Win32:Evo-gen virus?

[Trancidonia]

Hi, I'm Trancidonia.
I was here a few years ago which I am very thankful for the fix of my old gear, but apparently I had lost both my password or username, i had made a new one.


I have 3 PCs in my home at the moment but I'm going to focus 1 PCs at a time since i understand the valuable time of volunteers.

I suspect my current pc, call it PC1(Cindy) are infected by virus since everyday my Avast! have being telling me things are being placed into the quarantine zone/virus chest.
even after I deleted them from the virus chest, they keep showing up with a behavior of random jumbled up names as .gif file or any other image files such as png, jpg, and bmp located in the temporary files(i tried to delete the temporary folder itself too) it still popup soon after.

it also content another virus which only consist of a letter x which is in the system32 folder. It also pop back up soon after I deleted it from my Avast! virus chest.


I have the log uploaded in the attachment.
thank you. much appreciated

p.s. The last time when i was here, there was a requirement for a HijackThis log, but I do not see a requirement in the "BEFORE you POST" thread.
should I get a HijackThis log?

Edit: No, thank you.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_06
Run by User at 10:33:35 on 2014-03-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.894 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = www.bing.com
uWindow Title = Windows Internet Explorer provided by Yahoo!7
uSearch Bar = www.bing.com
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
uDefault_Page_URL = hxxp://au.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Gamesbar: {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - c:\program files\iplay_en\encyclopediabritannicagamesbarX.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Gamesbar: {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - c:\program files\iplay_en\encyclopediabritannicagamesbarX.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\working\work\daemon tools lite\DTLite.exe" -autorun
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {309E27CA-1FDC-4AD2-A3AA-0FF47085E5A6} - hxxp://192.168.1.144/IEPlugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260025901187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260026980718
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} - hxxp://192.168.1.144/vcredist_x86.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B6DDFB53-6BC9-4B06-8CDE-B73327CE27D9} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\iepg7k6a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\iepg7k6a.default\extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}\components\dtTransparency.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-7 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-7 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-7 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-7 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2014-1-7 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-7 50344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-1-9 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-1-9 1042272]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-10-9 3275136]
R2 WTabletServicePro;Wacom Professional Service;c:\program files\tablet\wacom\WTabletServicePro.exe [2014-1-22 531224]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-1-9 171416]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-5 1684736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-10-18 78136]
S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2014-1-22 12088]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-16 235696]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2014-1-22 76600]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2014-1-22 13112]
.
=============== Created Last 30 ================
.
2014-02-14 05:22:56 -------- d-----w- c:\documents and settings\user\application data\.StarMade
2014-02-13 06:07:17 -------- d-----w- c:\program files\McAfee Security Scan
.
==================== Find3M ====================
.
2014-02-21 04:35:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 04:35:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:59:09 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-01-24 00:44:17 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-24 00:44:16 43152 ----a-w- c:\windows\avastSS.scr
2014-01-22 07:50:04 324096 ----a-w- c:\windows\system32\drivers\sptd.sys
2014-01-07 06:31:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-07 06:31:01 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-16 05:31:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-12-16 05:31:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-12-04 16:35:55 1604376 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2013-12-04 16:35:55 1596696 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
2013-12-04 16:35:55 1483032 ----a-w- c:\windows\system32\Wintab32.dll
2013-12-04 16:35:54 1479960 ----a-w- c:\windows\system32\WacomMT.dll
.
============= FINISH: 10:34:04.19 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-01 10:34:27
-----------------------------
10:34:27.603 OS Version: Windows 5.1.2600 Service Pack 3
10:34:27.603 Number of processors: 2 586 0x170A
10:34:27.603 ComputerName: CINDY UserName: User
10:34:27.837 Initialize success
10:34:30.712 AVAST engine defs: 14022803
10:34:35.603 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
10:34:35.603 Disk 0 Vendor: WDC_WD1600AAJS-08L7A0 03.03E03 Size: 152627MB BusType: 3
10:34:35.712 Disk 0 MBR read successfully
10:34:35.712 Disk 0 MBR scan
10:34:35.712 Disk 0 Windows XP default MBR code
10:34:35.728 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
10:34:35.728 Disk 0 Partition - 00 0F Extended LBA 76308 MB offset 156280320
10:34:35.744 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76308 MB offset 156280383
10:34:35.744 Disk 0 scanning sectors +312560640
10:34:35.806 Disk 0 scanning C:\WINDOWS\system32\drivers
10:34:43.478 Service scanning
10:34:55.072 Modules scanning
10:35:01.962 Module: C:\WINDOWS\System32\Drivers\atapi.sys **SUSPICIOUS**
10:35:03.166 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
10:35:03.744 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
10:35:03.744 Disk 0 trace - called modules:
10:35:03.759 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
10:35:03.759 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a550ab8]
10:35:03.759 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a5cc270]
10:35:03.759 5 ACPI.sys[f74dc620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a4dc940]
10:35:04.025 AVAST engine scan C:\
12:14:45.666 Scan finished successfully
12:20:34.259 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
12:20:34.259 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

[Juliet]

Hi and welcome

This XP machine is very vulnerable to exploits since it has no service pack installed.
Have you not allowed Windows update to update your computer?

If we try to remove malicious items from the computer, without the proper security in place....I'm afraid we wont be able to keep it clean.

Also, as of April 14th, Microsoft will no longer support Windows XP.


Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[Trancidonia]

Hi and welcome

This XP machine is very vulnerable to exploits since it has no service pack installed.
Have you not allowed Windows update to update your computer?

If we try to remove malicious items from the computer, without the proper security in place....I'm afraid we wont be able to keep it clean.

Also, as of April 14th, Microsoft will no longer support Windows XP.


Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thank you for such a fast reply!
I will update it to window 7 soon hopefully by the end of march.
but for now, I have did what you have instructed.

The report log after the scan and fix from MBAM will be attach below.

[Juliet]

Read over this article, http://forums.pcpitstop.com/index.ph...heir-machines/

I gave you a wrong date for when Microsoft ends support....the correct date is April 8, 2014


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. rkill.pif
5. WiNlOgOn.exe
6. uSeRiNiT.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Farbar Recovery Scan Tool

(use correct version for your system.....Which system am I using?)



Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[Trancidonia]

Thank you for such a speedy reply
I have ran both Rkill and FRST,
my pc seems clean, thank you for the link regarding Window XP

I'll be attaching both log from FRST below,
Should I re-scan and provide the log from DDS and aswMBR?

[Juliet]

Please if you can copy and paste the logs into the topic it makes it easier to read.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start
HKU\S-1-5-21-1844237615-776561741-725345543-1003\...\MountPoints2: {ecb18650-5587-11e3-bd27-4061860ac8cb} - F:\SysAnti.exe
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKLM - Gamesbar - {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll ()
FF Extension: Gamesbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} [2012-11-22]
CHR HKLM\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Documents and Settings\User\Local Settings\Application Data\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx [2012-02-28]
2014-03-03 10:08 - 2012-12-24 13:05 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SogouExplorer
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
Gamesbar (HKLM\...\iplay_en) (Version: 3.2.0.37 - Visicom Media inc.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:81405BF2
Reboot:
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~`

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please post:
Fixlog.txt
C:\AdwCleaner[S1].txt
JRT.txt

[Trancidonia]

Ok

here are the logs, but during the 2nd phrase adwcleaner hangs, i restarted my pc a few times only to found out that I have to turn off all my anti virus to avoid the "cleaning process" hangs. so the log would be AdwCleaner[s4] instead.


anyway here are the logs
Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2014 01
Ran by User at 2014-03-05 09:02:01 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1844237615-776561741-725345543-1003\...\MountPoints2: {ecb18650-5587-11e3-bd27-4061860ac8cb} - F:\SysAnti.exe
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKLM - Gamesbar - {7ffa5f54-1c4f-46de-8576-c271a0dd482f} - C:\Program Files\iplay_en\encyclopediabritannicagamesbarX.dll ()
FF Extension: Gamesbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} [2012-11-22]
CHR HKLM\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - C:\Documents and Settings\User\Local Settings\Application Data\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx [2012-02-28]
2014-03-03 10:08 - 2012-12-24 13:05 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SogouExplorer
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe
EasyBits GO (HKCU\...\Game Organizer) (Version: - EasyBits Media)
Gamesbar (HKLM\...\iplay_en) (Version: 3.2.0.37 - Visicom Media inc.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:81405BF2
Reboot:
end
*****************

HKU\S-1-5-21-1844237615-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ecb18650-5587-11e3-bd27-4061860ac8cb} => Key deleted successfully.
HKCR\CLSID\{ecb18650-5587-11e3-bd27-4061860ac8cb} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key deleted successfully.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} => Value deleted successfully.
HKCR\CLSID\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} => Key deleted successfully.
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\Extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\aohddidmgooofkgohkbkaohadkolgejj => Key deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Youdao\Dict\Application\stable\YDChromeTextExtractor.crx => Moved successfully.
C:\Documents and Settings\User\Application Data\SogouExplorer => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Temp => ":81405BF2" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====

The AdwCleaner[S4] log

# AdwCleaner v3.020 - Report created 05/03/2014 at 10:09:17
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - CINDY
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\GamesBar
File Deleted : C:\END

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\???????\?????.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\iepg7k6a.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5059 octets] - [05/03/2014 09:33:28]
AdwCleaner[R1].txt - [5178 octets] - [05/03/2014 09:41:57]
AdwCleaner[R2].txt - [5284 octets] - [05/03/2014 09:54:42]
AdwCleaner[R3].txt - [5416 octets] - [05/03/2014 09:59:06]
AdwCleaner[R4].txt - [5476 octets] - [05/03/2014 10:02:12]
AdwCleaner[R5].txt - [5595 octets] - [05/03/2014 10:08:42]
AdwCleaner[S0].txt - [345 octets] - [05/03/2014 09:35:16]
AdwCleaner[S1].txt - [345 octets] - [05/03/2014 09:43:24]
AdwCleaner[S2].txt - [332 octets] - [05/03/2014 09:55:21]
AdwCleaner[S3].txt - [345 octets] - [05/03/2014 10:03:14]
AdwCleaner[S4].txt - [5517 octets] - [05/03/2014 10:09:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [5577 octets] ##########

and finally the Jrt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by User on 05/03/2014 at 10:13:46.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/03/2014 at 10:16:40.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thank you very much

[Juliet]

thank you very much

Your welcome.

Found quite a bit, let's proceed.
How's the computer now?


Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activeX control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan completes, press the LIST OF THREATS FOUND button
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
• Include the contents of this report in your next reply.
• Press the BACK button.
• Press Finish

[Trancidonia]

the PC are now just normal
but less bugs are showing up now,
the "x" are still around tho but less frequent

I tried to run TFC but it hangs at "stopping running process"
and I have to restart manual a few times.
I have no idea what's causing the hang neither does stopping all anti-virus programmes help.

Please advice. :C

[Juliet]

Try to continue with the online scanner.