Jump to content

Possible Infection


VTM0001
 Share

Recommended Posts

This may or may not be an "infection", but the activity is suspicious.

 

Everything on the PC (Windows XP, SP3 seems to work normally, except for the fact that explorer.exe is creating a large number (25-30) simultaneous TCP connections on TCP port 80 and transferring significant numbers data packets.

 

This did happen one time previously, but running MBAM and MBAR seemed to resolve the issue.  The IP addresses being contacted do look to be legitimate (Google, Akamai, and other US-based cloud-hosting locations, etc.), but today the problem seems to have returned whereby excessive bandwidth is being consumed.

 

I can see no reason why explorer.exe should want to create all of these connections.  Just as an aside, this was happening without any browsers being launched.  EXPLORER.EXE was the source of the questionable connections, in all cases.

 

MBAM turned up nothing.

 

Thanks!

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

I am getting ready to run DDS, but have a couple of questions:

 

-  Can these tools be run from a "jump drive" rather than from the desktop?  The PC in question is an older one and disk space is really scarce.

 

-  Does the PC need to have Internet access for the tools to install / operate?  Because of the nature of the problem, I have this machine isolated from the Internet.

 

Thanks!

Link to post
Share on other sites

Can these tools be run from a "jump drive" rather than from the desktop? The PC in question is an older one and disk space is really scarce.

No, run DDS and RogueKiller from the drive.

- Does the PC need to have Internet access for the tools to install / operate? Because of the nature of the problem, I have this machine isolated from the Internet.

We may be able to run them without the net.

MrC

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/15/2006 4:49:41 PM
System Uptime: 1/10/2014 2:50:10 PM (5 hours ago)
.
Motherboard: Compaq |  | 06C0h
Processor: Intel Celeron processor | J1 | 598/66mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 14 GiB total, 0.673 GiB free.
D: is Removable
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SMC EZ Card 10/100 PCI (SMC1211 Series)
Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_12111113&REV_10\4&24AB0D93&0&48F0
Manufacturer: SMC
Name: SMC EZ Card 10/100 PCI (SMC1211 Series)
PNP Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_12111113&REV_10\4&24AB0D93&0&48F0
Service: SMC1211
.
==== System Restore Points ===================
.
RP1284: 12/17/2013 9:37:11 PM - System Checkpoint
RP1285: 12/18/2013 10:12:12 PM - System Checkpoint
RP1286: 12/20/2013 9:57:25 AM - System Checkpoint
RP1287: 12/21/2013 11:48:48 AM - System Checkpoint
RP1288: 12/22/2013 1:40:14 PM - System Checkpoint
RP1289: 12/23/2013 5:33:52 PM - System Checkpoint
RP1290: 12/25/2013 7:31:54 PM - System Checkpoint
RP1291: 12/26/2013 7:52:25 PM - System Checkpoint
RP1292: 12/27/2013 8:32:23 PM - System Checkpoint
RP1293: 12/28/2013 9:19:49 PM - System Checkpoint
RP1294: 12/30/2013 8:27:23 AM - System Checkpoint
RP1295: 12/31/2013 10:20:33 AM - System Checkpoint
RP1296: 1/1/2014 11:54:39 AM - System Checkpoint
RP1297: 1/2/2014 5:27:42 PM - System Checkpoint
RP1298: 1/3/2014 5:59:40 PM - System Checkpoint
RP1299: 1/4/2014 8:03:28 PM - System Checkpoint
RP1300: 1/6/2014 1:25:08 PM - System Checkpoint
RP1301: 1/7/2014 8:12:02 PM - System Checkpoint
RP1302: 1/8/2014 9:46:04 PM - System Checkpoint
RP1303: 1/9/2014 9:50:44 PM - System Checkpoint
RP1304: 1/10/2014 7:24:36 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Image File Execution Options =============
.
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Albert [Admin rights]
Mode : Scan -- Date : 01/10/2014 19:40:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\Documents and Settings\Albert\Local Settings\Application Data\{9296831f-6042-ae39-72a1-6f99a1860743}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Documents and Settings\Albert\Local Settings\Application Data\{9296831f-6042-ae39-72a1-6f99a1860743}\L [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) QUANTUM FIREBALLlct15 15 +++++
--- User ---
[MBR] b41d2588dead6740e4b076f52cbdfa37
[bSP] addccc32774d68cd54e4c5a347637dfc : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 14315 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk Cruzer USB Device +++++
--- User ---
[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 15266 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) SanDisk Cruzer Switch USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7633 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_01102014_194008.txt >>



 

Link to post
Share on other sites

Hi,

 

Just wanted to follow up to see if i had given you what you need to proceed to the next step.

 

Also FWIW, I looked at these:

[ZeroAccess][Folder] U : C:\Documents and Settings\Albert\Local Settings\Application Data\{9296831f-6042-ae39-72a1-6f99a1860743}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Documents and Settings\Albert\Local Settings\Application Data\{9296831f-6042-ae39-72a1-6f99a1860743}\L [-] --> FOUND

 

The folders are present, but are empty, possibly left over from a previous issue.

 

No files are contained within this folder structure.

 

Thanks!

Link to post
Share on other sites

When I initially ran DDS, it did not appear to create a DDS.TXT file.  While I thought that was strange, I sent what I had.

 

I have just run DDS again and it reports that it has created 1 log file, attach.txt, in the dialog box that opens when the program completes.

 

I have deleted the folder structure:

 

[ZeroAccess][Folder] U : C:\Documents and Settings\Albert\Local Settings\Application Data\{9296831f-6042-ae39-72a1-6f99a1860743}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Documents and Settings\Albert\Local Settings\Application Data\{9296831f-6042-ae39-72a1-6f99a1860743}\L [-] --> FOUND

 

as you said I could.

 

Thanks!

Link to post
Share on other sites

If you want to free up some disk space, you can delete most of these restore points:
Keep the last 3 and delete then rest:

Delete these:
RP1284: 12/17/2013 9:37:11 PM - System Checkpoint
RP1285: 12/18/2013 10:12:12 PM - System Checkpoint
RP1286: 12/20/2013 9:57:25 AM - System Checkpoint
RP1287: 12/21/2013 11:48:48 AM - System Checkpoint
RP1288: 12/22/2013 1:40:14 PM - System Checkpoint
RP1289: 12/23/2013 5:33:52 PM - System Checkpoint
RP1290: 12/25/2013 7:31:54 PM - System Checkpoint
RP1291: 12/26/2013 7:52:25 PM - System Checkpoint
RP1292: 12/27/2013 8:32:23 PM - System Checkpoint
RP1293: 12/28/2013 9:19:49 PM - System Checkpoint
RP1294: 12/30/2013 8:27:23 AM - System Checkpoint
RP1295: 12/31/2013 10:20:33 AM - System Checkpoint
RP1296: 1/1/2014 11:54:39 AM - System Checkpoint
RP1297: 1/2/2014 5:27:42 PM - System Checkpoint
RP1298: 1/3/2014 5:59:40 PM - System Checkpoint
RP1299: 1/4/2014 8:03:28 PM - System Checkpoint
RP1300: 1/6/2014 1:25:08 PM - System Checkpoint
RP1301: 1/7/2014 8:12:02 PM - System Checkpoint


Keep these:
RP1302: 1/8/2014 9:46:04 PM - System Checkpoint
RP1303: 1/9/2014 9:50:44 PM - System Checkpoint
RP1304: 1/10/2014 7:24:36 PM - Malwarebytes Anti-Rootkit Restore Point




They're located here:
C:\System Volume Information\_restore{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

You have to enable hidden files to see them:
http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/

Just delete the folders like this: RP1284, etc.

----------------------------------------------

Do a search for DDS.txt.

MrC
.

Link to post
Share on other sites

I downloaded DDS.COM again and ran it again.

 

The dialog box still indicated that ONLY ATTACH.TXT was created.  I searched for DDS.TXT on the entire drive and nothing was found.  This log is apparently NOT getting created.

 

Also, although it is probably not important at this point, Windows gives me a "Access Denied" slap when trying to open the System Volume Information folder.  And yes, the hidden and system file  "views" are set to show those files.

 

This is the latest "ATTACH.TXT"

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/15/2006 4:49:41 PM
System Uptime: 1/11/2014 8:29:56 AM (3 hours ago)
.
Motherboard: Compaq |  | 06C0h
Processor: Intel Celeron processor | J1 | 598/66mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 14 GiB total, 0.675 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SMC EZ Card 10/100 PCI (SMC1211 Series)
Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_12111113&REV_10\4&24AB0D93&0&48F0
Manufacturer: SMC
Name: SMC EZ Card 10/100 PCI (SMC1211 Series)
PNP Device ID: PCI\VEN_1113&DEV_1211&SUBSYS_12111113&REV_10\4&24AB0D93&0&48F0
Service: SMC1211
.
==== System Restore Points ===================
.
RP1284: 12/17/2013 9:37:11 PM - System Checkpoint
RP1285: 12/18/2013 10:12:12 PM - System Checkpoint
RP1286: 12/20/2013 9:57:25 AM - System Checkpoint
RP1287: 12/21/2013 11:48:48 AM - System Checkpoint
RP1288: 12/22/2013 1:40:14 PM - System Checkpoint
RP1289: 12/23/2013 5:33:52 PM - System Checkpoint
RP1290: 12/25/2013 7:31:54 PM - System Checkpoint
RP1291: 12/26/2013 7:52:25 PM - System Checkpoint
RP1292: 12/27/2013 8:32:23 PM - System Checkpoint
RP1293: 12/28/2013 9:19:49 PM - System Checkpoint
RP1294: 12/30/2013 8:27:23 AM - System Checkpoint
RP1295: 12/31/2013 10:20:33 AM - System Checkpoint
RP1296: 1/1/2014 11:54:39 AM - System Checkpoint
RP1297: 1/2/2014 5:27:42 PM - System Checkpoint
RP1298: 1/3/2014 5:59:40 PM - System Checkpoint
RP1299: 1/4/2014 8:03:28 PM - System Checkpoint
RP1300: 1/6/2014 1:25:08 PM - System Checkpoint
RP1301: 1/7/2014 8:12:02 PM - System Checkpoint
RP1302: 1/8/2014 9:46:04 PM - System Checkpoint
RP1303: 1/9/2014 9:50:44 PM - System Checkpoint
RP1304: 1/10/2014 7:24:36 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Image File Execution Options =============
.
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Run this one instead:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Here are the logs from the FARBAR tool.

 

ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-01-2014 03
Ran by Albert at 2014-01-11 12:17:04
Running from F:\FARBAR
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton AntiVirus (Disabled - Up to date) {B5510F6F-87E1-47F7-A411-360BC453007C}

==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader 7.0.8 (Version: 7.0.8 - Adobe Systems Incorporated)
AirPlus XtremeG (Version:  - D-Link)
AirPlus XtremeG (Version:  - D-Link) Hidden
ANIO Service (Version:  - )
ANIWZCS2 Service (Version:  - )
Apple Mobile Device Support (Version: 1.0.0.86 - Apple Inc.)
Apple Software Update (Version: 2.0.0.21 - Apple Inc.)
AT&T Communication Manager (Version: 6.2.10.0 - AT&T)
CC_ccStart (Version: 2.0.0.635 - Symantec Corporation) Hidden
ccCommon (Version: 2.0.0.635 - Symantec) Hidden
Critical Update for Windows Media Player 11 (KB959772) (Version:  - Microsoft Corporation)
Cypress USB Mass Storage Driver Installation (Version:  - )
Easy Access Button Support (Version:  - )
eMusic Download Manager 4.1.4 (Version: 4.1.4 - eMusic, Inc.)
getPlus® for Adobe (Version: 1.5.2.35 - NOS Microsystems Ltd.)
iTunes (Version: 7.3.0.54 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LiveReg (Symantec Corporation) (Version: 2.4.2.2295 - Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation) (Version: 1.90.14.0 - Symantec Corporation)
Lotus SmartSuite 97 (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB953297) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2000 SR-1 Premium (Version: 9.00.9327 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSRedist (Version: 1.0.0.0 - Symantec Corp) Hidden
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0 - Microsoft Corporation)
Napster (Version: 2.0.7.2 - Napster)
Nokia Connectivity Adapter Cable DKU-5 (Version:  - )
Norton AntiVirus 2004 (Symantec Corporation) (Version: 10.00.00 - Symantec Corporation)
Norton AntiVirus 2004 (Version: 10.00.00 - Symantec Corporation) Hidden
Norton AntiVirus Parent MSI (Version: 10.0.0 - Symantec Corp.) Hidden
Norton AntiVirus SYMLT MSI (Version: 10.0.0 - Symantec Corp.) Hidden
Norton WMI Update (Version: 2005.1.2.20 - Symantec Corporation)
QuickTime (Version: 7.1.6.200 - Apple Computer, Inc.)
Roxio Burn Engine (Version: 1.2.0000 - Roxio Inc.,) Hidden
Roxio Easy Media Creator 7 (Version: 7.1.1.189 - Roxio, Inc.)
Sibelius Scorch (ActiveX Only) (Version: 6.1.0 - Sibelius Software)
Sibelius Scorch (Firefox, Opera, Netscape only) (Version: 6.2.0 - Sibelius Software)
Symantec Network Drivers Update (Version: 5.5.1.6 - Symantec Corporation) Hidden
Symantec pcAnywhere (Version: 11.0.1 - Symantec)
Symantec Script Blocking Installer (Version: 1.0.0 - Symantec) Hidden
SymNet (Version: 4.7.1 - Symantec Corp) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
USB Storage Adapter FX (SM1) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Whiz FTP 1.0 (Version: 1.0 - WhizSoftware.com)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061027.150806 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================

18-12-2013 03:37:11 System Checkpoint
19-12-2013 04:12:12 System Checkpoint
20-12-2013 15:57:25 System Checkpoint
21-12-2013 17:48:48 System Checkpoint
22-12-2013 19:40:14 System Checkpoint
23-12-2013 23:33:52 System Checkpoint
26-12-2013 01:31:54 System Checkpoint
27-12-2013 01:52:25 System Checkpoint
28-12-2013 02:32:23 System Checkpoint
29-12-2013 03:19:49 System Checkpoint
30-12-2013 14:27:23 System Checkpoint
31-12-2013 16:20:33 System Checkpoint
01-01-2014 17:54:39 System Checkpoint
02-01-2014 23:27:42 System Checkpoint
03-01-2014 23:59:40 System Checkpoint
05-01-2014 02:03:28 System Checkpoint
06-01-2014 19:25:08 System Checkpoint
08-01-2014 02:12:02 System Checkpoint
09-01-2014 03:46:04 System Checkpoint
10-01-2014 03:50:44 System Checkpoint
11-01-2014 01:24:36 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2012-07-02 14:29 - 2012-07-12 16:50 - 00000795 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Albert.job => C:\PROGRA~1\NORTON~1\NAVW32.EXE
Task: C:\WINDOWS\Tasks\Symantec NetDetect.job => C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: SMC EZ Card 10/100 PCI (SMC1211 Series)
Description: SMC EZ Card 10/100 PCI (SMC1211 Series)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: SMC
Service: SMC1211
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2013 03:20:32 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 23.0.1.4974, faulting module mozalloc.dll, version 23.0.1.4974, fault address 0x00001988.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/18/2013 07:38:46 AM) (Source: Application Hang) (User: )
Description: Hanging application notepad.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/18/2013 07:38:46 AM) (Source: Application Hang) (User: )
Description: Hanging application notepad.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2013 05:02:05 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.6000.16915, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/19/2013 10:33:20 PM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/19/2013 10:33:20 PM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/19/2013 10:33:20 PM) (Source: Application Hang) (User: )
Description: Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/24/2013 09:32:18 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 21.0.0.4879, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2013 07:21:17 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2013 07:21:17 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/11/2014 08:33:57 AM) (Source: 0) (User: )
Description: AMLI0x750x74 - 0x76

Error: (01/11/2014 08:33:57 AM) (Source: 0) (User: )
Description: AMLI0x740x74 - 0x76

Error: (01/10/2014 04:17:13 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/10/2014 04:11:01 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/10/2014 04:10:29 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/10/2014 04:06:59 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/10/2014 03:08:48 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/10/2014 02:54:11 PM) (Source: 0) (User: )
Description: AMLI0x750x74 - 0x76

Error: (01/10/2014 02:54:11 PM) (Source: 0) (User: )
Description: AMLI0x740x74 - 0x76

Error: (01/10/2014 02:47:32 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (10/04/2013 03:20:32 PM) (Source: Application Error)(User: )
Description: plugin-container.exe23.0.1.4974mozalloc.dll23.0.1.497400001988

Error: (09/18/2013 07:38:46 AM) (Source: Application Hang)(User: )
Description: notepad.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (09/18/2013 07:38:46 AM) (Source: Application Hang)(User: )
Description: notepad.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (09/02/2013 05:02:05 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.6000.16915hungapp0.0.0.000000000

Error: (08/19/2013 10:33:20 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE11.0.5612.0hungapp0.0.0.000000000

Error: (08/19/2013 10:33:20 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE11.0.5612.0hungapp0.0.0.000000000

Error: (08/19/2013 10:33:20 PM) (Source: Application Hang)(User: )
Description: EXCEL.EXE11.0.5612.0hungapp0.0.0.000000000

Error: (07/24/2013 09:32:18 AM) (Source: Application Hang)(User: )
Description: firefox.exe21.0.0.4879hungapp0.0.0.000000000

Error: (07/10/2013 07:21:17 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (07/10/2013 07:21:17 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 510.45 MB
Available physical RAM: 209.77 MB
Total Pagefile: 1246.06 MB
Available Pagefile: 997.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:13.98 GB) (Free:0.63 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:7.45 GB) (Free:7.39 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 14 GB) (Disk ID: 9800481F)
Partition 1: (Active) - (Size=14 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

 

FRST.TXT is attached due to larger size.FRST.txt

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Here are the results of the FRST fix and TDSSKILLER:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-01-2014 03
Ran by Albert at 2014-01-11 13:07:00 Run:1
Running from F:\FARBAR
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess] wbemess.dll
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll
HKU\KJM\...\Run: [unhoneludakusae] - "C:\Documents and Settings\Albert\Application Data\Nohyamri\mocayl.exe"
C:\Documents and Settings\Albert\Local Settings\Temp\suwqecx\suycbvr\wow.dll
C:\Documents and Settings\Albert\Local Settings\Temp\ahiinb.exe
C:\Documents and Settings\Albert\Local Settings\Temp\eject.exe
C:\Documents and Settings\Albert\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\Albert\Local Settings\Temp\hiinm.exe
C:\Documents and Settings\Albert\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Albert\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Albert\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Albert\Local Settings\Temp\LRPatch.exe
C:\Documents and Settings\Albert\Local Settings\Temp\LRSetup.exe
C:\Documents and Settings\Albert\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Albert\Application Data\Nohyamri
C:\Documents and Settings\Albert\Local Settings\Temp\suwqecx

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKU\KJM\Software\Microsoft\Windows\CurrentVersion\Run\\Unhoneludakusae => Value deleted successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\suwqecx\suycbvr\wow.dll => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\ahiinb.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\eject.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\hiinm.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\LRPatch.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\LRSetup.exe => Moved successfully.
C:\Documents and Settings\Albert\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
"C:\Documents and Settings\Albert\Application Data\Nohyamri" => File/Directory not found.
C:\Documents and Settings\Albert\Local Settings\Temp\suwqecx => Moved successfully.

==== End of Fixlog ====

 

TDSSKILLER found a number of objects.

 

SKIP was selected for all of them except the last one where CURE was defaulted.

 

The three TDSSKILLER logs are attached.

TDSSKiller.3.0.0.19_11.01.2014_13.08.35_log.txt

TDSSKiller.3.0.0.19_11.01.2014_13.17.46_log.txt

TDSSKiller.3.0.0.19_11.01.2014_13.58.32_log.txt

Link to post
Share on other sites

OK..Good, Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I am going to have to do the ComboFix tomorrow, as I need to leave for work in a few minutes.

 

I want to thank you for your help, so far.

 

If you will be here tomorrow, I should be back around 8:00 AM, CST.

 

I'll at least do the ComboFix and leave you the results.

 

Thanks, again!

Link to post
Share on other sites

I have started to run ComboFix.

 

However, ComboFix complained that the Recovery Console was not installed, so it WANTED to download / install it.

 

Because of the nature of the original problem (many simultaneous connections to a wide variety of IP addresses), I replied "NO" and did not allow it.  The machine is still isolated.

 

ComboFix appeared to continue the scanning process, however it is taking far longer than the 10 minute time that the program estimated for the initial part of the process.

 

I am allowing it to continue to run at this point, since you indicated it might take 30-45 minutes, maybe longer, as the machine has a relatively slow processor.

 

ComboFix has now been running for nearly an hour and has not yet displayed the message indicating that the clock settings are being changed.  I will allow it to run overnight and, hopefully, it will complete by morning.

 

Thanks!

Link to post
Share on other sites

OK, ComboFix completed overnight and here is the log that was produced:

 

ComboFix 14-01-08.03 - Albert 01/11/2014  22:21:51.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.124 [GMT -6:00]
Running from: c:\documents and settings\Albert\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Albert\12345678.txt
c:\documents and settings\Albert\My Documents\~WRL2679.tmp
c:\documents and settings\Albert\My Documents\~WRL2835.tmp
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\winhelp.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-12 to 2014-01-12  )))))))))))))))))))))))))))))))
.
.
2014-01-12 02:56 . 2014-01-12 02:56    --------    d-----w-    C:\TEMP_BKUP
2014-01-11 18:13 . 2014-01-11 18:13    --------    d-----w-    C:\FRST
2014-01-10 23:19 . 2014-01-11 01:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-10 23:18 . 2014-01-10 23:18    104664    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-28 23:36 . 2013-12-28 23:36    --------    d-----w-    c:\documents and settings\KJM\Application Data\AT&T
2013-12-19 17:24 . 2013-12-19 17:24    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2013-12-17 21:57 . 2013-12-17 21:58    --------    d-----w-    C:\Registry_Backups
2013-12-15 01:59 . 2014-01-10 23:17    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-11 01:39 . 2014-01-11 01:39    82944    ----a-w-    c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    77568    ----a-w-    c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    19455    ----a-w-    c:\windows\system32\drivers\wVchNTxx.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    12063    ----a-w-    c:\windows\system32\drivers\wSiINTxx.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    83072    ----a-w-    c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    4352    ----a-w-    c:\windows\system32\drivers\wmilib.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    23615    ----a-w-    c:\windows\system32\drivers\wCh7xxNT.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    25471    ----a-w-    c:\windows\system32\drivers\wATV10nt.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    34560    ----a-w-    c:\windows\system32\drivers\wanarp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    33599    ----a-w-    c:\windows\system32\drivers\wATV04nt.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    29311    ----a-w-    c:\windows\system32\drivers\wATV01nt.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    22271    ----a-w-    c:\windows\system32\drivers\wATV06nt.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    19551    ----a-w-    c:\windows\system32\drivers\wATV02NT.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    11871    ----a-w-    c:\windows\system32\drivers\wADV09NT.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    14208    ----a-w-    c:\windows\system32\drivers\wacompen.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    12415    ----a-w-    c:\windows\system32\drivers\wADV01nt.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    12127    ----a-w-    c:\windows\system32\drivers\wADV02NT.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    11807    ----a-w-    c:\windows\system32\drivers\wADV07nt.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    11775    ----a-w-    c:\windows\system32\drivers\wADV05NT.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    11295    ----a-w-    c:\windows\system32\drivers\wADV08NT.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    64605    ----a-w-    c:\windows\system32\drivers\vvoice.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    52352    ----a-w-    c:\windows\system32\drivers\volsnap.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    397502    ----a-w-    c:\windows\system32\drivers\vpctcom.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    604253    ----a-w-    c:\windows\system32\drivers\vmodem.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    81664    ----a-w-    c:\windows\system32\drivers\videoprt.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    42240    ----a-w-    c:\windows\system32\drivers\viaagp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    20992    ----a-w-    c:\windows\system32\drivers\vga.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    89728    ----a-w-    c:\windows\system32\drivers\usbvsp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    26368    ----a-w-    c:\windows\system32\drivers\usbstor.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    20608    ----a-w-    c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    143872    ----a-w-    c:\windows\system32\drivers\usbport.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    121984    ----a-w-    c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    59520    ----a-w-    c:\windows\system32\drivers\usbhub.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    4736    ----a-w-    c:\windows\system32\drivers\usbd.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    30208    ----a-w-    c:\windows\system32\drivers\usbehci.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    15872    ----a-w-    c:\windows\system32\drivers\usbintel.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    32128    ----a-w-    c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    25728    ----a-w-    c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    25600    ----a-w-    c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    12800    ----a-w-    c:\windows\system32\drivers\usb8023x.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    12800    ----a-w-    c:\windows\system32\drivers\usb8023.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    66048    ----a-w-    c:\windows\system32\drivers\udfs.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    384768    ----a-w-    c:\windows\system32\drivers\update.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    200832    ----a-w-    c:\windows\system32\drivers\Udfreadr.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    44672    ----a-w-    c:\windows\system32\drivers\uagp35.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    40840    ----a-w-    c:\windows\system32\drivers\termdd.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    21896    ----a-w-    c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    19072    ----a-w-    c:\windows\system32\drivers\tdi.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    12288    ----a-w-    c:\windows\system32\drivers\tunmp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    12040    ----a-w-    c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    225856    ----a-w-    c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    18432    ----a-w-    c:\windows\system32\drivers\tcpipBM.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    60800    ----a-w-    c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    361600    ----a-w-    c:\windows\system32\drivers\tcpip.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    14976    ----a-w-    c:\windows\system32\drivers\tape.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    267192    ----a-w-    c:\windows\system32\drivers\symtdi.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    2397    ----a-w-    c:\windows\system32\drivers\symlcbrd.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    17976    ----a-w-    c:\windows\system32\drivers\symredrv.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    82432    ----a-w-    c:\windows\system32\drivers\swnc8u12.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    66304    ----a-w-    c:\windows\system32\drivers\swumx12.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    56576    ----a-w-    c:\windows\system32\drivers\swmidi.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    4352    ----a-w-    c:\windows\system32\drivers\swenum.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    73472    ----a-w-    c:\windows\system32\drivers\sr.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    49408    ----a-w-    c:\windows\system32\drivers\stream.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    333952    ----a-w-    c:\windows\system32\drivers\srv.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    6272    ----a-w-    c:\windows\system32\drivers\splitter.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    5888    ----a-w-    c:\windows\system32\drivers\smbali.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    25344    ----a-w-    c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    23153    ----a-w-    c:\windows\system32\drivers\SMC1211.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    13240    ----a-w-    c:\windows\system32\drivers\slwdmsup.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    95424    ----a-w-    c:\windows\system32\drivers\slnthal.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    404990    ----a-w-    c:\windows\system32\drivers\slntamr.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    40960    ----a-w-    c:\windows\system32\drivers\sisagp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    129535    ----a-w-    c:\windows\system32\drivers\slnt7554.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    11392    ----a-w-    c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    64512    ----a-w-    c:\windows\system32\drivers\serial.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    15744    ----a-w-    c:\windows\system32\drivers\serenum.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    11904    ----a-w-    c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    11008    ----a-w-    c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    10240    ----a-w-    c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    20480    ----a-w-    c:\windows\system32\drivers\secdrv.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    96384    ----a-w-    c:\windows\system32\drivers\scsiport.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    79232    ----a-w-    c:\windows\system32\drivers\sdbus.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    166912    ----a-w-    c:\windows\system32\drivers\s3gnbm.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    30592    ----a-w-    c:\windows\system32\drivers\rndismpx.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    30592    ----a-w-    c:\windows\system32\drivers\rndismp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    20992    ----a-w-    c:\windows\system32\drivers\RTL8139.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    203136    ----a-w-    c:\windows\system32\drivers\rmcast.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    59136    ----a-w-    c:\windows\system32\drivers\rfcomm.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    57600    ----a-w-    c:\windows\system32\drivers\redbook.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    26368    ----a-w-    c:\windows\system32\drivers\RimSerial.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    13776    ----a-w-    c:\windows\system32\drivers\recagent.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    4224    ----a-w-    c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    196224    ----a-w-    c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    139656    ----a-w-    c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    175744    ----a-w-    c:\windows\system32\drivers\rdbss.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    51328    ----a-w-    c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    48384    ----a-w-    c:\windows\system32\drivers\raspptp.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    41472    ----a-w-    c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-11 01:39 . 2014-01-11 01:39    16512    ----a-w-    c:\windows\system32\drivers\raspti.sys.bak
2010-03-31 15:09 . 2014-01-09 19:16    10437264    ----a-w-    c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 17:36 . 2014-01-09 19:16    107760    ----a-w-    c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-28 270648]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2007-04-06 22528]
.
c:\documents and settings\Albert\Start Menu\Programs\Startup\
Lotus SmartSuite 97 Registration.lnk - c:\lotus\register\remind32.exe [1995-11-6 45056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 16:01    8704    ----a-w-    c:\windows\system32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-10-14 16:17    45056    ----a-w-    c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
2001-10-10 23:14    28672    ----a-w-    c:\program files\COMPAQ\Easy Access Button Support\STARTEAK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2004-10-27 22:07    987136    ----a-w-    c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 14:41    282624    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-11-17 17:21    1691648    ----a-w-    c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 20:20    94208    ----a-r-    c:\windows\SM1bg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2006-12-01 22:17    100056    ----a-w-    c:\progra~1\SYMNET~1\SNDMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uadplt]
2012-08-07 12:31    362496    ----a-w-    c:\documents and settings\Albert\Application Data\uadplt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
S1 EACMOS;EACMOS;c:\windows\system32\drivers\EACMOS.SYS --> c:\windows\system32\drivers\EACMOS.SYS [?]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/6/2004 10:39 AM 348352]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [10/4/2004 6:28 AM 43392]
S3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;c:\windows\system32\drivers\SMC1211.sys [7/11/2001 11:06 AM 23153]
S3 SWNC8U12;Sierra Wireless MUX NDIS Driver (UMTS12);c:\windows\system32\drivers\swnc8u12.sys [3/26/2007 1:21 PM 82432]
S3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\drivers\swumx12.sys [3/26/2007 1:21 PM 66304]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 57701802
*Deregistered* - 57701802
.
Contents of the 'Scheduled Tasks' folder
.
2010-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 18:42]
.
2011-05-06 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Albert.job
- c:\progra~1\NORTON~1\NAVW32.EXE [2003-08-17 00:22]
.
2009-11-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-12-01 23:17]
.
.
------- Supplementary Scan -------
.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cmom.com\mx
FF - ProfilePath - c:\documents and settings\Albert\Application Data\Mozilla\Firefox\Profiles\ss17429f.default\

FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-09-03 09:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-32122695.sys
SafeBoot-57701802.sys
MSConfigStartUp-Enypv - c:\documents and settings\Albert\Application Data\Xariwy\yxaso.exe
MSConfigStartUp-Noovufb - c:\documents and settings\Albert\Application Data\Woexyxy\qolon.exe
MSConfigStartUp-Syybwo - c:\documents and settings\Albert\Application Data\Eqgiiqoh\vaityb.exe
MSConfigStartUp-Teytelcy - c:\documents and settings\Albert\Application Data\Ovroulob\udpia.exe
MSConfigStartUp-Unhoneludakusae - c:\documents and settings\Albert\Application Data\Nohyamri\mocayl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-11 22:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-688789844-1060284298-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2014-01-11  22:59:59
ComboFix-quarantined-files.txt  2014-01-12 04:59
.
Pre-Run: 562,036,736 bytes free
Post-Run: 729,968,640 bytes free
.
- - End Of File - - E2A2BB55873068780DC4E7FA06642B15
8F558EB6672622401DA993E1E865C861

Link to post
Share on other sites

Looks Good......

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Good Morning!

 

I have run AdwCleaner.

 

Just to be sure, I'm attaching the AdwCleaner report for your review.

 

I have not yet pressed the "Clean" button.

 

# AdwCleaner v3.016 - Report created 12/01/2014 at 08:08:27
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Albert - VTM_1
# Running from : C:\Documents and Settings\Albert\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16915


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\ss17429f.default\prefs.js ]


[ File : C:\Documents and Settings\KJM\Application Data\Mozilla\Firefox\Profiles\rbcbbeao.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1078 octets] - [12/01/2014 08:08:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1138 octets] ##########
 

 

Nothing is showing up under either the "Folders" or "Files" tabs, so i guess that is a good thing, at this point.

Link to post
Share on other sites

I have allowed AdwCleaner to complete the "Clean Up" process.

 

The logfile report follows.

 

I know you want me to update MalwareBytes to do a final full scan, but do you think we are at the point where I can safely allow the machine to connect to the Internet?  I'm being cautious because we both have spent a lot of time getting to this point and I'd hate to have to start over.

 

One strange thing is that when AdwCleaner re-booted the system, Windows re-installed Roxio Easy Media Creator 7 automatically, with no action from me.  I don't know if this is significant, but wanted to pass this along anyway.  I do believe that this software has been installed on this system for a long time

 

Thanks!

 

# AdwCleaner v3.016 - Report created 12/01/2014 at 08:51:19
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Albert - VTM_1
# Running from : C:\Documents and Settings\Albert\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16915


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\ss17429f.default\prefs.js ]


[ File : C:\Documents and Settings\KJM\Application Data\Mozilla\Firefox\Profiles\rbcbbeao.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1218 octets] - [12/01/2014 08:08:27]
AdwCleaner[s0].txt - [1145 octets] - [12/01/2014 08:51:19]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1205 octets] ##########
 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.