Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing file cmd.exe


  • Please log in to reply
12 replies to this topic

#1 Chaz24

Chaz24

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusette
  • Local time:04:45 AM

Posted 18 May 2014 - 09:48 AM

Hi,

 

Running a Malware Bytes scan revealed both coupon-bar,com and mindspark malware.  I was trying to remove the malware running corrections suggested by Malwaretips.com and after a restart I got a popup message stating it was looking in c:\WINDOWS\system32> and could not find file cmd.exe. 

 

XP operationg discs did not come with the machine when purchased new but was instructed to create a recovery console which I did. 

 

Any suggestions? 

 

Thank you


Edited by hamluis, 18 May 2014 - 10:03 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 AM

Posted 18 May 2014 - 06:02 PM

Are you saying that you can't start your computer at all because of the error message?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Chaz24

Chaz24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusette
  • Local time:04:45 AM

Posted 18 May 2014 - 09:49 PM

Thanks for the response. 

 

Actually we can use the computer.  It is my wife's computer and she was able to accesss Facebook and also her emails.  

 

I Googled cmd.exe and one of the items on the list was about a virus.  Could I have downloaded a virus when downloading one of the clean up processes Malwaretips recommended?

 

We have had a lot of problems with this machine.  Get a lot of "hangup" after clicking the mouse.  I was using 1 GB of ram, added 2 addl GBs which seemed to help but back to running slowly. 

 

Thank you



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 AM

Posted 18 May 2014 - 09:58 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Chaz24

Chaz24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusette
  • Local time:04:45 AM

Posted 19 May 2014 - 07:33 PM

Broni,

 

It was not mentioned but wondering if I can do the tasks you outlined while the PC is in Safe Mode? 

 

It is taking forever to load the browser. 

 

I figure I can download the application on a different computer and use a flash drive to copy it on to the efected PC.  I guess I am assuming you can load an application when the PC is in Safe Mode.

 

Thank you



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 AM

Posted 19 May 2014 - 07:46 PM

Download all tools in safe mode with networking but run them from normal mode.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Chaz24

Chaz24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusette
  • Local time:04:45 AM

Posted 19 May 2014 - 09:37 PM

Broni,

 

I assume when you say normal mode you are referring to the state where you are when normally start the PC.

 

I downloaded Security Check, Farbar Service Scanner, Malwarebytes, and MiniToolBox to my desktop.  I then restarted the PC and when I got to the desktop I did not see the icons for the these applications.

 

What am I doing wrong or is there something else I should be doing?

 

Thank you



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 AM

Posted 20 May 2014 - 12:06 AM

Check the folder where your downloads normally go.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Chaz24

Chaz24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusette
  • Local time:04:45 AM

Posted 20 May 2014 - 09:55 AM

Broni,

 

Found the missing files.  When using Safe Mode with Networking I had a choice to either log in as Administrator or HP-Administrator.  I choose Administrator and my start up desktop is under HP-Administrator.

 

Can I run the files from the Administrator Desktop or do I need to move the files over to the HP-Administrator Desktop?

 

Should I send you results as I get them or wait until I have completed all the tests?

 

Thanks for the help. 



#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 AM

Posted 20 May 2014 - 06:08 PM

You can run tools from either profile.

It doesn't matter to me if you post all logs at once or one by one.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Chaz24

Chaz24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusette
  • Local time:04:45 AM

Posted 21 May 2014 - 07:41 AM

Broni,

 

I ran all the applications as suggested.  Here are the logs.  Let me know what to do next or if I missed to run an application.

 

Security Check

 

 Results of screen317's Security Check version 0.99.83  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Smart Security      
Computer Security   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 37  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Charter Security Suite apps ComputerSecurity Anti-Virus\FSGK32.EXE
 Charter Security Suite apps ComputerSecurity Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
 

FSS

 

Farbar Service Scanner Version: 14-05-2014
Ran by HP_Administrator (administrator) on 20-05-2014 at 21:39:03
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by HP_Administrator (administrator) on 20-05-2014 at 21:42:58
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1    localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : YOUR-4DACD0EA79        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Hybrid        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : domainEthernet adapter Local Area Connection:        Connection-specific DNS Suffix  . : domain        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller        Physical Address. . . . . . . . . : 00-18-F3-94-AC-14        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.101        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.1        DHCP Server . . . . . . . . . . . : 192.168.1.1        DNS Servers . . . . . . . . . . . : 66.189.0.100                                            24.159.64.23        Lease Obtained. . . . . . . . . . : Tuesday, May 20, 2014 9:11:18 PM        Lease Expires . . . . . . . . . . : Tuesday, May 20, 2014 11:11:18 PMServer:  vip01oxfrma.oxfr.ma.charter.com
Address:  66.189.0.100

Name:    google.com
Addresses:  74.125.228.7, 74.125.228.6, 74.125.228.5, 74.125.228.1
      74.125.228.4, 74.125.228.14, 74.125.228.2, 74.125.228.9, 74.125.228.8
      74.125.228.3, 74.125.228.0

Pinging google.com [74.125.228.206] with 32 bytes of data:Reply from 74.125.228.206: bytes=32 time=19ms TTL=53Reply from 74.125.228.206: bytes=32 time=27ms TTL=53Ping statistics for 74.125.228.206:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 19ms, Maximum = 27ms, Average = 23msServer:  vip01oxfrma.oxfr.ma.charter.com
Address:  66.189.0.100

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45

Pinging yahoo.COM [206.190.36.45] with 32 bytes of data:Reply from 206.190.36.45: bytes=32 time=104ms TTL=44Reply from 206.190.36.45: bytes=32 time=104ms TTL=44Ping statistics for 206.190.36.45:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 104ms, Maximum = 104ms, Average = 104msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 94 ac 14 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.101      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.101   192.168.1.101      20
    192.168.1.101  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.101   192.168.1.101      20
        224.0.0.0        240.0.0.0    192.168.1.101   192.168.1.101      20
  255.255.255.255  255.255.255.255    192.168.1.101   192.168.1.101      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/20/2014 09:35:34 PM) (Source: Application Error) (User: )
Description: Faulting application fsavaui.exe, version 10.0.106.0, faulting module fsavaui.exe, version 10.0.106.0, fault address 0x00066b70.
Processing media-specific event for [fsavaui.exe!ws!]

Error: (05/20/2014 09:35:27 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Program Files\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavaui.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Advanced User Interface because of this error.

Program: Advanced User Interface
File: C:\Program Files\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavaui.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Error: (05/20/2014 09:32:40 PM) (Source: F-Secure DeepGuard) (User: )
Description: 3  2014-05-20  21:32:40-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\documents and settings\hp_administrator\desktop\fss.exe
 File hash: d611186fc923546e736359c553b20e1670000fab

Error: (05/20/2014 09:31:54 PM) (Source: F-Secure DeepGuard) (User: )
Description: 2  2014-05-20  21:31:54-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\documents and settings\hp_administrator\desktop\fss.exe
 File hash: d611186fc923546e736359c553b20e1670000fab

Error: (05/20/2014 08:39:34 PM) (Source: F-Secure Anti-Virus) (User: )
Description: 1  2014-05-20  20:38:26-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure Anti-Virus
 An error occurred while scanning \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\FSS.EXE.

Error: (05/20/2014 07:17:46 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005: InitEventCollector failed

Error: (05/20/2014 07:03:21 AM) (Source: Application Error) (User: )
Description: Faulting application services.exe, version 5.1.2600.5755, faulting module userenv.dll, version 5.1.2600.5512, fault address 0x0005d927.
Processing media-specific event for [services.exe!ws!]

Error: (05/20/2014 07:02:31 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\userenv.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Userenv because of this error.

Program: Userenv
File: C:\WINDOWS\system32\userenv.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Error: (05/19/2014 09:50:12 PM) (Source: F-Secure Anti-Virus) (User: )
Description: 1  2014-05-19  21:49:02-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure Anti-Virus
 No scanner engines loaded and enabled. Virus protection is disabled.

Error: (05/19/2014 07:49:12 PM) (Source: F-Secure Anti-Virus) (User: )
Description: 1  2014-05-19  19:49:09-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure Anti-Virus
 No scanner engines loaded and enabled. Virus protection is disabled.


System errors:
=============
Error: (05/20/2014 09:35:00 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/20/2014 09:03:53 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/20/2014 09:02:33 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/20/2014 09:02:08 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/20/2014 08:49:22 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/20/2014 08:42:48 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolume1\WINDOWS...MRT.exe

Error: (05/20/2014 08:38:21 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/20/2014 08:37:47 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (05/20/2014 08:37:36 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolume1...erviceModel.dll

Error: (05/20/2014 08:37:30 PM) (Source: 0) (User: )
Description: \Device\HarddiskVolume1...Zone.Identifier


Microsoft Office Sessions:
=========================
Error: (05/20/2014 09:35:34 PM) (Source: Application Error)(User: )
Description: fsavaui.exe10.0.106.0fsavaui.exe10.0.106.000066b70

Error: (05/20/2014 09:35:27 PM) (Source: Application Error)(User: )
Description: C:\Program Files\Charter Security Suite\apps\ComputerSecurity\FSGUI\fsavaui.exeAdvanced User InterfaceC000009C3

Error: (05/20/2014 09:32:40 PM) (Source: F-Secure DeepGuard)(User: )
Description: 3  2014-05-20  21:32:40-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\documents and settings\hp_administrator\desktop\fss.exe
 File hash: d611186fc923546e736359c553b20e1670000fab

Error: (05/20/2014 09:31:54 PM) (Source: F-Secure DeepGuard)(User: )
Description: 2  2014-05-20  21:31:54-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\documents and settings\hp_administrator\desktop\fss.exe
 File hash: d611186fc923546e736359c553b20e1670000fab

Error: (05/20/2014 08:39:34 PM) (Source: F-Secure Anti-Virus)(User: )
Description: 1  2014-05-20  20:38:26-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure Anti-Virus
 An error occurred while scanning \DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\FSS.EXE.

Error: (05/20/2014 07:17:46 PM) (Source: COM+)(User: )
Description: Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 80080005: InitEventCollector failed

Error: (05/20/2014 07:03:21 AM) (Source: Application Error)(User: )
Description: services.exe5.1.2600.5755userenv.dll5.1.2600.55120005d927

Error: (05/20/2014 07:02:31 AM) (Source: Application Error)(User: )
Description: C:\WINDOWS\system32\userenv.dllUserenvC000009C3

Error: (05/19/2014 09:50:12 PM) (Source: F-Secure Anti-Virus)(User: )
Description: 1  2014-05-19  21:49:02-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure Anti-Virus
 No scanner engines loaded and enabled. Virus protection is disabled.

Error: (05/19/2014 07:49:12 PM) (Source: F-Secure Anti-Virus)(User: )
Description: 1  2014-05-19  19:49:09-04:00  your-4dacd0ea79  YOUR-4DACD0EA79\HP_Administrator  F-Secure Anti-Virus
 No scanner engines loaded and enabled. Virus protection is disabled.


=========================== Installed Programs ============================

123 Free Solitaire v10.0
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Reader XI (11.0.07) (Version: 11.0.07)
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan_CDA (Version: 70.0.149.000)
AiOSoftwareNPI (Version: 70.0.149.000)
AutoUpdate (Version: 1.0)
BCL easyConverter SDK 3 (Word Version) (Version: 3.0.64)
BufferChm (Version: 70.0.170.000)
C4100 (Version: 70.0.149.000)
c4100_Help (Version: 70.0.149.000)
CCleaner (Version: 4.13)
Charter Security Suite (Version: 1.83.311.0)
Computer Security 12.83.104.0 (release) (Version: 12.83.104.0)
CP_AtenaShokunin1Config (Version: 70.0.170.000)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_LightScribeConfig (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Package_Variety1 (Version: 70.0.170.000)
CP_Package_Variety2 (Version: 70.0.170.000)
CP_Package_Variety3 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
cp_UpdateProjectsConfig (Version: 70.0.170.000)
Critical Update for Windows Media Player 11 (KB959772)
CueTour (Version: 70.0.170.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
DAO 3.5
Data Fax SoftModem with SmartCP
Defraggler (Version: 2.16)
DesignPro 5.4 Limited Edition (Version: 5.2.1201)
Destinations (Version: 70.0.170.000)
DivX (Version: 5.2.1)
DocProc (Version: 7.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DocumentViewer (Version: 70.0.170.000)
DocumentViewerQFolder (Version: 1.00.0000)
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
eSupportQFolder (Version: 1.00.0000)
Family Tree Maker 2014 (Version: 22.0.207)
Fax_CDA (Version: 70.0.149.000)
F-Secure CCF Reputation (Version: 1.0.25.1877)
F-Secure CCF Scanning 1.23.124.8831 (release) (Version: 1.23.124.8831)
F-Secure Network CCF 1.02.128 (Version: 1.02.128.1)
FullDPAppQFolder (Version: 1.00.0000)
Google Earth (Version: 7.1.2.2041)
Google Pack Screensaver (Version: 1.0)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.24.7)
Google Updater (Version: 2.4.2432.1652)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HitmanPro 3.7 (Version: 3.7.9.212)
HP Boot Optimizer (Version: 3.0.0)
HP DigitalMedia Archive (Version: 2.0)
HP Document Viewer 7.0 (Version: 7.0)
HP DVD Play 2.1
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0.A
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 11.14.0001)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.005.000.002)
HP Web Helper
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 70.0.170.000)
InstantShareDevicesMFC (Version: 70.0.170.000)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 37 (Version: 6.0.370)
LightScribe  1.4.105.1 (Version: 1.4.105.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.0 Security Update (KB2904878)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Move Media Player
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
NewCopy_CDA (Version: 70.0.149.000)
NVIDIA Drivers
OCR Software by I.R.I.S 7.0 (Version: 7.0)
Online Safety 2.83.1329.952 (Version: 2.83.1329.952)
OpenOffice 4.0.1 (Version: 4.01.9714)
OptionalContentQFolder (Version: 1.00.0000)
Otto
PanoStandAlone (Version: 70.0.170.000)
PC-Doctor 5 for Windows (Version: 5.00.4060.15)
PhotoGallery (Version: 70.0.170.000)
ProductContextNPI (Version: 70.0.149.000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
Quicken Deluxe 2000
RandMap (Version: 70.0.170.000)
Readme (Version: 70.0.149.000)
Realtek High Definition Audio Driver
Revo Uninstaller 1.95 (Version: 1.95)
Scan (Version: 7.0.0.0)
ScannerCopy (Version: 7.0.0.0)
Seagate Manager Installer (Version: 2.01.0600)
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SlideShowMusic (Version: 70.0.170.000)
Soft-Now bundle (Version: 2.0.0.5)
SolutionCenter (Version: 70.0.170.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic RecordNow Audio (Version: 2.0.6)
Sonic RecordNow Copy (Version: 2.0.6)
Sonic RecordNow Data (Version: 2.0.6)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 70.0.170.000)
Status (Version: 70.0.170.000)
SUPERAntiSpyware (Version: 4.48.1000)
Toolbox (Version: 70.0.170.000)
TrayApp (Version: 70.0.170.000)
Unload (Version: 7.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB2934207) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 70.0.170.000)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live installer (Version: 12.0.1471.1025)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 3006.48 MB
Available physical RAM: 2479.85 MB
Total Pagefile: 4285.94 MB
Available Pagefile: 3709.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.59 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:177.45 GB) (Free:145.55 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.84 GB) (Free:0.56 GB) FAT32
4 Drive f: () (Removable) (Total:1.86 GB) (Free:1.75 GB) FAT

========================= Users: ========================================

User accounts for \\YOUR-4DACD0EA79

Administrator            ASPNET                   Guest                    
HelpAssistant            HP_Administrator         SUPPORT_388945a0         
SUPPORT_fddfa904         

========================= Restore Points ==================================

21-02-2014 02:21:40 System Checkpoint
22-02-2014 18:08:15 System Checkpoint
28-02-2014 22:22:07 System Checkpoint
01-03-2014 23:04:42 System Checkpoint
03-03-2014 16:03:12 System Checkpoint
11-03-2014 00:21:57 System Checkpoint
13-03-2014 21:34:35 System Checkpoint
14-03-2014 02:13:43 Software Distribution Service 3.0
20-03-2014 05:32:00 Software Distribution Service 3.0
27-03-2014 03:52:59 Software Distribution Service 3.0
06-04-2014 23:52:07 System Checkpoint
10-04-2014 01:41:36 Software Distribution Service 3.0
02-05-2014 01:23:52 Software Distribution Service 3.0
09-05-2014 00:10:25 System Checkpoint
14-05-2014 04:55:10 Software Distribution Service 3.0
14-05-2014 17:04:17 Revo Uninstaller's restore point - BeFrugal.com Toolbar
15-05-2014 06:02:20 Software Distribution Service 3.0
18-05-2014 00:13:52 Installed Should I Remove It

**** End of log ****
 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/20/2014
Scan Time: 10:32:21 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.21.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: HP_Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291220
Time Elapsed: 21 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Conduit.A, C:\Documents and Settings\HP_Administrator\Local Settings\Temp\CT3325809, Quarantined, [37ce6ce8235874c2438b7df659a9e917],

Files: 2
PUP.Optional.Conduit, C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\P7M5PXFK\AdwCleaner_TSV29819W[1].exe, Quarantined, [09fcdd774f2cdb5bf3f138413ec62ed2],
PUP.Optional.Conduit.A, C:\Documents and Settings\HP_Administrator\Local Settings\Temp\CT3325809\ddt.csf, Quarantined, [37ce6ce8235874c2438b7df659a9e917],

Physical Sectors: 0
(No malicious items detected)


(end)

 

MBAR Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/20/2014
Scan Time: 10:32:21 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.21.01
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: HP_Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291220
Time Elapsed: 21 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Conduit.A, C:\Documents and Settings\HP_Administrator\Local Settings\Temp\CT3325809, Quarantined, [37ce6ce8235874c2438b7df659a9e917],

Files: 2
PUP.Optional.Conduit, C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\P7M5PXFK\AdwCleaner_TSV29819W[1].exe, Quarantined, [09fcdd774f2cdb5bf3f138413ec62ed2],
PUP.Optional.Conduit.A, C:\Documents and Settings\HP_Administrator\Local Settings\Temp\CT3325809\ddt.csf, Quarantined, [37ce6ce8235874c2438b7df659a9e917],

Physical Sectors: 0
(No malicious items detected)


(end)

 

MBAR System

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.004000 GHz
Memory total: 3152523264, free: 2521653248

Downloaded database version: v2014.05.21.01
Downloaded database version: v2014.03.27.01
=======================================
------------ Kernel report ------------
     05/20/2014 23:01:48
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
vcuecyuo.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
fsbts.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\aracpi.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\armoucfltr.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\arkbcfltr.sys
\SystemRoot\system32\DRIVERS\arpolicy.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\mrtRate.SYS
\??\C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
\??\C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnitdi32.sys
\??\C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsnixp32.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR8
Upper Device Object: 0xffffffff8a0ebab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xffffffff8a113ea0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR7
Upper Device Object: 0xffffffff8a0d0ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000087\
Lower Device Object: 0xffffffff8a0e9030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff8a0ccab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000086\
Lower Device Object: 0xffffffff8a06b030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff8a06aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000085\
Lower Device Object: 0xffffffff8a34aea0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a0cf030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xffffffff8a0a1ea0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a3e7980
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff8a0dcea0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a3dbab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-5\
Lower Device Object: 0xffffffff8a4d1940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a3dbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a450c18, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a3dbab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a381f18, DeviceName: \Device\00000072\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a4d1940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAB10BEE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 372148497
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 372163680  Numsec = 18552240

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 200049647616 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-390701968-390721968)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a3e7980, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a237020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a3e7980, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0dcea0, DeviceName: \Device\00000083\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 27528B0A

Partition information:

    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 129  Numsec = 3906879

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2004876800 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a0cf030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a1da020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0cf030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0a1ea0, DeviceName: \Device\00000084\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a06aab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2f56b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a06aab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a34aea0, DeviceName: \Device\00000085\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a0ccab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2d1740, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0ccab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a06b030, DeviceName: \Device\00000086\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff8a0d0ab8, DeviceName: \Device\Harddisk5\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89878a00, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0d0ab8, DeviceName: \Device\Harddisk5\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0e9030, DeviceName: \Device\00000087\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xffffffff8a0ebab8, DeviceName: \Device\Harddisk6\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a27c460, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0ebab8, DeviceName: \Device\Harddisk6\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a113ea0, DeviceName: \Device\0000008a\, DriverName: \Driver\usbstor\
------------ End ----------
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 

RKill

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/21/2014 07:33:02 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\HPZipm12.exe (PID: 2392) [WD-HEUR]
 * c:\windows\system\hpsysdrv.exe (PID: 2112) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * MSDTC [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1    localhost

Program finished at: 05/21/2014 07:38:11 AM
Execution time: 0 hours(s), 5 minute(s), and 22 seconds(s)
 



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:45 AM

Posted 21 May 2014 - 06:32 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Chaz24

Chaz24
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusette
  • Local time:04:45 AM

Posted 23 May 2014 - 06:27 PM

Hi Broni,

 

I did the actions you outlined in your last message.  I am including the reports for AdwCleaner and JRT.  I ran ESET but it took forever to run so I left it runnig when I went to work.  When I got home all I saw was the desktop.  If by chance ESET leaves the file on the hard drive just tell me what it would be called and I will find and forward the information.  Wnen I left this morning at 8 for work it had been running for 7 hours and had only looked at 31% of the hard drive.  It did state it had found a threat but I do not remember the name. 

 

AdwCleaner

 

# AdwCleaner v3.210 - Report created 22/05/2014 at 22:17:57
# Updated 19/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - YOUR-4DACD0EA79
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [8295 octets] - [30/01/2014 21:06:09]
AdwCleaner[R1].txt - [824 octets] - [01/03/2014 22:37:09]
AdwCleaner[R2].txt - [5780 octets] - [17/05/2014 22:17:03]
AdwCleaner[R3].txt - [1091 octets] - [22/05/2014 22:05:13]
AdwCleaner[S0].txt - [8337 octets] - [30/01/2014 21:08:54]
AdwCleaner[S1].txt - [884 octets] - [01/03/2014 22:52:14]
AdwCleaner[S2].txt - [5482 octets] - [17/05/2014 22:19:26]
AdwCleaner[S3].txt - [1013 octets] - [22/05/2014 22:17:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1073 octets] ##########
 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by HP_Administrator on Thu 05/22/2014 at 22:49:39.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/22/2014 at 23:03:10.40
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users