Jump to content

ekih

Members
  • Content Count

    50
  • Joined

  • Last visited

About ekih

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    BC, Canada

Previous Fields

  • Teams:
    Nothing Selected
  1. It is done. I am going to start looking at getting something else, I probly could get win7 on this machine but I know it would be a hassle in the long run. # DelFix v10.8 - Logfile created 20/10/2014 at 19:09:33 # Updated 29/07/2014 by Xplode # Username : NCC - GOSS-CONTROL # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) ~ Removing disinfection tools ... ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #159 [system Checkpoint | 10/21/2014 01:53:55] Deleted : RP #160 [system Checkpoint | 10/21/2014 01:53:55] Deleted : RP #161 [system Checkpoint | 10/21/2014 01:53:55] Deleted : RP #162 [system Checkpoint | 10/21/2014 01:53:56] Deleted : RP #163 [system Checkpoint | 10/21/2014 01:53:56] Deleted : RP #164 [system Checkpoint | 10/21/2014 01:53:56] Deleted : RP #165 [system Checkpoint | 10/21/2014 01:53:56] Deleted : RP #166 [system Checkpoint | 10/21/2014 01:53:56] Deleted : RP #167 [system Checkpoint | 10/21/2014 01:53:56] Deleted : RP #168 [system Checkpoint | 10/21/2014 01:53:56] Deleted : RP #169 [system Checkpoint | 10/21/2014 01:53:57] Deleted : RP #170 [system Checkpoint | 10/21/2014 01:53:57] Deleted : RP #171 [system Checkpoint | 10/21/2014 01:53:57] Deleted : RP #172 [system Checkpoint | 10/21/2014 01:53:57] Deleted : RP #173 [Removed Google+ Auto Backup | 10/21/2014 01:53:57] Deleted : RP #174 [Removed PC Connectivity Solution | 10/21/2014 01:53:57] Deleted : RP #175 [system Checkpoint | 10/21/2014 01:53:58] Deleted : RP #176 [system Checkpoint | 10/21/2014 01:53:58] Deleted : RP #177 [installed Windows 7 Upgrade Advisor | 10/21/2014 01:53:58] Deleted : RP #178 [End of disinfection | 10/21/2014 01:54:00] New restore point created ! ########## - EOF - ##########
  2. I am away for work right now, but will go over the new info you have supplied and do the removals when I get back. Plus I will do a clean backup before anything else. Over the years I have run into problems of various difficulty and have dealt with many people to help correct the problems. You by far have been the most helpful, most direct and precise that I have dealt with. I thank you for your patience and cooperation with helping me. James I must also thank Caintry_boy for starting me out with some help.
  3. Asides from it being very old and out of date. All seems to be ok, even before I did the last fix it was running normal as far as I could tell. No pop ups etc. Click on a link and go there and no re-directs. We just started using Win7 at work a few months ago, it seems to run very well and quick. Would Win7 run on this old machine?
  4. Here it is. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-10-2014 Ran by NCC at 2014-10-14 20:19:40 Run:2 Running from C:\Documents and Settings\NCC\Desktop\Downloads\Malware Loaded Profiles: NCC & (Available profiles: NCC & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: C:\Documents and Settings\NCC\Desktop\Downloads\imgburn-setup.exe C:\Documents and Settings\NCC\Desktop\Downloads\Player.exe C:\Documents and Settings\NCC\Desktop\Downloads\zafwSetupWeb_133_052_000.exe C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_120_118_000.exe C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_131_211_000.exe C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_133_042_000.exe C:\Documents and Settings\NCC\Desktop\Old Firefox Data\0u3x6nll.default\extensions\[email protected] C:\Documents and Settings\NCC\Desktop\Old Firefox Data\0u3x6nll.default\extensions\[email protected]\uninstall.exe C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\uninstall.exe C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll C:\Program Files\CheckPoint\Install\CUninstallerZA.exe C:\Program Files\CheckPoint\Install\zatb.exe C:\Program Files\Vuze\bunndle.zip C:\Program Files\Vuze\.install4j\user\BunndleOfferManager.dll C:\Program Files\Vuze\.install4j\user\VuzeToolbar-stub-1.exe C:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe C:\UBCD4Win\BartPE\PROGRAMS\SysInfo\sysinfo.7z C:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe C:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z D:\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar D:\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv D:\Backup\Firefox and Thunderbird\firefox\Firefox 32.0.3 (x86 en-US) - 2014-10-08.pcv D:\Program Files\ExpressFiles\ExpressFiles.exe D:\Program Files\ExpressFiles\uninstall.exe F:\Documents and Settings\NCC\Local Settings\Application Data\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe F:\Documents and Settings\NCC\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll F:\Documents and Settings\NCC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote\tbVuz1.dll F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote F:\Documents and Settings\NCC\Local Settings\Temp\AskSLib.dll F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\escortShld.dll F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmApp.dll F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmEng.dll F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmsrv.exe F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll F:\Program Files\Conduit\Community Alerts\Alert.dll F:\Program Files\Conduit\Community Alerts\Alert0.dll F:\Program Files\ConduitEngine\ConduitEngin0.dll F:\Program Files\ConduitEngine\ConduitEngine.dll F:\Program Files\Vuze_Remote\tbVuz0.dll F:\Program Files\Vuze_Remote\tbVuze.dll F:\WINDOWS\Temp\AskSLib.dll G:\Jan. 20-13\D\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar G:\Jan. 20-13\D\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv G:\Jan. 20-13\D\Program Files\ExpressFiles\ExpressFiles.exe G:\Jan. 20-13\D\Program Files\ExpressFiles\uninstall.exe G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\imgburn-setup.exe G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\Player.exe G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zafwSetupWeb_133_052_000.exe G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_110_780_000.exe G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_120_118_000.exe G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_131_211_000.exe G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_133_042_000.exe G:\MyBackup 10\D\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar G:\MyBackup 10\D\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv G:\MyBackup 10\D\Program Files\ExpressFiles\ExpressFiles.exe G:\MyBackup 10\D\Program Files\ExpressFiles\uninstall.exe EmptyTemp: End ***************** Processes closed successfully. C:\Documents and Settings\NCC\Desktop\Downloads\imgburn-setup.exe => Moved successfully. C:\Documents and Settings\NCC\Desktop\Downloads\Player.exe => Moved successfully. C:\Documents and Settings\NCC\Desktop\Downloads\zafwSetupWeb_133_052_000.exe => Moved successfully. C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_120_118_000.exe => Moved successfully. C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_131_211_000.exe => Moved successfully. C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_133_042_000.exe => Moved successfully. C:\Documents and Settings\NCC\Desktop\Old Firefox Data\0u3x6nll.default\extensions\[email protected] => Moved successfully. C:\Documents and Settings\NCC\Desktop\Old Firefox Data\0u3x6nll.default\extensions\[email protected]\uninstall.exe => Moved successfully. C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\uninstall.exe => Moved successfully. C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll => Moved successfully. C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll => Moved successfully. C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe => Moved successfully. C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll => Moved successfully. C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll => Moved successfully. C:\Program Files\CheckPoint\Install\CUninstallerZA.exe => Moved successfully. C:\Program Files\CheckPoint\Install\zatb.exe => Moved successfully. C:\Program Files\Vuze\bunndle.zip => Moved successfully. C:\Program Files\Vuze\.install4j\user\BunndleOfferManager.dll => Moved successfully. C:\Program Files\Vuze\.install4j\user\VuzeToolbar-stub-1.exe => Moved successfully. C:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe => Moved successfully. C:\UBCD4Win\BartPE\PROGRAMS\SysInfo\sysinfo.7z => Moved successfully. C:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe => Moved successfully. C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe => Moved successfully. C:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z => Moved successfully. D:\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar => Moved successfully. D:\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv => Moved successfully. D:\Backup\Firefox and Thunderbird\firefox\Firefox 32.0.3 (x86 en-US) - 2014-10-08.pcv => Moved successfully. D:\Program Files\ExpressFiles\ExpressFiles.exe => Moved successfully. D:\Program Files\ExpressFiles\uninstall.exe => Moved successfully. F:\Documents and Settings\NCC\Local Settings\Application Data\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe => Moved successfully. F:\Documents and Settings\NCC\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll => Moved successfully. F:\Documents and Settings\NCC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll => Moved successfully. F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll => Moved successfully. F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote\tbVuz1.dll => Moved successfully. F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote => Moved successfully. F:\Documents and Settings\NCC\Local Settings\Temp\AskSLib.dll => Moved successfully. F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\escortShld.dll => Moved successfully. F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmApp.dll => Moved successfully. F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmEng.dll => Moved successfully. F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmsrv.exe => Moved successfully. F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll => Moved successfully. F:\Program Files\Conduit\Community Alerts\Alert.dll => Moved successfully. F:\Program Files\Conduit\Community Alerts\Alert0.dll => Moved successfully. F:\Program Files\ConduitEngine\ConduitEngin0.dll => Moved successfully. F:\Program Files\ConduitEngine\ConduitEngine.dll => Moved successfully. F:\Program Files\Vuze_Remote\tbVuz0.dll => Moved successfully. F:\Program Files\Vuze_Remote\tbVuze.dll => Moved successfully. F:\WINDOWS\Temp\AskSLib.dll => Moved successfully. G:\Jan. 20-13\D\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar => Moved successfully. G:\Jan. 20-13\D\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv => Moved successfully. G:\Jan. 20-13\D\Program Files\ExpressFiles\ExpressFiles.exe => Moved successfully. G:\Jan. 20-13\D\Program Files\ExpressFiles\uninstall.exe => Moved successfully. G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\imgburn-setup.exe => Moved successfully. G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\Player.exe => Moved successfully. G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zafwSetupWeb_133_052_000.exe => Moved successfully. G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_110_780_000.exe => Moved successfully. G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_120_118_000.exe => Moved successfully. G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_131_211_000.exe => Moved successfully. G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_133_042_000.exe => Moved successfully. G:\MyBackup 10\D\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar => Moved successfully. G:\MyBackup 10\D\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv => Moved successfully. G:\MyBackup 10\D\Program Files\ExpressFiles\ExpressFiles.exe => Moved successfully. G:\MyBackup 10\D\Program Files\ExpressFiles\uninstall.exe => Moved successfully. EmptyTemp: => Removed 20.1 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  5. I had to think about that for a sec. Yes it is, it was an old computer that was no longer needed from a site. I have been using it for at least 3 years now. It would have had a valid copy of Win XP come installed. I would have cloned the drive it came with and installed a new larger HD. Why do you ask?
  6. Here it is. C:\ is my main drive D:\ is the same drive but used for my data F & G are my backup drive. C:\AdwCleaner\Quarantine\C\Program Files\ExpressFiles\EFUpdater.exe.vir a variant of Win32/YourFileDownloader.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\ExpressFiles\ExpressFiles.exe.vir a variant of Win32/ExpressFiles.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\ExpressFiles\uninstall.exe.vir a variant of Win32/ExpressFiles.B potentially unwanted application C:\Documents and Settings\NCC\Desktop\Downloads\imgburn-setup.exe Win32/DownloadAdmin.G potentially unwanted application C:\Documents and Settings\NCC\Desktop\Downloads\Player.exe a variant of Win32/SoftPulse.H potentially unwanted application C:\Documents and Settings\NCC\Desktop\Downloads\zafwSetupWeb_133_052_000.exe Win32/Toolbar.Conduit potentially unwanted application C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_120_118_000.exe Win32/Toolbar.Conduit potentially unwanted application C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_131_211_000.exe Win32/Toolbar.Conduit potentially unwanted application C:\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_133_042_000.exe Win32/Toolbar.Conduit potentially unwanted application C:\Documents and Settings\NCC\Desktop\Old Firefox Data\0u3x6nll.default\extensions\[email protected] JS/Adware.Agent.H application C:\Documents and Settings\NCC\Desktop\Old Firefox Data\0u3x6nll.default\extensions\[email protected]\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted application C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted application C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll a variant of Win32/Toolbar.Montiera.F potentially unwanted application C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application C:\Program Files\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application C:\Program Files\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application C:\Program Files\Vuze\bunndle.zip a variant of Win32/Bunndle potentially unsafe application C:\Program Files\Vuze\.install4j\user\BunndleOfferManager.dll a variant of Win32/Bunndle potentially unsafe application C:\Program Files\Vuze\.install4j\user\VuzeToolbar-stub-1.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application C:\UBCD4Win\UBCD4WinBuilder.iso a variant of Win32/Toolbar.Conduit.I potentially unwanted application C:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application C:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe Win32/PrcView potentially unsafe application C:\UBCD4Win\BartPE\PROGRAMS\SysInfo\sysinfo.7z a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application C:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView potentially unsafe application C:\UBCD4Win\plugin\System-Info\Information\SysInfo\sysinfo.7z a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application D:\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar Win32/CMDOW.143 potentially unsafe application D:\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv multiple threats D:\Backup\Firefox and Thunderbird\firefox\Firefox 32.0.3 (x86 en-US) - 2014-10-08.pcv multiple threats D:\Program Files\ExpressFiles\ExpressFiles.exe a variant of Win32/ExpressFiles.A potentially unwanted application D:\Program Files\ExpressFiles\uninstall.exe a variant of Win32/ExpressFiles.B potentially unwanted application F:\Documents and Settings\NCC\Local Settings\Application Data\Conduit\CT2504091\Vuze_RemoteAutoUpdateHelper.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\Documents and Settings\NCC\Local Settings\Application Data\ConduitEngine\ConduitEngin0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\Documents and Settings\NCC\Local Settings\Application Data\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote\tbVuz1.dll Win32/Toolbar.Conduit.Y potentially unwanted application F:\Documents and Settings\NCC\Local Settings\Application Data\Vuze_Remote\tbVuze.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\Documents and Settings\NCC\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\escortShld.dll Win32/Toolbar.Montiera.J potentially unwanted application F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application F:\Program Files\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application F:\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application F:\Program Files\Conduit\Community Alerts\Alert0.dll Win32/Toolbar.Conduit.Y potentially unwanted application F:\Program Files\ConduitEngine\ConduitEngin0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\Program Files\Vuze_Remote\tbVuz0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\Program Files\Vuze_Remote\tbVuze.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application F:\WINDOWS\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application G:\Jan. 20-13\D\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar Win32/CMDOW.143 potentially unsafe application G:\Jan. 20-13\D\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv multiple threats G:\Jan. 20-13\D\Program Files\ExpressFiles\ExpressFiles.exe a variant of Win32/ExpressFiles.A potentially unwanted application G:\Jan. 20-13\D\Program Files\ExpressFiles\uninstall.exe a variant of Win32/ExpressFiles.B potentially unwanted application G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\imgburn-setup.exe Win32/DownloadAdmin.G potentially unwanted application G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\Player.exe a variant of Win32/SoftPulse.H potentially unwanted application G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zafwSetupWeb_133_052_000.exe Win32/Toolbar.Conduit potentially unwanted application G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_110_780_000.exe Win32/Toolbar.Conduit potentially unwanted application G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_120_118_000.exe Win32/Toolbar.Conduit potentially unwanted application G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_131_211_000.exe Win32/Toolbar.Conduit potentially unwanted application G:\MyBackup 10\C\Documents and Settings\NCC\Desktop\Downloads\zaSetupWeb_133_042_000.exe Win32/Toolbar.Conduit potentially unwanted application G:\MyBackup 10\D\APPs\Windows Xp Pro + SP3 + Extras BOOTABLE\WXPOEM_EN.part01.rar Win32/CMDOW.143 potentially unsafe application G:\MyBackup 10\D\Backup\Firefox and Thunderbird\firefox\Firefox 31.0 (x86 en-US) - 2014-08-24.pcv multiple threats G:\MyBackup 10\D\Program Files\ExpressFiles\ExpressFiles.exe a variant of Win32/ExpressFiles.A potentially unwanted application G:\MyBackup 10\D\Program Files\ExpressFiles\uninstall.exe a variant of Win32/ExpressFiles.B potentially unwanted application
  7. doing online scannner from ESET now. Farbar Service Scanner Version: 21-07-2014 Ran by NCC (administrator) on 12-10-2014 at 20:15:29 Running from "C:\Documents and Settings\NCC\Desktop\Downloads\Malware" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is set to Disabled. The default start type is Auto. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist. Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed C:\WINDOWS\system32\netman.dll => File is digitally signed C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed C:\WINDOWS\system32\srsvc.dll => File is digitally signed C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed C:\WINDOWS\system32\wscsvc.dll => File is digitally signed C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed C:\WINDOWS\system32\wuauserv.dll => File is digitally signed C:\WINDOWS\system32\qmgr.dll => File is digitally signed C:\WINDOWS\system32\es.dll => File is digitally signed C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed Extra List: ======= Gpc(6) IPSec(4) kl2(8) NetBT(5) PSched(7) Tcpip(3) 0x080000000800000004000000010000000200000003000000050000000600000007000000 **** End of log ****
  8. Malware log was clear, computer seems to be just great. Since you directed me to the Malwarebytes Anti-Malware app. I take it this is a good program for keeping? Thanks very much for your help. James RKILL-LOG Rkill 2.6.8 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/12/2014 05:00:55 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * wuauserv [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 10/12/2014 05:01:21 PM Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s) MALWAREBYTES-LOG Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/12/2014 Scan Time: 5:03:52 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.10.12.08 Rootkit Database: v2014.10.11.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: NCC Scan Type: Threat Scan Result: Completed Objects Scanned: 320537 Time Elapsed: 5 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  9. At the end of your last post there is this text. Was I to post some more info. Please post RKill log Fixlog.txt C:\AdwCleaner.txt
  10. # AdwCleaner v3.311 - Report created 10/10/2014 at 20:34:00 # Updated 30/09/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : NCC - GOSS-CONTROL # Running from : C:\Documents and Settings\NCC\Desktop\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer Folder Deleted : C:\Program Files\ExpressFiles Folder Deleted : C:\Program Files\NCH Software Folder Deleted : C:\Program Files\SweetIM Folder Deleted : C:\Program Files\vGrabber-software Folder Deleted : C:\Documents and Settings\NCC\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\NCC\Application Data\CheckPoint\ZoneAlarm LTD Toolbar Folder Deleted : C:\Documents and Settings\NCC\Application Data\ExpressFiles Folder Deleted : C:\Documents and Settings\NCC\Start Menu\Programs\Video downloader File Deleted : C:\END File Deleted : C:\WINDOWS\system32\conduitEngine.tmp ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}] Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\eSupport.com Key Deleted : HKCU\Software\ExpressFiles Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\ExpressFiles Key Deleted : HKLM\SOFTWARE\Tarma Installer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video downloader Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v32.0.3 (x86 en-US) [ File : C:\Documents and Settings\NCC\Application Data\Mozilla\Firefox\Profiles\xncka1lv.default-1412820786984\prefs.js ] ************************* AdwCleaner[R0].txt - [5675 octets] - [10/10/2014 20:32:55] AdwCleaner[s0].txt - [5726 octets] - [10/10/2014 20:34:00] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5786 octets] ##########
  11. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-10-2014 01 Ran by NCC at 2014-10-10 20:04:25 Run:1 Running from C:\Documents and Settings\NCC\Desktop\Downloads Loaded Profile: NCC (Available profiles: NCC & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: HKU\S-1-5-21-4142387912-4139637370-1198486558-1005\...\Run: [] => [X] Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Task: C:\WINDOWS\Tasks\Express FilesUpdate.job => D:\Program Files\ExpressFiles\EFUpdater.exe <==== ATTENTION EmptyTemp: Hosts: End ***************** Processes closed successfully. HKU\S-1-5-21-4142387912-4139637370-1198486558-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully. "HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully. "HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key not found. C:\WINDOWS\Tasks\Express FilesUpdate.job => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 150.8 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  12. After reseting Mozzilla and restarting I havn't seen any pop up etc. at least going to this site for my repy. The files are attached as asked. FRST.txt Addition.txt
  13. I have tried many times using Malware removal, Malwarebytes Anti-Malware, SUPERAntiSpyware Free Edition and a few more. They say they find and fix but nothing seems to change. I keep getting many pop up adds. Also get many redirects and word on pages that display as links. I went into add and remove programs and got rid of anything I didn't recognize. On the bottom of some adds, (Ad by browser extension / close) When clicking on the ad by browser extension a new window pops up, as below telling me how to disable extensions. I tried to disable an extension, but could not find anything, as seen below. Any ideas? Thanks James http://download.blee...om/sUBs/dds.com Download DDS from the link above and save it to your desktop. Disable any script blocking protection (How to Disable your Security Programs) Vista/Win7 right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run). XP just double click the icon to run the tool. When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. Please post the contents of the DDS.txt and Attach.txt logs in a new thread that you start here > http://forums.pcpits...-been-hijacked/ dds.txt attach.txt
  14. I have tried many times using Malware removal, Malwarebytes Anti-Malware, SUPERAntiSpyware Free Edition and a few more. They say they find and fix but nothing seems to change. I keep getting many pop up adds. Also get many redirects and word on pages that display as links. I went into add and remove programs and got rid of anything I didn't recognize. On the bottom of some adds, (Ad by browser extension / close) When clicking on the ad by browser extension a new window pops up, as below telling me how to disable extensions. I tried to disable an extension, but could not find anything, as seen below. Any ideas? Thanks James Disable Extensions On the menu bar, click on the Tools menu, and then click Add-ons. The Add-ons Manager tab will open. In the Add-ons Manager tab, select the Extensions or Appearance panel. Select the add-on you wish to disable. Click its Disable button. Click Restart now if it pops up. Your tabs will be saved and restored after the restart. Uninstall Extensions On the menu bar, click on the Tools menu, and then click Add-ons. The Add-ons Manager tab will open. In the Add-ons Manager tab, select the Extensions or Appearance panel. Select the add-on you wish to remove. Click the Remove button. Click Restart now if it pops up. Your tabs will be saved and restored after the res OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz, x86 Family 6 Model 15 Stepping 13 Processor Count: 2 RAM: 3044 Mb Graphics Card: Intel® Q35 Express Chipset Family, 384 Mb Hard Drives: C: Total - 163921 MB, Free - 119308 MB; D: Total - 789632 MB, Free - 671937 MB; F: Total - 163921 MB, Free - 96256 MB; G: Total - 789632 MB, Free - 294875 MB; Motherboard: Dell Inc., 0GM819 Antivirus: ZoneAlarm Antivirus, Updated: Yes, On-Demand Scanner: Disabled
  15. Tom I wish to thank you immensely. When sending to our IT dept. that can take a long time. So I usually try to sort it out myself first. I sent it off today, it took me 2hr just to get the right paper work done. Thaks again James
×
×
  • Create New...