 20:17 184664 ----a-w- c:\windows\system32\drivers\eamon.sys

2013-09-17 20:17 . 2013-09-17 20:17 134248 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2013-09-17 20:17 . 2013-09-17 20:17 118768 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DriverMax"="c:\qf9700\DriverMax\drivermax.exe" [2013-10-28 7328632]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-05 114688]

"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-05 94208]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-05 77824]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-07-28 490624]

"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-09-30 7957504]

"iYogi Support Dock"="c:\program files\iYogi Support Dock\SDStartup.exe" [2013-07-30 204288]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5110672]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe -s [2013-10-16 1298432]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\D-Link\\firmware\\114\\wrar420.exe"=

"c:\\Program Files\\Windows NT\\hypertrm.exe"=

"c:\\ftp-vif\\WS_FTP\\WS_FTP32.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"23:TCP"= 23:TCP:VIIF

"23:UDP"= 23:UDP:D-link

"3544:TCP"= 3544:TCP:d-link

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

.

R?2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/12/2013 12:06 PM 1337752]

R?2 PRTGCoreService;PRTG Core Server Service;c:\program files\PRTG Network Monitor\PRTG Server.exe [10/28/2013 8:00 PM 7232736]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/18/2013 6:01 PM 37664]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/17/2013 3:17 PM 134248]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/17/2013 3:17 PM 118768]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/18/2013 2:08 PM 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/18/2013 2:08 PM 701512]

R2 PPPoEService;PPPoE Service;c:\progra~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe [10/26/2013 1:13 PM 49152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/18/2013 2:08 PM 22856]

S?2 SupportDockService.exe;Support Dock Service;c:\program files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [8/7/2012 7:10 AM 78336]

S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]

S2 ca82e1a5;Optimizer Pro Crash Monitor;"c:\progra~1\optimi~1\OptProCrash.exe" --> c:\progra~1\optimi~1\OptProCrash.exe [?]

S2 PRTGProbeService;PRTG Probe Service;c:\program files\PRTG Network Monitor\PRTG Probe.exe [10/28/2013 8:00 PM 8814304]

S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]

S2 Util Lizardlink;Util Lizardlink;"c:\program files\Lizardlink\bin\utilLizardlink.exe" --> c:\program files\Lizardlink\bin\utilLizardlink.exe [?]

S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [?]

S3 ENIMSR;ENIMSR;c:\progra~1\EFFICI~1\ENTERN~1\app\ENIMSR.SYS [10/26/2013 1:13 PM 12924]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys --> c:\windows\system32\drivers\gfiark.sys [?]

S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [10/26/2013 1:12 PM 161640]

S3 NTSTPL1;NTSTPL1;c:\progra~1\EFFICI~1\ENTERN~1\app\NTSTPL1.SYS [10/26/2013 1:13 PM 16096]

S3 NTSTPL2;NTSTPL2;c:\progra~1\EFFICI~1\ENTERN~1\app\NTSTPL2.SYS [10/26/2013 1:16 PM 16096]

S3 QF97USB;QF9700 USB2.0 To Fast Ethernet Adapter;c:\windows\system32\drivers\qf97usb.sys [10/19/2013 8:10 AM 15232]

S3 RAWESR;RAWESR;c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [10/26/2013 1:12 PM 12924]

S3 TAPBIND;TAPBIND;c:\progra~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS [10/26/2013 1:13 PM 44544]

S3 USB_Ethernet_Adaptor;USB to Ethernet Adapter;c:\windows\system32\drivers\USB_Ethernet_Adaptor.sys [10/18/2013 7:31 PM 16512]

S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys --> c:\windows\system32\drivers\WPRO_41_2001.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 18:21 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-14 00:53]

.

2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-14 00:53]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyServer = http=127.0.0.1:3211;https=127.0.0.1:3211

uInternet Settings,ProxyOverride = <-loopback>;<local>

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

HKCU-Run-DriverMax_RESTART - (no file)

HKCU-Run-SpeedItupFree - c:\program files\SpeedItup Free\speeditupfree.exe

Notify-TPSvc - TPSvc.dll

AddRemove-IECT3279412 - c:\documents and settings\All Users\Application Data\Conduit\IE\CT3279412\UninstallerUI.exe

AddRemove-IECT3298581 - c:\documents and settings\All Users\Application Data\Conduit\IE\CT3298581\UninstallerUI.exe

AddRemove-IECT3306061 - c:\documents and settings\All Users\Application Data\Conduit\IE\CT3306061\UninstallerUI.exe

AddRemove-Meo - c:\program files\NCH Software\Meo\meo.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-12-16 11:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-471700545-4180328817-2901108925-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,64,11,28,25,91,da,41,be,2d,af,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3b,2f,05,b9,fd,50,53,40,88,91,65,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,64,11,28,25,91,da,41,be,2d,af,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3996)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\WgaTray.exe

c:\program files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

c:\windows\System32\snmp.exe

c:\windows\system32\ICO.EXE

c:\windows\system32\imapi.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2013-12-16 11:20:43 - machine was rebooted

ComboFix-quarantined-files.txt 2013-12-16 16:20

.

Pre-Run: 12,431,802,368 bytes free

Post-Run: 12,477,054,976 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - E6C7BF85049D18DC8A916A25E2BF4BDE

AB67D479E4EE1CCAD757294B60DDB98F

What do I do now?

Meanwhile many Thankx for your walkthrough the whole ordeal to get organized and ready for problems that never

yet manifested! Hope they don't either!

XCowboy

AdvancedSetup · December 17, 2013

The logs show that you have or had multiple different antivirus programs on this computer and at least some files from each still running.

Which antivirus are you using or wanting to use? Let me know and then I'll provide links for tools to run to remove the old remnants of those antivirus products.

XCowboy · December 17, 2013

To be honest I have no real confidence in any of the AV products! As I previously mentioned, I was forced to throw out my original computer equipment due to bedbug infestation and the computer I have now I purchased second hand and previous owner(s) installed AV programs of their preference.

Some AV Malware sensing programs may well be too sensitive and pointing to programs that have nothing wrong with them. Others simply cannot get at some cleaver malware that fights back as with [PUP].

At this juncture I simply don't know which anti-malware software to go with! ESET is currently running although it will soon expire.

MalwareBytes I tried for a time but it just expired a few weeks ago.

I've used FPROT in the past as well as many others like AVG and as you can see on the Combofix.txt report file AVAST was also running although I new nothing about it.

What do you suggest?

XCocker

AdvancedSetup · December 17, 2013

If you want a free antivirus then avast or Avira are probably the 2 best ones available for free.

You can visit this link for a listing of tools that you can download from the various antivirus sites to manually remove left over items.

I would run one for each of those that are listed on your system and then when you think your system is clean of them then download and install avast or Avira and update and do a Full System scan to make sure they don't find anything.

Information: List of Uninstaller Tools

avast

http://www.filehippo.com/download_avast_antivirus/

Avira

http://www.filehippo.com/download_antivir/

XCowboy · December 17, 2013

So is that it? Have we actually cleaned out those nasty viruses, spywares, trojans, and adwares?

I have still a question if I may?

On the Combofix detailed log file it has two entries near the bottom:

Pre-Run: 12,431,802,368 bytes free

Post-Run: 12,477,054,976 bytes free

How is it that when I do a DOS dir it tells me now that actually I have

12,495GB free which is more than Combofix Post-run reported and

where did all those ~~ 46MB go and will I be missing anything I do

not yet know about? There could not have been that much garbage

in all those malwares alone?

How did you get so good at using these sophisticated tools anyway?

You must have worked at MS LABS to be that familiar with the

integral workings of WINDOS registry entries and the whole software

architecture of the WINDOWS entire family of products?

Can you recommend a free AV program that would work on my XP

With no SP upgrade laptop or am I forced to upgrade the unit?

Again Thankx kindly,

Xcowboy

AdvancedSetup · December 18, 2013

We're not quite done yet. I've been doing computer support now for over 20 years so you learn things along the way.

The logs show that the computer is already running Service Pack 3 for XP.

I've already provided you with links for a good free antivirus.

avast

http://www.filehippo...vast_antivirus/

Avira

http://www.filehippo...wnload_antivir/

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

XCowboy · December 18, 2013

Good afternoon to all!

In my previous post when I thought we were through with the malware

problems already:

I requested from you not AV/AM suggestions for programs that would

work on my laptop with XP SP0 ( no Service packs ) --> Not for the

what I thought on Dec. 16th. had been cleaned up and finished with

using the ComboFix.exe

I was not talking about my IBM Tower running XP SP3

You did not fully read or understand my request.

As for Avest and Avira:

As you know by the ComboFix.txt file report my IBM Tower system

already had Avest running on it from a previous owner and it was

not able to protect the computer from the [PUP] and other malware

so I'm not to crazy about it now.

I tried to download Avira and did but it screwed me up totally

when I unchecked the buttons for allow Avira to install a "Avira

searchfree toolbar" etc. After extracting all the files etc. It

refused to run and told me to remove the program from my system

and re-download the whole thing from their site and re-run it and

accept their searchfree toolbar.

That to me is extorsion!

To top that off, it took me over 1/2 hour and several reboots ( as

the system locked up in attempting to remove the bloody VIRUS AV

program!).

I ended up downloading FREE SUPERAntiSpyware. It found Trojan

Trojan.Agent/Gen-Cryptor on my 16G dual bootable Memory Stick

It also found:

Memory items scanned : 435

Memory threats detected : 0

Registry items scanned : 36637

Registry threats detected : 0

File items scanned : 55053

File threats detected :

And best of all, it did not demand anything from me!

Step 3) Completed and documented:

Now I installed mbar.exe in c:\mbar and ran it.

I left my UBUNTU bootable memory stick in as drive F:

I wonder if mbar will catch and destroy the

Rootkit/Trojan Trojan.Agent/Gen-Cryptor because I did

not allow UPERAntiSpyware to remove anything in fact it

is currently ready and requesting if I want to remove

all malware agents and Adware Tracking cookies it found.

This site has a interresting article on removing a

Trojan in "System Volume Information" and it and Windows

http://forums.superantispyware.com/index.php?/topic/3723-trojan-in-system-volume-information/

keeping / maintaining it's restore points.

SAS defines it as "Trojan.Agent/Gen-RogueAV". Here is the

location:

F:\SYSTEM VOLUME INFORMATION\_RESTORE . . . .

Meanwhile MBar has finished and only found one piece of

Malware Trojan Agent and that is nearly impossible to be

true since it is a BATCH file I wrote called SYS.BAT in

C:\ which I had created and just looked at and did a

memory dump in DOS and found no untoward binary elements

inside except the hex/binary ascii values for the text

supposed to be in the batch file of 1,659 Bytes in length

and is simply a SYSTEMS REGISTRY copy batch file to copy

XP registry files of old registry in case of system crash

ie.

default

sam

security

software

I used to use SOFTICE winice Windows debugger program which

ran on Win95 and NT. I know a little bit about Break points

in the different rings of WINDOWS OS which I assume are a

little like program Restore Points.

I may have recently picked up this virus ( Yesterday

when I was working on a friends computer he had problems

installing a new OS to ).

These memory sticks are nice but we need to be careful

using them and where we stick them.

Anyway after the second pass of MBAR it told me Congrad's

Everything was found clean.

Now what about my SYS.BAK file and the 430 File threats

detected by SUPERAntiSpyware who I never allowed to do

anything about and the Trojan.Agent/Gen-Cryptor it found

on my memory stick F:

Directory of C:\mbar\mbar

12/18/2013 12:41 PM 2,128 MBAR-L~1.BAK (Backup of first pass)

12/18/2013 01:14 PM 2,130 mbar-log-2013-12-18 (09-54-42).txt

12/18/2013 02:31 PM 2,118 mbar-log-2013-12-18 (13-18-48).txt

12/18/2013 01:14 PM 101,420 SYSTEM~1.BAK (Backup of first pass)

12/18/2013 02:31 PM 201,372 system-log.txt

- - - - - - - - - - - - - - - - - -

mbar-log-2013-12-18 (09-54-42).txt

mbar-log-2013-12-18 (13-18-48).txt

system-log.txt

AdvancedSetup · December 19, 2013

I don't know at this point.

To get back on track please choose 1 computer and only 1 computer and we'll work on it to do what needs to be done. Mixing in 2 other computers in the same topic is what gets things messed up.

Once the one computer is done, then we can work on the next one, and when that one is done then move on to the 3rd one.

Thank you

XCowboy · December 19, 2013

Good evening!

Step 4) Completed!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Microsoft Windows XP x86

Ran by Administrator on Wed 12/18/2013 at 22:16:39.01

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] APNMCP

Successfully deleted: [service] APNMCP

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4F203657-F5EF-412D-B7BC-567FD8A6849E}

Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"

Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{44cbc005-6243-4502-8a02-3a096a282664}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{80703783-e415-4ee3-ab60-d36981c5a6f1}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\clsid\{f297534d-7b06-459d-bc19-2dd8ef69297b}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{6978f29a-3493-40b2-8cdc-9c13a02f85a4}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d7949a66-d936-4028-9552-14f7dc50f38d}"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"

Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\cre"

Successfully deleted: [Folder] "C:\Program Files\askpartnernetwork"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy]

Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 12/18/2013 at 22:23:03.96

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdvancedSetup · December 19, 2013

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

XCowboy · December 19, 2013

Good Morning!

Step 5) 2 Parts completed

# AdwCleaner v3.015 - Report created 18/12/2013 at 22:52:46

# Updated 10/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : Administrator - IBM-F400B3CC723

# Running from : C:\AdwCleaner\AdwCleaner (2).exe

# Option : Scan

***** [ Services ] *****

Service Found : ca82e1a5

Service Found : vToolbarUpdater17.1.2

***** [ Files / Folders ] *****

Folder Found C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\apn

Folder Found C:\Documents and Settings\Administrator\Application Data\AVG SafeGuard toolbar

Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG SafeGuard toolbar

Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\NativeMessaging

Folder Found C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork

Folder Found C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar

Folder Found C:\Program Files\AVG SafeGuard toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG SafeGuard toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com

Key Found : HKLM\Software\AVG SafeGuard toolbar

Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout

Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}

Key Found : HKLM\Software\do-searchSoftware

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis03@SpeedAnalysis.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage

Found : search_url

Found : keyword

Found : urls_to_restore_on_startup

*************************

AdwCleaner[R1].txt - [2545 octets] - [18/12/2013 22:52:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2605 octets] ##########

Volume in drive C is IBM_PRELOAD

Volume Serial Number is 8C05-D993

Directory of C:\

12/19/2013 09:09 AM 0 mbam-all.txt

11/18/2013 02:22 PM 178,926 MBAM-log-2013-11-18 (14-22-20).txt

12/01/2013 08:26 PM 10,324 MBAM-log-2013-12-01 (20-25-29).txt

12/01/2013 08:30 PM 10,324 MBAM-log-2013-12-01 (20-30-26).txt

12/14/2013 01:02 PM 20,086 MBAM-log-2013-12-14 (12-52-19).txt

12/19/2013 08:23 AM 3,468 mbam-log-2013-12-19 (08-07-03).txt

12/19/2013 08:21 AM 3,216 MBAM-log-2013-12-19 (08-20-28).txt

7 File(s) 226,344 bytes

0 Dir(s) 11,900,727,296 bytes free

AdwCleanerR1.txt

XCowboy · December 19, 2013

Step 6) Completed:

I completed step 6 however the instructions in one of the help files was not

complete and I had to pick around to find the right folder. I *** star high lite the

lines that were problematic:

I also mention other idiosyncratic behavior

Please go here

(http://www.eset.com/onlinescan/) to run the online antivirus

scannner from ESET.

*** If not running MS IE as Browser we need to download the ESET

*** install first.

Turn off the real time scanner of any existing antivirus program

(http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html)

while performing the online scan

To turn off SuperAntispyware virus tracking we first need to

*** ( After enabling it on screen from logo )

*** go to "SYSTEM TOOLS AND PROGRAM SETTINGS

*** ONLY Then we see "PREFERENCES"

SuperAntiSpyware:

Open SUPERAntiSpyware

Click on Preferences

Click on Real-Time Protection tab

Untick Real-Time protection

Click on the Hi-Jack Protection tab

Under Home Page Protection, uncheck

"Protect Home Page from being changed. Changes can only be made here."

Click on Close.

Close SUPERAntiSpyware

Reverse to re-enable.

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the activex control to install

Click Start

Make sure that the option Remove found threats is unticked

Click on Advanced Settings and ensure these options are ticked:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

** CLICK ON START

** Then wait until ESET downloads Virus Signature database

** Scan took 1 hour to get to 48% completed and then jumped to 80%

** completed in 5 minutes? WHY?

Click Scan

Wait for the scan to finish

If any threats were found, click the 'List of found threats'

, then click Export to text file... .

Save it to your desktop, then please copy and paste that log as

a reply to this topic.

12/19/2013 12:49 PM 4,206 ESET-Online-not-so-online-scanner.txt OUTPUT FILE:

C:\KeyFinderInstaller (1).exe Win32/OpenCandy application

C:\KeyFinderInstaller.exe Win32/OpenCandy application

C:\meosetup.exe a variant of Win32/Bundled.Toolbar.Google.C application

C:\AdwCleaner\quarantine-0\C\Documents and Settings\Administrator\Application Data\SpeedAnalysis3\install_helper.exe.vir Win32/bProtector.H application

C:\AdwCleaner\quarantine-0\C\Documents and Settings\Administrator\Application Data\zulagames\install_helper.exe.vir Win32/bProtector.H application

C:\AdwCleaner\quarantine-0\C\Program Files\NCH Software\Meo\meo.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application

C:\AdwCleaner\quarantine-0\C\Program Files\NCH Software\Meo\meosetup_v2.17.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application

C:\AdwCleaner\quarantine-0\C\Program Files\Speed Analysis 3\AddonsFramework.Typelib.dll.vir a variant of Win32/Toolbar.Besttoolbars.H application

C:\AdwCleaner\quarantine-0\C\Program Files\Speed Analysis 3\AddonsFramework.Typelib64.dll.vir a variant of Win32/Toolbar.Besttoolbars.H application

C:\AdwCleaner\quarantine-0\C\Program Files\Speed Analysis 3\BackgroundHost.exe.vir Win32/Toolbar.Besttoolbars.G application

C:\AdwCleaner\quarantine-0\C\Program Files\Speed Analysis 3\BackgroundHost64.exe.vir Win64/Toolbar.Besttoolbars.A application

C:\AdwCleaner\quarantine-0\C\Program Files\Speed Analysis 3\ButtonSite.dll.vir a variant of Win32/Toolbar.Besttoolbars.H application

C:\AdwCleaner\quarantine-0\C\Program Files\Speed Analysis 3\ButtonSite64.dll.vir a variant of Win32/Toolbar.Besttoolbars.H application

C:\AdwCleaner\quarantine-0\C\Program Files\Speed Analysis 3\ScriptHost.dll.vir a variant of Win32/Toolbar.Besttoolbars.H application

C:\AdwCleaner\quarantine-0\C\Program Files\Speed Analysis 3\ScriptHost64.dll.vir a variant of Win32/Toolbar.Besttoolbars.H application

C:\AdwCleaner\quarantine-0\C\Program Files\Wajam\Updater\update.exe.vir a variant of Win32/Wajam.D application

C:\AdwCleaner\quarantine-0\C\Program Files\Wajam\Updater\WajamUpdaterV3.exe.vir Win32/Wajam.D application

C:\D-Link\utility\NETCAP\nc.exe Win32/RemoteAdmin.NetCat application

C:\Documents and Settings\Administrator\desktop\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.D application

C:\Documents and Settings\Administrator\desktop\FreeZipSetup-3gPvcEw2.exe Win32/Somoto application

C:\Documents and Settings\Administrator\Local Settings\temp\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application

C:\Qoobox\Quarantine\C\nc.exe.vir Win32/RemoteAdmin.NetCat application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP42\A0027649.exe a variant of Win32/Wajam.D application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP43\A0027751.exe a variant of Win32/Wajam.D application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP44\A0028002.exe a variant of Win32/Wajam.D application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP49\A0029462.exe a variant of Win32/Wajam.D application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP55\A0031443.exe a variant of Win32/Wajam.D application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031922.exe a variant of Win32/Bundled.Toolbar.Google.C application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031924.exe a variant of Win32/Bundled.Toolbar.Google.C application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP57\A0031947.exe a variant of Win32/Wajam.D application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP70\A0034697.exe Win32/RemoteAdmin.NetCat application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP72\A0035991.exe a variant of Win32/Bundled.Toolbar.Ask.D application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP73\A0036130.exe Win32/Bundled.Toolbar.Ask.E application

C:\System Volume Information\_restore{29FD9B63-4F58-4DB0-B2C4-8709D5244F27}\RP73\A0036228.exe multiple threats

XCowboy · December 19, 2013

Step 7) Completed

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2013 05

Ran by Administrator (administrator) on IBM-F400B3CC723 on 19-12-2013 12:53:56

Running from C:\AdwCleaner

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

() C:\Program Files\Efficient Networks\EnterNet 300\app\PPPoEService.exe

() C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe

(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

() C:\WINDOWS\system32\FSRremoS.EXE

(VIA Technologies, Inc.) C:\Program Files\VIAudioi\SBADeck\ADeck.exe

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

(Innovative Solutions) C:\QF9700\DriverMax\drivermax.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

() C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

(Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Mouse Suite 98 Daemon] - C:\WINDOWS\system32\ico.exe [49152 2005-04-13] (Primax Electronics Ltd.)

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\System32\hkcmd.exe [ ] ()

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [490624 2010-07-28] (Conexant Systems, Inc.)

HKLM\...\Run: [AudioDeck] - C:\Program Files\VIAudioi\SBADeck\ADeck.exe [7957504 2004-09-30] (VIA Technologies, Inc.)

HKLM\...\Run: [iYogi Support Dock] - C:\Program Files\iYogi Support Dock\SDStartup.exe [204288 2013-07-30] (iYogi Inc.)

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)

HKCU\...\Run: [DriverMax] - C:\QF9700\DriverMax\drivermax.exe [7328632 2013-10-28] (Innovative Solutions)

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2013-12-17] (SUPERAntiSpyware)

HKU\Default User\...\Run: [ibmmessages] - C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Guest\...\Run: [ibmmessages] - C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TL-WN321G Wireless Utility.lnk

ShortcutTarget: TL-WN321G Wireless Utility.lnk -> C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:3211;https=127.0.0.1:3211

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope value is missing.

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357272198359

DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:

=======

CHR DefaultSearchKeyword: do-search

CHR DefaultSearchProvider: do-search

CHR DefaultSearchURL: http://do-search.com/web/?type=ds&ts=1384374789&from=adks&uid=HDS728040PLA320_PFDA10S1SMR3MLSMR3MLX&q={searchTerms}

CHR DefaultNewTabURL:

CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (History Button) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fofpnhmbgmmeaialapfddhbhfongoinh\1.0.1_0

CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)

R2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2001-08-18] (Microsoft Corporation)

R2 PPPoEService; C:\Program Files\Efficient Networks\EnterNet 300\app\PPPoEService.exe [49152 2000-07-11] ()

S2 PRTGCoreService; C:\Program Files\PRTG Network Monitor\PRTG Server.exe [7232736 2013-10-17] (Paessler AG)

S2 PRTGProbeService; C:\Program Files\PRTG Network Monitor\PRTG Probe.exe [8814304 2013-10-17] (Paessler AG)

R2 RalinkRegistryWriter; C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe [69632 2009-01-05] ()

S2 SupportDockService.exe; C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-08-07] (iYogi Technical Services)

S2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [x]

S2 Util Lizardlink; "C:\Program Files\Lizardlink\bin\utilLizardlink.exe" [x]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2013-10-16] (Cisco Systems, Inc.)

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-19] (AVG Technologies)

S3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [171152 2008-08-20] (Intel Corporation)

R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)

S3 ENIMSR; C:\Program Files\Efficient Networks\EnterNet 300\app\ENIMSR.sys [12924 2002-03-06] (Efficient Networks, Inc.)

R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET)

R3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.)

R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)

S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)

S3 NTSPPPOE; C:\Windows\System32\DRIVERS\ntspppoe.sys [161640 2002-03-06] (Efficient Networks, Inc.)

S3 NTSTPL1; C:\Program Files\Efficient Networks\EnterNet 300\app\ntstpl1.sys [16096 2002-03-06] (Network TeleSystems, Inc.)

S3 NTSTPL2; C:\Program Files\Efficient Networks\EnterNet 300\app\NTSTPL2.SYS [16096 2002-03-06] (Network TeleSystems, Inc.)

R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)

R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation)

R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation)

S3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)

S3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)

S3 QF97USB; C:\Windows\System32\DRIVERS\qf97usb.sys [15232 2010-09-29] (Corechip Semiconductor, Inc. Co Ltd.)

S3 RAWESR; C:\Program Files\Efficient Networks\EnterNet 300\app\rawesr.sys [12924 2002-03-06] (Efficient Networks, Inc.)

R3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [465152 2008-10-21] (Ralink Technology, Corp.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 TAPBIND; C:\Program Files\Efficient Networks\EnterNet 300\app\tapbind1.sys [44544 2002-03-06] (Network TeleSystems, Inc.)

R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

R3 TPM; C:\Windows\System32\DRIVERS\tpm.sys [17792 2005-10-09] (Winbond Electronics Corp.)

S3 USB_Ethernet_Adaptor; C:\Windows\System32\DRIVERS\USB_Ethernet_Adaptor.sys [16512 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.)

R3 VIAudio; C:\Windows\System32\drivers\vinyl97.sys [161536 2004-09-06] (VIA Technologies, Inc.)

S3 aeaudio; system32\drivers\aeaudio.sys [x]

U5 Browser; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

S3 gfiark; system32\drivers\gfiark.sys [x]

S3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [x]

U5 Messenger; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)

U5 Netlogon; C:\Windows\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)

S2 PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS [x]

U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [65048 2013-11-16] (Sysinternals - www.sysinternals.com)

S1 sbaphd; system32\drivers\sbaphd.sys [x]

S2 sbapifs; system32\drivers\sbapifs.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

S3 smwdm; system32\drivers\smwdm.sys [x]

S3 WPRO_41_2001; system32\drivers\WPRO_41_2001.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-19 12:53 - 2013-12-19 12:53 - 00000000 ____D C:\FRST

2013-12-19 12:47 - 2013-12-19 12:47 - 00004206 _____ C:\ESET-Final-Scan.txt

2013-12-19 09:09 - 2013-12-19 09:09 - 00000696 _____ C:\mbam-all.txt

2013-12-19 08:41 - 2013-12-19 08:43 - 00004709 _____ C:\mbam.bat

2013-12-19 06:53 - 2013-12-19 09:13 - 00003389 _____ C:\AdwCleaner[R1].txt

2013-12-19 06:53 - 2013-12-19 09:12 - 00002689 _____ C:\ADWCLE~2.BAK

2013-12-18 22:23 - 2013-12-18 22:34 - 00002992 _____ C:\JRT.txt

2013-12-18 22:23 - 2013-12-18 22:23 - 00002988 _____ C:\Documents and Settings\Administrator\desktop\JRT.txt

2013-12-18 22:16 - 2013-12-18 22:16 - 00000000 ____D C:\WINDOWS\ERUNT

2013-12-18 22:14 - 2013-12-18 22:14 - 00000000 ____D C:\jrt

2013-12-18 15:36 - 2013-12-18 15:36 - 00000000 ____D C:\SUPERDelete

2013-12-18 12:12 - 2013-12-18 12:12 - 00001638 _____ C:\Documents and Settings\All Users\desktop\InstallConverter.lnk

2013-12-18 12:12 - 2013-12-18 12:12 - 00000000 ____D C:\Program Files\InstallConverter

2013-12-18 12:12 - 2013-12-18 12:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter

2013-12-18 09:54 - 2013-12-18 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-12-18 09:50 - 2013-12-19 07:42 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-12-18 09:49 - 2013-12-18 09:50 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\mbar

2013-12-18 09:46 - 2013-12-18 09:52 - 00000000 ____D C:\mbar

2013-12-18 01:10 - 2013-12-19 09:10 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e30984d5-6150-48ea-9a13-0cef06ccb9fa.job

2013-12-18 01:10 - 2013-12-19 02:00 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0a2efdb2-1707-4acf-86c5-35a07d4e683f.job

2013-12-18 01:09 - 2013-12-18 01:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

2013-12-18 01:09 - 2013-12-18 01:09 - 00001689 _____ C:\Documents and Settings\All Users\desktop\SUPERAntiSpyware Professional.lnk

2013-12-18 01:09 - 2013-12-18 01:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-12-18 01:09 - 2013-12-18 01:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2013-12-18 01:09 - 2013-12-18 01:09 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2013-12-18 01:07 - 2013-12-18 01:08 - 29055752 _____ (SUPERAntiSpyware) C:\Documents and Settings\Administrator\desktop\SUPERAntiSpyware.exe

2013-12-17 23:47 - 2013-12-18 00:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira

2013-12-17 23:20 - 2013-12-17 23:36 - 129564536 _____ C:\Documents and Settings\Administrator\desktop\avira_free_antivirus_en.exe

2013-12-17 22:56 - 2013-12-19 12:20 - 00015308 _____ C:\Uninstall-Anti-virus-pgms.txt

2013-12-17 22:56 - 2013-12-18 14:47 - 00012884 _____ C:\UNINST~1.BAK

2013-12-17 21:35 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\mbam.sys

2013-12-17 12:00 - 2013-12-17 12:04 - 00000000 ____D C:\facebook

2013-12-17 05:10 - 2013-12-17 04:51 - 11125072 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\desktop\Copy of mseinstall.exe

2013-12-17 05:03 - 2013-12-17 05:03 - 00001919 _____ C:\WINDOWS\epplauncher.mif

2013-12-17 04:51 - 2013-12-17 04:51 - 11125072 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\desktop\mseinstall.exe

2013-12-16 11:20 - 2013-12-17 06:28 - 00029662 _____ C:\ComboFix.txt

2013-12-16 11:12 - 2013-12-16 11:12 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2013-12-16 11:12 - 2013-12-16 11:12 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG

2013-12-16 11:12 - 2013-12-16 11:12 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG

2013-12-16 11:12 - 2013-12-16 11:12 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG

2013-12-16 11:12 - 2013-12-16 11:12 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG

2013-12-16 10:58 - 2013-12-16 10:58 - 00000000 _RSHD C:\cmdcons

2013-12-16 10:58 - 2013-10-09 17:16 - 00000211 _____ C:\Boot.bak

2013-12-16 10:58 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr

2013-12-16 10:56 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2013-12-16 10:56 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2013-12-16 10:56 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2013-12-16 10:56 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2013-12-16 10:56 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2013-12-16 10:56 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2013-12-16 10:56 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe

2013-12-16 10:56 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe

2013-12-16 10:56 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe

2013-12-16 10:55 - 2013-12-16 11:20 - 00000000 ____D C:\Qoobox

2013-12-16 10:55 - 2013-12-16 11:18 - 00000000 ____D C:\WINDOWS\erdnt

2013-12-16 09:35 - 2013-12-16 09:35 - 00002079 _____ C:\makedisk-readme.txt

2013-12-16 09:32 - 2013-12-16 09:32 - 00001314 _____ C:\directions.txt

2013-12-16 01:20 - 2013-12-16 01:20 - 01094939 _____ (pendrivelinux.com) C:\Documents and Settings\Administrator\desktop\Universal-USB-Installer-1.9.5.1.exe

2013-12-16 01:11 - 2013-12-16 01:11 - 07071744 _____ (Cerberus LLC) C:\Documents and Settings\Administrator\desktop\CerberusInstall.exe

2013-12-16 00:59 - 2013-12-16 01:06 - 57816616 _____ (ZOHO Corporation) C:\Documents and Settings\Administrator\desktop\ManageEngine_ServiceDesk_Plus (1).exe

2013-12-16 00:52 - 2013-12-16 00:58 - 57816616 _____ (ZOHO Corporation) C:\Documents and Settings\Administrator\desktop\ManageEngine_ServiceDesk_Plus.exe

2013-12-15 23:28 - 2013-12-16 00:28 - 741343232 _____ C:\Documents and Settings\Administrator\desktop\ubuntu-12.04.3-desktop-i386.iso

2013-12-15 22:44 - 2013-12-15 22:44 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\makedisk

2013-12-15 22:35 - 2013-12-15 22:35 - 00199542 _____ C:\Documents and Settings\Administrator\desktop\makedisk.zip

2013-12-15 21:20 - 2013-12-15 21:20 - 00000000 _____ C:\WINDOWS\Bench32.INI

2013-12-15 20:58 - 2013-12-15 20:58 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\New Folder

2013-12-15 19:34 - 2013-12-15 19:34 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\Flash.Tools

2013-12-15 12:54 - 2013-12-15 12:54 - 01869895 _____ C:\Documents and Settings\Administrator\desktop\Flash.Tools.zip

2013-12-15 12:36 - 2013-12-15 12:37 - 11387176 _____ (Rene.E Laboratory ) C:\Documents and Settings\Administrator\desktop\ReneeUndeleter_2013.exe

2013-12-15 12:34 - 2013-12-15 12:34 - 02376376 _____ (Pro Data Doctor Pvt. Ltd. ) C:\Documents and Settings\Administrator\desktop\pen-drive-data-recovery-demo (1).exe

2013-12-15 12:33 - 2013-12-15 12:33 - 02376376 _____ (Pro Data Doctor Pvt. Ltd. ) C:\Documents and Settings\Administrator\desktop\pen-drive-data-recovery-demo.exe

2013-12-15 10:42 - 2013-12-15 10:44 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\lexar_usb_tool

2013-12-15 10:38 - 2006-02-11 15:49 - 00001575 _____ C:\Documents and Settings\Administrator\desktop\readme.txt

2013-12-15 10:38 - 2004-12-27 17:13 - 00077824 _____ (Lexar Media) C:\Documents and Settings\Administrator\desktop\BootIt.exe

2013-12-15 10:38 - 2004-08-26 09:43 - 00332498 _____ C:\Documents and Settings\Administrator\desktop\BootIt.dat

2013-12-15 10:37 - 2013-12-15 10:38 - 00363596 _____ C:\Documents and Settings\Administrator\desktop\lexar_usb_tool.zip

2013-12-15 10:04 - 2013-12-16 09:06 - 00022599 _____ C:\DSL-300I-email.txt

2013-12-15 07:17 - 2013-12-15 07:17 - 04608744 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

2013-12-15 06:24 - 2013-12-15 06:24 - 00081324 _____ C:\Documents and Settings\Administrator\desktop\ComboFix A guide and tutorial on using ComboFix.htm

2013-12-15 06:24 - 2013-12-15 06:24 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ComboFix A guide and tutorial on using ComboFix_files

2013-12-15 06:07 - 2013-12-15 06:07 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ComboFix_files

2013-12-15 06:02 - 2013-12-15 06:03 - 05154339 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe

2013-12-15 05:58 - 2013-12-15 05:58 - 00216192 _____ C:\Documents and Settings\Administrator\desktop\FreeZipSetup-3gPvcEw2.exe

2013-12-15 05:50 - 2013-12-15 05:50 - 00081168 _____ C:\ComboFix A guide and tutorial on using ComboFix.htm

2013-12-15 05:50 - 2013-12-15 05:50 - 00000000 ____D C:\ComboFix A guide and tutorial on using ComboFix_files

2013-12-14 21:47 - 2013-12-14 21:47 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache

2013-12-14 15:06 - 2013-12-14 15:06 - 00013610 _____ C:\Downloads-and-blocked-DL.htm

2013-12-14 15:04 - 2013-12-14 15:04 - 00891200 _____ C:\SecurityCheck (1).exe

2013-12-14 14:08 - 2013-12-14 16:03 - 00018778 _____ C:\Attach.txt

2013-12-14 14:06 - 2013-12-14 15:59 - 00030508 _____ C:\DDS.txt

2013-12-14 14:00 - 2013-12-19 08:59 - 00003050 _____ C:\PUP-ELIM.BAT

2013-12-14 14:00 - 2013-12-14 14:59 - 00002484 _____ C:\PUP-ELIM.BAK

2013-12-14 09:58 - 2013-12-14 09:58 - 00891200 _____ C:\SecurityCheck (2).exe

2013-12-14 09:39 - 2013-12-14 09:31 - 00891200 _____ C:\SecurityCheck.exe

2013-12-14 05:03 - 2013-12-14 05:10 - 00024450 _____ C:\DIR-INFO.TXT

2013-12-14 05:03 - 2013-12-14 05:03 - 00024450 _____ C:\DIR-INFO.BAK

2013-12-14 03:09 - 2013-12-14 03:10 - 00013940 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-14 03:08 - 2013-12-14 03:08 - 00006145 _____ C:\WINDOWS\KB2904266.log

2013-12-14 03:08 - 2013-12-14 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-14 03:08 - 2013-12-14 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-14 03:01 - 2013-12-14 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-14 03:01 - 2013-12-14 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-14 03:01 - 2013-12-14 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 06:39 - 2013-12-12 06:44 - 122548923 _____ C:\v0594_PN_Puffy_SugarFree_6min (1).mp4

2013-12-11 05:25 - 2013-12-14 03:09 - 00012798 _____ C:\WINDOWS\KB2898715.log

2013-12-11 05:25 - 2013-12-14 03:01 - 00012340 _____ C:\WINDOWS\KB2893984.log

2013-12-11 05:25 - 2013-12-14 03:01 - 00011624 _____ C:\WINDOWS\KB2893294.log

2013-12-11 05:25 - 2013-12-14 03:01 - 00010907 _____ C:\WINDOWS\KB2892075.log

2013-12-06 14:51 - 2013-12-07 03:07 - 00009894 _____ C:\vif-prob.txt

2013-12-06 13:36 - 2013-12-06 13:36 - 00008219 _____ C:\Vif-Billing service.htm

2013-12-06 13:36 - 2013-12-06 13:36 - 00000000 ____D C:\Vif-Billing service_files

2013-12-06 02:14 - 2013-12-06 02:14 - 00001549 _____ C:\ESET-06-12-13.txt

2013-12-06 01:19 - 2013-12-06 01:19 - 00022558 _____ C:\Videotron-Gmail - SVP --- ISP connection options in 2007 to postal code H3K2R5 required for legal matter..htm

2013-12-06 01:19 - 2013-12-06 01:19 - 00000000 ____D C:\Videotron-Gmail - SVP --- ISP connection options in 2007 to postal code H3K2R5 required for legal matter._files

2013-12-01 21:27 - 2013-12-02 06:20 - 00005088 _____ C:\Sundayedition-Dec-01-2013.txt

2013-11-25 01:16 - 2013-11-25 01:16 - 00320671 _____ C:\Toledo former capital of Spain - Google Search.htm

2013-11-25 01:16 - 2013-11-25 01:16 - 00000000 ____D C:\Toledo former capital of Spain - Google Search_files

2013-11-23 14:16 - 2013-12-19 12:21 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-23 14:16 - 2013-12-19 08:29 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-21 11:57 - 2013-12-17 13:49 - 00000496 _____ C:\WINDOWS\system32\GreenPC.set

2013-11-21 11:48 - 2013-11-21 11:48 - 00184048 _____ C:\What to do with old XPSP-NULL or maybe 3 second hand - Malware Removal Help - Malwarebytes Forum.htm

2013-11-21 11:48 - 2013-11-21 11:48 - 00000000 ____D C:\What to do with old XPSP-NULL or maybe 3 second hand - Malware Removal Help - Malwarebytes Forum_files

2013-11-20 14:01 - 2013-11-20 14:01 - 00271735 _____ C:\Trouble with LAN and Proxy settings - Resolved HijackThis Logs - Malwarebytes Forum.htm

2013-11-20 14:01 - 2013-11-20 14:01 - 00000000 ____D C:\Trouble with LAN and Proxy settings - Resolved HijackThis Logs - Malwarebytes Forum_files

2013-11-20 13:47 - 2013-12-19 09:12 - 00024387 _____ C:\AdwCleaner[s0].txt

2013-11-20 13:47 - 2013-11-20 13:47 - 00024387 _____ C:\ADWCLE~1.BAK

2013-11-20 13:15 - 2013-11-20 13:15 - 01085542 _____ C:\adwcleaner (1).exe

2013-11-19 18:23 - 2013-11-19 18:23 - 00000869 _____ C:\ESET=Not-completed-scan.xml

2013-11-19 18:18 - 2013-11-19 18:18 - 01187629 _____ C:\ESET-1st-portion-of scan.xml

2013-11-19 18:16 - 2013-11-19 18:16 - 00080737 _____ C:\Eset-1st-scan.xml

2013-11-19 18:14 - 2013-11-19 18:14 - 00000869 _____ C:\ESET-second-part-of-scan.xml

2013-11-19 17:26 - 2013-11-19 17:26 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET

2013-11-19 14:54 - 2013-11-19 14:54 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET

2013-11-19 12:57 - 2013-12-19 09:48 - 00000000 ____D C:\Program Files\ESET

2013-11-19 12:57 - 2013-11-19 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET

2013-11-19 12:57 - 2013-11-19 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET

2013-11-19 12:41 - 2013-11-19 12:42 - 01682336 _____ (ESET) C:\eset_nod32_antivirus_live_installer.exe

2013-11-19 12:38 - 2013-11-19 12:38 - 05146522 _____ (Swearware) C:\ComboFix.exe

2013-11-19 12:31 - 2013-11-18 22:30 - 00011181 _____ C:\ExceptionLogs.log

2013-11-19 12:29 - 2013-11-19 12:30 - 00000304 _____ C:\EXCEPTI.BAT

2013-11-19 12:25 - 2013-11-19 12:25 - 00000666 _____ C:\iya---.log

2013-11-19 12:24 - 2013-11-19 09:08 - 00008600 _____ C:\iYogiLog20131119.log

2013-11-19 12:05 - 2013-11-19 12:14 - 00031248 _____ C:\LOGS.BAK

==================== One Month Modified Files and Folders =======

2013-12-19 12:53 - 2013-12-19 12:53 - 00000000 ____D C:\FRST

2013-12-19 12:53 - 2013-11-13 13:46 - 00000000 ____D C:\AdwCleaner

2013-12-19 12:47 - 2013-12-19 12:47 - 00004206 _____ C:\ESET-Final-Scan.txt

2013-12-19 12:21 - 2013-11-23 14:16 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-19 12:20 - 2013-12-17 22:56 - 00015308 _____ C:\Uninstall-Anti-virus-pgms.txt

2013-12-19 09:48 - 2013-11-19 12:57 - 00000000 ____D C:\Program Files\ESET

2013-12-19 09:34 - 2007-02-05 19:18 - 01366386 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-19 09:13 - 2013-12-19 06:53 - 00003389 _____ C:\AdwCleaner[R1].txt

2013-12-19 09:12 - 2013-12-19 06:53 - 00002689 _____ C:\ADWCLE~2.BAK

2013-12-19 09:12 - 2013-11-20 13:47 - 00024387 _____ C:\AdwCleaner[s0].txt

2013-12-19 09:10 - 2013-12-18 01:10 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e30984d5-6150-48ea-9a13-0cef06ccb9fa.job

2013-12-19 09:09 - 2013-12-19 09:09 - 00000696 _____ C:\mbam-all.txt

2013-12-19 08:59 - 2013-12-14 14:00 - 00003050 _____ C:\PUP-ELIM.BAT

2013-12-19 08:43 - 2013-12-19 08:41 - 00004709 _____ C:\mbam.bat

2013-12-19 08:29 - 2013-11-23 14:16 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-19 08:29 - 1980-01-01 03:00 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl

2013-12-19 08:28 - 2013-10-28 20:00 - 00000000 ____D C:\Program Files\PRTG Network Monitor

2013-12-19 08:28 - 2003-02-19 16:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-19 08:26 - 2007-02-05 20:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB920685$

2013-12-19 08:24 - 2003-02-19 16:34 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt

2013-12-19 08:24 - 2003-02-19 16:34 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini

2013-12-19 07:42 - 2013-12-18 09:50 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-12-19 07:31 - 2013-11-07 17:03 - 00056848 _____ C:\PUP-ellimination.txt

2013-12-19 02:00 - 2013-12-18 01:10 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0a2efdb2-1707-4acf-86c5-35a07d4e683f.job

2013-12-18 22:34 - 2013-12-18 22:23 - 00002992 _____ C:\JRT.txt

2013-12-18 22:23 - 2013-12-18 22:23 - 00002988 _____ C:\Documents and Settings\Administrator\desktop\JRT.txt

2013-12-18 22:16 - 2013-12-18 22:16 - 00000000 ____D C:\WINDOWS\ERUNT

2013-12-18 22:14 - 2013-12-18 22:14 - 00000000 ____D C:\jrt

2013-12-18 15:36 - 2013-12-18 15:36 - 00000000 ____D C:\SUPERDelete

2013-12-18 14:47 - 2013-12-17 22:56 - 00012884 _____ C:\UNINST~1.BAK

2013-12-18 14:31 - 2013-12-18 09:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-12-18 12:22 - 2013-11-06 10:10 - 00000257 _____ C:\1.BLK

2013-12-18 12:21 - 2013-10-28 18:23 - 00001659 _____ C:\SYS.BAK

2013-12-18 12:12 - 2013-12-18 12:12 - 00001638 _____ C:\Documents and Settings\All Users\desktop\InstallConverter.lnk

2013-12-18 12:12 - 2013-12-18 12:12 - 00000000 ____D C:\Program Files\InstallConverter

2013-12-18 12:12 - 2013-12-18 12:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\InstallConverter

2013-12-18 09:52 - 2013-12-18 09:46 - 00000000 ____D C:\mbar

2013-12-18 09:50 - 2013-12-18 09:49 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\mbar

2013-12-18 01:10 - 2013-12-18 01:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

2013-12-18 01:09 - 2013-12-18 01:09 - 00001689 _____ C:\Documents and Settings\All Users\desktop\SUPERAntiSpyware Professional.lnk

2013-12-18 01:09 - 2013-12-18 01:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-12-18 01:09 - 2013-12-18 01:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2013-12-18 01:09 - 2013-12-18 01:09 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2013-12-18 01:08 - 2013-12-18 01:07 - 29055752 _____ (SUPERAntiSpyware) C:\Documents and Settings\Administrator\desktop\SUPERAntiSpyware.exe

2013-12-18 00:42 - 2013-12-17 23:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira

2013-12-18 00:42 - 2013-09-22 21:07 - 00352551 _____ C:\WINDOWS\setupapi.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00394514 _____ C:\WINDOWS\iis6.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00259423 _____ C:\WINDOWS\FaxSetup.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00152772 _____ C:\WINDOWS\ocgen.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00130558 _____ C:\WINDOWS\tsoc.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00091218 _____ C:\WINDOWS\msmqinst.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00088557 _____ C:\WINDOWS\comsetup.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00056890 _____ C:\WINDOWS\ntdtcsetup.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00047512 _____ C:\WINDOWS\netfxocm.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00019740 _____ C:\WINDOWS\MedCtrOC.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00015274 _____ C:\WINDOWS\ocmsn.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00014127 _____ C:\WINDOWS\msgsocm.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00012440 _____ C:\WINDOWS\tabletoc.log

2013-12-18 00:38 - 2013-10-14 10:26 - 00001943 _____ C:\WINDOWS\imsins.log

2013-12-18 00:19 - 2003-02-19 16:16 - 00000000 ____D C:\WINDOWS\Help

2013-12-17 23:36 - 2013-12-17 23:20 - 129564536 _____ C:\Documents and Settings\Administrator\desktop\avira_free_antivirus_en.exe

2013-12-17 13:49 - 2013-11-21 11:57 - 00000496 _____ C:\WINDOWS\system32\GreenPC.set

2013-12-17 12:04 - 2013-12-17 12:00 - 00000000 ____D C:\facebook

2013-12-17 11:12 - 2013-10-22 09:32 - 00000000 ____D C:\chris-m

2013-12-17 06:28 - 2013-12-16 11:20 - 00029662 _____ C:\ComboFix.txt

2013-12-17 05:03 - 2013-12-17 05:03 - 00001919 _____ C:\WINDOWS\epplauncher.mif

2013-12-17 04:51 - 2013-12-17 05:10 - 11125072 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\desktop\Copy of mseinstall.exe

2013-12-17 04:51 - 2013-12-17 04:51 - 11125072 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\desktop\mseinstall.exe

2013-12-17 01:47 - 2013-10-20 15:20 - 00106310 _____ C:\DRV.TXT

2013-12-16 17:48 - 2003-02-19 16:34 - 00000000 ____D C:\Documents and Settings\NetworkService

2013-12-16 11:20 - 2013-12-16 10:55 - 00000000 ____D C:\Qoobox

2013-12-16 11:18 - 2013-12-16 10:55 - 00000000 ____D C:\WINDOWS\erdnt

2013-12-16 11:16 - 1980-01-01 03:00 - 00000246 _____ C:\WINDOWS\system.ini

2013-12-16 11:12 - 2013-12-16 11:12 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2013-12-16 11:12 - 2013-12-16 11:12 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG

2013-12-16 11:12 - 2013-12-16 11:12 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG

2013-12-16 11:12 - 2013-12-16 11:12 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG

2013-12-16 11:12 - 2013-12-16 11:12 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG

2013-12-16 11:12 - 2003-02-19 08:18 - 23068672 _____ C:\WINDOWS\system32\config\SOFTWARE.bak

2013-12-16 11:12 - 2003-02-19 08:18 - 09437184 _____ C:\WINDOWS\system32\config\SYSTEM.bak

2013-12-16 11:12 - 2003-02-19 08:18 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak

2013-12-16 11:12 - 2003-02-19 08:18 - 00262144 _____ C:\WINDOWS\system32\config\DEFAULT.bak

2013-12-16 11:12 - 2003-02-19 08:18 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak

2013-12-16 11:10 - 2013-10-15 18:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe

2013-12-16 11:10 - 2003-02-19 16:34 - 00000000 ____D C:\Documents and Settings\Administrator

2013-12-16 10:58 - 2013-12-16 10:58 - 00000000 _RSHD C:\cmdcons

2013-12-16 10:58 - 2001-09-17 16:02 - 00000327 __RSH C:\BOOT.INI

2013-12-16 10:51 - 2013-10-13 19:07 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google

2013-12-16 09:40 - 2013-11-16 14:42 - 00005420 _____ C:\System-Key.txt

2013-12-16 09:35 - 2013-12-16 09:35 - 00002079 _____ C:\makedisk-readme.txt

2013-12-16 09:32 - 2013-12-16 09:32 - 00001314 _____ C:\directions.txt

2013-12-16 09:06 - 2013-12-15 10:04 - 00022599 _____ C:\DSL-300I-email.txt

2013-12-16 01:20 - 2013-12-16 01:20 - 01094939 _____ (pendrivelinux.com) C:\Documents and Settings\Administrator\desktop\Universal-USB-Installer-1.9.5.1.exe

2013-12-16 01:11 - 2013-12-16 01:11 - 07071744 _____ (Cerberus LLC) C:\Documents and Settings\Administrator\desktop\CerberusInstall.exe

2013-12-16 01:06 - 2013-12-16 00:59 - 57816616 _____ (ZOHO Corporation) C:\Documents and Settings\Administrator\desktop\ManageEngine_ServiceDesk_Plus (1).exe

2013-12-16 00:58 - 2013-12-16 00:52 - 57816616 _____ (ZOHO Corporation) C:\Documents and Settings\Administrator\desktop\ManageEngine_ServiceDesk_Plus.exe

2013-12-16 00:28 - 2013-12-15 23:28 - 741343232 _____ C:\Documents and Settings\Administrator\desktop\ubuntu-12.04.3-desktop-i386.iso

2013-12-15 22:44 - 2013-12-15 22:44 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\makedisk

2013-12-15 22:35 - 2013-12-15 22:35 - 00199542 _____ C:\Documents and Settings\Administrator\desktop\makedisk.zip

2013-12-15 21:20 - 2013-12-15 21:20 - 00000000 _____ C:\WINDOWS\Bench32.INI

2013-12-15 20:58 - 2013-12-15 20:58 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\New Folder

2013-12-15 19:34 - 2013-12-15 19:34 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\Flash.Tools

2013-12-15 12:54 - 2013-12-15 12:54 - 01869895 _____ C:\Documents and Settings\Administrator\desktop\Flash.Tools.zip

2013-12-15 12:37 - 2013-12-15 12:36 - 11387176 _____ (Rene.E Laboratory ) C:\Documents and Settings\Administrator\desktop\ReneeUndeleter_2013.exe

2013-12-15 12:34 - 2013-12-15 12:34 - 02376376 _____ (Pro Data Doctor Pvt. Ltd. ) C:\Documents and Settings\Administrator\desktop\pen-drive-data-recovery-demo (1).exe

2013-12-15 12:33 - 2013-12-15 12:33 - 02376376 _____ (Pro Data Doctor Pvt. Ltd. ) C:\Documents and Settings\Administrator\desktop\pen-drive-data-recovery-demo.exe

2013-12-15 10:44 - 2013-12-15 10:42 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\lexar_usb_tool

2013-12-15 10:38 - 2013-12-15 10:37 - 00363596 _____ C:\Documents and Settings\Administrator\desktop\lexar_usb_tool.zip

2013-12-15 07:48 - 2003-02-19 12:58 - 00000000 ____D C:\I386

2013-12-15 07:22 - 2013-11-07 17:03 - 00053911 _____ C:\PUP-EL~1.BAK

2013-12-15 07:17 - 2013-12-15 07:17 - 04608744 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

2013-12-15 06:24 - 2013-12-15 06:24 - 00081324 _____ C:\Documents and Settings\Administrator\desktop\ComboFix A guide and tutorial on using ComboFix.htm

2013-12-15 06:24 - 2013-12-15 06:24 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ComboFix A guide and tutorial on using ComboFix_files

2013-12-15 06:07 - 2013-12-15 06:07 - 00000000 ____D C:\Documents and Settings\Administrator\desktop\ComboFix_files

2013-12-15 06:03 - 2013-12-15 06:02 - 05154339 ____R (Swearware) C:\Documents and Settings\Administrator\desktop\ComboFix.exe

2013-12-15 05:58 - 2013-12-15 05:58 - 00216192 _____ C:\Documents and Settings\Administrator\desktop\FreeZipSetup-3gPvcEw2.exe

2013-12-15 05:50 - 2013-12-15 05:50 - 00081168 _____ C:\ComboFix A guide and tutorial on using ComboFix.htm

2013-12-15 05:50 - 2013-12-15 05:50 - 00000000 ____D C:\ComboFix A guide and tutorial on using ComboFix_files

2013-12-14 21:47 - 2013-12-14 21:47 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache

2013-12-14 21:47 - 2003-02-19 16:34 - 00000000 ____D C:\Documents and Settings\LocalService

2013-12-14 16:03 - 2013-12-14 14:08 - 00018778 _____ C:\Attach.txt

2013-12-14 15:59 - 2013-12-14 14:06 - 00030508 _____ C:\DDS.txt

2013-12-14 15:06 - 2013-12-14 15:06 - 00013610 _____ C:\Downloads-and-blocked-DL.htm

2013-12-14 15:04 - 2013-12-14 15:04 - 00891200 _____ C:\SecurityCheck (1).exe

2013-12-14 14:59 - 2013-12-14 14:00 - 00002484 _____ C:\PUP-ELIM.BAK

2013-12-14 09:58 - 2013-12-14 09:58 - 00891200 _____ C:\SecurityCheck (2).exe

2013-12-14 09:31 - 2013-12-14 09:39 - 00891200 _____ C:\SecurityCheck.exe

2013-12-14 05:10 - 2013-12-14 05:03 - 00024450 _____ C:\DIR-INFO.TXT

2013-12-14 05:03 - 2013-12-14 05:03 - 00024450 _____ C:\DIR-INFO.BAK

2013-12-14 03:27 - 2003-02-19 16:18 - 00170688 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-12-14 03:10 - 2013-12-14 03:09 - 00013940 _____ C:\WINDOWS\KB2898785-IE8.log

2013-12-14 03:10 - 2013-10-14 10:27 - 00013122 _____ C:\WINDOWS\updspapi.log

2013-12-14 03:10 - 2013-10-14 10:26 - 00001393 _____ C:\WINDOWS\imsins.BAK

2013-12-14 03:09 - 2013-12-11 05:25 - 00012798 _____ C:\WINDOWS\KB2898715.log

2013-12-14 03:08 - 2013-12-14 03:08 - 00006145 _____ C:\WINDOWS\KB2904266.log

2013-12-14 03:08 - 2013-12-14 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-14 03:08 - 2013-12-14 03:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-14 03:08 - 2013-10-14 10:43 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-12-14 03:08 - 2007-02-06 13:48 - 00128568 ____C C:\WINDOWS\system32\TZLog.log

2013-12-14 03:02 - 2007-02-05 20:31 - 88123800 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-12-14 03:01 - 2013-12-14 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-14 03:01 - 2013-12-14 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-14 03:01 - 2013-12-14 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-14 03:01 - 2013-12-11 05:25 - 00012340 _____ C:\WINDOWS\KB2893984.log

2013-12-14 03:01 - 2013-12-11 05:25 - 00011624 _____ C:\WINDOWS\KB2893294.log

2013-12-14 03:01 - 2013-12-11 05:25 - 00010907 _____ C:\WINDOWS\KB2892075.log

2013-12-12 07:13 - 2013-10-24 08:44 - 00013904 _____ C:\NUDES.TXT

2013-12-12 06:44 - 2013-12-12 06:39 - 122548923 _____ C:\v0594_PN_Puffy_SugarFree_6min (1).mp4

2013-12-07 03:07 - 2013-12-06 14:51 - 00009894 _____ C:\vif-prob.txt

2013-12-06 13:36 - 2013-12-06 13:36 - 00008219 _____ C:\Vif-Billing service.htm

2013-12-06 13:36 - 2013-12-06 13:36 - 00000000 ____D C:\Vif-Billing service_files

2013-12-06 02:14 - 2013-12-06 02:14 - 00001549 _____ C:\ESET-06-12-13.txt

2013-12-06 01:19 - 2013-12-06 01:19 - 00022558 _____ C:\Videotron-Gmail - SVP --- ISP connection options in 2007 to postal code H3K2R5 required for legal matter..htm

2013-12-06 01:19 - 2013-12-06 01:19 - 00000000 ____D C:\Videotron-Gmail - SVP --- ISP connection options in 2007 to postal code H3K2R5 required for legal matter._files

2013-12-05 13:27 - 2013-10-13 19:59 - 00001824 _____ C:\Documents and Settings\All Users\desktop\Google Chrome.lnk

2013-12-02 06:20 - 2013-12-01 21:27 - 00005088 _____ C:\Sundayedition-Dec-01-2013.txt

2013-11-25 01:16 - 2013-11-25 01:16 - 00320671 _____ C:\Toledo former capital of Spain - Google Search.htm

2013-11-25 01:16 - 2013-11-25 01:16 - 00000000 ____D C:\Toledo former capital of Spain - Google Search_files

2013-11-21 12:22 - 2013-10-24 08:44 - 00011387 _____ C:\NUDES.BAK

2013-11-21 11:48 - 2013-11-21 11:48 - 00184048 _____ C:\What to do with old XPSP-NULL or maybe 3 second hand - Malware Removal Help - Malwarebytes Forum.htm

2013-11-21 11:48 - 2013-11-21 11:48 - 00000000 ____D C:\What to do with old XPSP-NULL or maybe 3 second hand - Malware Removal Help - Malwarebytes Forum_files

2013-11-20 22:30 - 2013-11-15 10:21 - 00010883 _____ C:\get-rid-cre.txt

2013-11-20 22:17 - 2013-11-15 10:21 - 00007457 _____ C:\GET-RI~2.BAK

2013-11-20 22:05 - 2013-11-15 11:47 - 00002309 _____ C:\get-rid-0.txt

2013-11-20 21:42 - 2013-10-20 15:20 - 00100455 _____ C:\DRV.BAK

2013-11-20 21:38 - 2013-11-15 11:47 - 00002309 _____ C:\GET-RI~1.BAK

2013-11-20 18:51 - 2013-11-12 22:34 - 00000819 _____ C:\avast.bat

2013-11-20 14:01 - 2013-11-20 14:01 - 00271735 _____ C:\Trouble with LAN and Proxy settings - Resolved HijackThis Logs - Malwarebytes Forum.htm

2013-11-20 14:01 - 2013-11-20 14:01 - 00000000 ____D C:\Trouble with LAN and Proxy settings - Resolved HijackThis Logs - Malwarebytes Forum_files

2013-11-20 13:47 - 2013-11-20 13:47 - 00024387 _____ C:\ADWCLE~1.BAK

2013-11-20 13:41 - 2013-11-01 16:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Uniblue

2013-11-20 13:15 - 2013-11-20 13:15 - 01085542 _____ C:\adwcleaner (1).exe

2013-11-19 18:23 - 2013-11-19 18:23 - 00000869 _____ C:\ESET=Not-completed-scan.xml

2013-11-19 18:18 - 2013-11-19 18:18 - 01187629 _____ C:\ESET-1st-portion-of scan.xml

2013-11-19 18:16 - 2013-11-19 18:16 - 00080737 _____ C:\Eset-1st-scan.xml

2013-11-19 18:14 - 2013-11-19 18:14 - 00000869 _____ C:\ESET-second-part-of-scan.xml

2013-11-19 17:34 - 2013-10-13 17:30 - 00000000 ____D C:\AV-Avast

2013-11-19 17:34 - 2013-09-25 08:29 - 00000000 ____D C:\FTP_32

2013-11-19 17:26 - 2013-11-19 17:26 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET

2013-11-19 14:54 - 2013-11-19 14:54 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET

2013-11-19 12:57 - 2013-11-19 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET

2013-11-19 12:57 - 2013-11-19 12:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET

2013-11-19 12:42 - 2013-11-19 12:41 - 01682336 _____ (ESET) C:\eset_nod32_antivirus_live_installer.exe

2013-11-19 12:38 - 2013-11-19 12:38 - 05146522 _____ (Swearware) C:\ComboFix.exe

2013-11-19 12:30 - 2013-11-19 12:29 - 00000304 _____ C:\EXCEPTI.BAT

2013-11-19 12:25 - 2013-11-19 12:25 - 00000666 _____ C:\iya---.log

2013-11-19 12:14 - 2013-11-19 12:05 - 00031248 _____ C:\LOGS.BAK

2013-11-19 09:08 - 2013-11-19 12:24 - 00008600 _____ C:\iYogiLog20131119.log

2013-11-19 00:26 - 2013-10-18 18:01 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys

Files to move or delete:

====================

C:\Documents and Settings\Administrator\win95-drivers.bat

Some content of TEMP:

====================

C:\Documents and Settings\Administrator\Local Settings\temp\avgnt.exe

C:\Documents and Settings\Administrator\Local Settings\temp\dlLogic.exe

C:\Documents and Settings\Administrator\Local Settings\temp\GCVerifier.dll

C:\Documents and Settings\Administrator\Local Settings\temp\mMamStub.exe

C:\Documents and Settings\Administrator\Local Settings\temp\Offercast_AVIRAV7_.exe

C:\Documents and Settings\Administrator\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-12-2013 05

Ran by Administrator at 2013-12-19 12:55:50

Running from C:\AdwCleaner

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET NOD32 Antivirus 7.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

Access IBM Cleanup Utility (Version: 1.00.0000)

Adobe Acrobat 5.0 (Version: 5.0)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)

Avira SearchFree Toolbar (Version: 12.6.0.1898)

Broadcom Gigabit Integrated Controller (Version: 3.62)

CCleaner (Version: 2.29)

COMDisable Beta (Version: 1.0.0)

Conexant Audio Filter Agent (Version: 1.7.18.0)

Conexant SmartAudio (Version: 6.0.93.0)

Defraggler (Version: 1.17)

DriverMax 7 (Version: 7.21.0.141)

DSL-300 Configuration Utility

DSL-300 Firmware Upgrade Utility

EnterNet 300

ESET NOD32 Antivirus (Version: 7.0.302.26)

ESET Online Scanner v3

ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)

Google Chrome (Version: 31.0.1650.63)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.5.4805.320)

Google Update Helper (Version: 1.3.22.3)

Haali Media Splitter

IBM 32-bit SDK for Java 2, v1.4.1 (Version: 1.4.1)

IBM Themes (Version: 1.00.0000)

InstallConverter (Version: 1.0)

Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)

Intel® PRO Network Connections Drivers

iYogi Support Dock (Version: 5.8.1)

Magical Jelly Bean KeyFinder (Version: 2.0.8.2)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Mouse Suite

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)

Network Stumbler 0.4.0 (remove only)

Shockwave

SketchUp 8 (Version: 3.0.16846)

SUPERAntiSpyware (Version: 5.7.1014)

ThinkCentre Wallpaper (Version: 1.00.0000)

TL-WN321G Wireless Utility (Version: 1.0.3.0)

TrueCrypt (Version: 7.1a)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)

Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2492386) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB2863058) (Version: 1)

Update for Windows XP (KB2904266) (Version: 1)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

VIA Audio Driver Setup Program

VLC media player 2.0.5 (Version: 2.0.5)

WebFldrs XP (Version: 9.50.6513)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Imaging Component (Version: 3.0.0.0)

Windows Internet Explorer 7 (Version: 20061107.210142)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation (Version: 3.0.6920.0)

Windows XP Service Pack 3 (Version: 20080414.031525)

WinRAR 4.20 (32-bit) (Version: 4.20.0)

XML Paper Specification Shared Components Pack 1.0

xp_key_viewer 1.0.0

==================== Restore Points =========================

08-11-2013 04:27:17 System Checkpoint

08-11-2013 20:24:56 Installed COMDisable Beta

09-11-2013 21:41:17 System Checkpoint

10-11-2013 23:16:23 System Checkpoint

12-11-2013 00:37:02 System Checkpoint

12-11-2013 03:19:18 Installed SketchUp 8

12-11-2013 23:20:38 Software Distribution Service 3.0

13-11-2013 17:37:28 Installed STOPzilla

14-11-2013 18:01:43 Software Distribution Service 3.0

15-11-2013 04:47:26 Software Distribution Service 3.0

16-11-2013 05:07:23 System Checkpoint

17-11-2013 05:52:07 System Checkpoint

18-11-2013 02:21:23 avast! antivirus system restore point

18-11-2013 02:34:55 Removed STOPzilla

19-11-2013 04:46:16 System Checkpoint

20-11-2013 05:26:30 System Checkpoint

21-11-2013 06:18:31 System Checkpoint

22-11-2013 07:09:48 System Checkpoint

02-12-2013 16:36:04 System Checkpoint

04-12-2013 19:51:55 System Checkpoint

05-12-2013 20:59:21 System Checkpoint

06-12-2013 22:05:24 System Checkpoint

07-12-2013 23:33:41 System Checkpoint

08-12-2013 23:47:08 System Checkpoint

10-12-2013 00:31:32 System Checkpoint

11-12-2013 00:41:06 System Checkpoint

14-12-2013 08:00:25 Software Distribution Service 3.0

14-12-2013 13:04:50 Software Distribution Service 3.0

15-12-2013 18:17:58 System Checkpoint

16-12-2013 18:19:23 System Checkpoint

17-12-2013 21:11:19 System Checkpoint

18-12-2013 17:41:49 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

1980-01-01 03:00 - 2013-12-16 11:15 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0a2efdb2-1707-4acf-86c5-35a07d4e683f.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task e30984d5-6150-48ea-9a13-0cef06ccb9fa.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-09-22 15:15 - 2004-04-19 16:31 - 00032768 _____ () C:\Program Files\VIAudioi\SBADeck\ExtendDll.dll

2013-10-18 18:03 - 2013-10-28 13:05 - 00009088 _____ () C:\QF9700\DriverMax\sync.dll

2013-10-16 15:28 - 2007-11-28 03:32 - 01163264 _____ () C:\Program Files\TP-LINK\TL-WN321G\COMMON\acAuth.dll

2003-05-30 12:00 - 2008-04-14 08:41 - 00059904 ____C () C:\WINDOWS\System32\devenum.dll

2002-12-12 03:14 - 2008-04-14 08:42 - 00014336 ____C () C:\WINDOWS\system32\msdmo.dll

2013-12-05 13:26 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 13:26 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 13:26 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-12-05 13:26 - 2013-12-03 21:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (12/19/2013 08:34:23 AM) (Source: PRTGCoreService) (User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/19/2013 07:09:42 AM) (Source: PRTGCoreService) (User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 10:42:12 PM) (Source: PRTGCoreService) (User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 10:10:58 PM) (Source: PRTGCoreService) (User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 08:18:12 PM) (Source: Application Error) (User: )

Description: Fault bucket -539275816.

The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/18/2013 08:14:20 PM) (Source: Application Error) (User: )

Description: Faulting application iyogisupportdock.exe, version 5.8.1.87, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00009e8a.

Processing media-specific event for [iyogisupportdock.exe!ws!]

Error: (12/18/2013 01:15:01 PM) (Source: PRTGCoreService) (User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 00:58:45 AM) (Source: PRTGCoreService) (User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 00:50:51 AM) (Source: PRTGCoreService) (User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 00:38:56 AM) (Source: PRTGCoreService) (User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

System errors:

=============

Error: (12/19/2013 08:34:14 AM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

sbaphd

Error: (12/19/2013 08:31:13 AM) (Source: Service Control Manager) (User: )

Description: The ESET Service service hung on starting.

Error: (12/19/2013 08:30:48 AM) (Source: SideBySide) (User: )

Description: Generate Activation Context failed for C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe.

Reference error message: The operation completed successfully.

.

Error: (12/19/2013 08:30:48 AM) (Source: SideBySide) (User: )

Description: Syntax error in manifest or policy file "Function failed during execution.

1" on line Function failed during execution.

2.

Error: (12/19/2013 08:29:51 AM) (Source: Service Control Manager) (User: )

Description: The Util Lizardlink service failed to start due to the following error:

%%3

Error: (12/19/2013 08:29:51 AM) (Source: Service Control Manager) (User: )

Description: The SoundMAX Agent Service service failed to start due to the following error:

%%2

Error: (12/19/2013 08:29:51 AM) (Source: Service Control Manager) (User: )

Description: Timeout (30000 milliseconds) waiting for the PRTG Probe Service service to connect.

Error: (12/19/2013 08:29:51 AM) (Source: Service Control Manager) (User: )

Description: The IPSEC Services service terminated with the following error:

%%1747

Error: (12/19/2013 08:29:51 AM) (Source: Service Control Manager) (User: )

Description: The PMEM service failed to start due to the following error:

%%2

Error: (12/19/2013 08:29:51 AM) (Source: Service Control Manager) (User: )

Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:

%%2

Microsoft Office Sessions:

=========================

Error: (12/19/2013 08:34:23 AM) (Source: PRTGCoreService)(User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/19/2013 07:09:42 AM) (Source: PRTGCoreService)(User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 10:42:12 PM) (Source: PRTGCoreService)(User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 10:10:58 PM) (Source: PRTGCoreService)(User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 08:18:12 PM) (Source: Application Error)(User: )

Description: -539275816

Error: (12/18/2013 08:14:20 PM) (Source: Application Error)(User: )

Description: iyogisupportdock.exe5.8.1.87kernel32.dll5.1.2600.629300009e8a

Error: (12/18/2013 01:15:01 PM) (Source: PRTGCoreService)(User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 00:58:45 AM) (Source: PRTGCoreService)(User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 00:50:51 AM) (Source: PRTGCoreService)(User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

Error: (12/18/2013 00:38:56 AM) (Source: PRTGCoreService)(User: )

Description: Service failed on start: Access violation at address 009AF42B in module 'PRTG Server.exe'. Read of address 00000038

==================== Memory info ===========================

Percentage of memory in use: 47%

Total physical RAM: 2550.48 MB

Available physical RAM: 1329.26 MB

Total Pagefile: 3922.07 MB

Available Pagefile: 2637.28 MB

Total Virtual: 2047.88 MB

Available Virtual: 1949.53 MB

==================== Drives ================================

Drive c: (IBM_PRELOAD) (Fixed) (Total:30.91 GB) (Free:10.91 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: () (Fixed) (Total:6.35 GB) (Free:3.68 GB) NTFS

Drive e: (CD059A4) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS

Drive f: (UUI) (Removable) (Total:14.92 GB) (Free:13.33 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 37 GB) (Disk ID: EC87EC87)

Partition 1: (Active) - (Size=31 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=6 GB) - (Type=OF Extended)

========================================================

Disk: 1 (Size: 15 GB) (Disk ID: B73F03F1)

Partition 1: (Active) - (Size=15 GB) - (Type=0C)

XCowboy · December 19, 2013

Step 8) Completed

2/19/2013 01:29 PM 23,422 MiniToolBox-Result.txt

Attached

MiniToolBox-Result.txt

AdvancedSetup · December 19, 2013

Did I miss it or overlook it? I don't see the log from AdwCleaner where you told it to actually CLEAN what it found?

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

XCowboy · December 19, 2013

Sorry about the posting of the same file twice ( I made a mistake in posting the Step 5) 2 Parts

AdwCleanerR1.txt 3.31KB 3 downloads

I seem to have only put the Found Viruses twice instead of the second one Above

link should have been AdwCleaner[s1].txt So here it is:

AdwCleanerS1.txt

AdvancedSetup · December 19, 2013

Great, please run the FIXLIST using FRST and post back that log.

Thanks

XCowboy · December 20, 2013

It would seem that the script file fixlist.txt along with the FRST.exe has put my computer into an infinite loop.

I was forced after 1 hour of the Hard Disk lite flashing and nothing happening the computer finally hung up.

ie. No output from the effort.

I in fact had to unplug the unit to get it to unhang and allow reboot.

I'don't know? Any Ideas?

XCowboy

AdvancedSetup · December 20, 2013

No because what it was told to remove were all minor items. Please shut it down then tap the F8 key during startup and see if you can select Last Known Good and see if that works.

What to do with old XPSP-NULL or maybe 3 second hand

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information