Jump to content

Malware Help


Recommended Posts

Hello,

 

About a week ago, I accidentally downloaded something which caused my computer to become infected.  And I used the Malwarebytes to remove all the infected things.  But my computer still seems to be infected but Malwarebytes says that it is clean.  My computer is runing a lot slower.  Thank you in advanced to whoever helps me!

 

Sincerely,

ilovehelp

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- Vista/W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Let me see those logs in your next reply...

 

Kevin...

Link to post
Share on other sites

The Roguekiller will be in the next reply but here is the

FarBar Recovery FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-01-2015
Ran by Administrator (administrator) on ADTERACT-ACEDAE on 06-01-2015 20:25:23
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Documents and Settings\Administrator\Local Settings\Application Data\wincheck\wincheck.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [sigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Run: [WinCheck] => C:\Documents and Settings\Administrator\Local Settings\Application Data\wincheck\wincheck.exe [528896 2014-12-31] ()
HKU\S-1-5-21-3861656779-3710855277-2322924600-500\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3861656779-3710855277-2322924600-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-13] (Google Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-3861656779-3710855277-2322924600-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-3861656779-3710855277-2322924600-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com"<======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3861656779-3710855277-2322924600-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3861656779-3710855277-2322924600-500 -> {4DF319C7-9357-4F52-ADDC-8D589FBCCF4C} URL = http://www-searching.com/search.aspx?s=ECVzamodk07835,c76a2b04-8ad0-4e88-83d1-dd9890b20e8d,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3861656779-3710855277-2322924600-500 -> {9D9A3D6C-B68F-4BC7-9B85-7891E508DB22} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Documents and Settings\Administrator\Application Data\moters\roalward.dll ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bewl6b20.default-1420056304000
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bewl6b20.default-1420056304000\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-31]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-13]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (MySearch) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flomklbihiknjfmhkooggkfmlojhapgc [2014-07-02]
CHR Extension: (Enhance Browser) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2014-07-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-27] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 SMUpdPlus; C:\Program Files\Common Files\GBUpdatePlus\smu.exe [1875816 2014-12-23] (Search Module Plus Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ezgfsfilt; C:\WINDOWS\System32\DRIVERS\ezgfsfilt.sys [26912 2013-04-23] (Apricorn) [File not signed]
R0 ezgmntr; C:\WINDOWS\System32\DRIVERS\ezgmntr.sys [170080 2013-04-23] (Apricorn) [File not signed]
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslb68de59d; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C4C5F33-08EA-4576-9841-5CB1D452C71A}\MpKslb68de59d.sys [39464 2015-01-06] (Microsoft Corporation)
R3 SMUpdd; C:\Program Files\Common Files\GBUpdatePlus\smw.sys [32616 2014-12-23] ()
R0 snapman; C:\WINDOWS\System32\DRIVERS\snapman.sys [65856 2013-04-23] (Apricorn) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
R3 W8335XP; C:\WINDOWS\System32\DRIVERS\WG311v3XP.sys [282624 2005-12-29] (Marvell Semiconductor, Inc) [File not signed]
S4 IntelIde; No ImagePath
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S2 Scutum50; System32\Drivers\Scutum50.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
U1 WS2IFSL; No ImagePath
S2 X4HSEx; \??\C:\Program Files\Free Ride Games\X4HSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 20:25 - 2015-01-06 20:25 - 00000000 ____D () C:\FRST
2015-01-02 22:21 - 2015-01-02 22:21 - 00000664 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.dat
2014-12-31 12:48 - 2015-01-03 22:21 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-31 12:40 - 2014-12-31 12:40 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-31 12:40 - 2014-12-31 12:40 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-12-31 12:40 - 2014-12-31 12:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-31 12:30 - 2014-12-31 12:30 - 00000000 ____D () C:\Avenger
2014-12-31 12:05 - 2014-12-31 12:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Old Firefox Data
2014-12-31 11:58 - 2014-12-31 11:58 - 00000000 ____D () C:\Program Files\predm
2014-12-31 11:57 - 2014-12-31 11:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\wincheck
2014-12-31 11:57 - 2014-12-31 11:57 - 00000000 _____ () C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
2014-12-31 11:54 - 2015-01-06 20:21 - 00000446 _____ () C:\WINDOWS\Tasks\SMupdate3.job
2014-12-31 11:54 - 2015-01-06 20:21 - 00000446 _____ () C:\WINDOWS\Tasks\SMupdate2.job
2014-12-31 11:54 - 2015-01-06 20:20 - 00000374 _____ () C:\WINDOWS\Tasks\YTDownloader.job
2014-12-31 11:54 - 2014-12-31 11:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\tricomfi
2014-12-31 11:54 - 2014-12-31 11:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\moters
2014-12-31 11:53 - 2015-01-06 20:21 - 00000416 _____ () C:\WINDOWS\Tasks\SMWPUpd.job
2014-12-31 11:53 - 2015-01-05 17:54 - 00000974 _____ () C:\WINDOWS\Tasks\SMW_UpdateTask_Time_323836333438373535342d3437415a556c2a3223346c41.job
2014-12-31 11:53 - 2014-12-31 11:53 - 00000000 ____D () C:\Program Files\Common Files\GBUpdatePlus
2014-12-31 11:53 - 2014-12-31 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SearchModulePlus
2014-12-31 11:53 - 2014-12-31 11:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\CrashRpt
2014-12-31 11:51 - 2014-12-31 11:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossBrowser
2014-12-18 13:16 - 2014-12-18 13:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Bluestacks
2014-12-10 21:13 - 2011-03-14 15:26 - 02168160 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Scutum.dll
2014-12-10 21:13 - 2011-03-14 15:26 - 00480608 _____ () C:\WINDOWS\system32\DiagFunc.dll
2014-12-10 21:13 - 2011-03-14 15:26 - 00185696 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\system32\W32N55.dll
2014-12-10 21:13 - 2011-03-14 15:20 - 00144736 _____ (Ralink Tech) C:\WINDOWS\system32\RalinkGina.dll
2014-12-09 18:48 - 2014-12-31 12:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 20:25 - 2012-04-20 13:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-06 20:24 - 2011-04-13 20:06 - 01508951 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-06 20:21 - 2014-06-10 14:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-06 20:21 - 2014-06-10 14:47 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-01-06 20:21 - 2008-04-14 04:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-06 20:20 - 2014-03-27 15:00 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-06 20:20 - 2011-04-13 20:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-05 18:23 - 2011-04-13 20:10 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-05 17:41 - 2014-06-17 11:00 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 17:33 - 2012-04-30 19:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-05 17:14 - 2011-04-13 20:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-05 17:12 - 2014-04-02 16:50 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-01-03 13:17 - 2012-05-09 14:51 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Wilford
2015-01-03 12:12 - 2012-04-20 13:13 - 00002515 _____ () C:\Documents and Settings\Administrator\Start Menu\Microsoft Office Word 2007.lnk
2015-01-02 12:21 - 2013-04-17 11:31 - 00000476 _____ () C:\WINDOWS\setupact.log
2015-01-01 12:40 - 2011-04-13 20:06 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-01-01 12:11 - 2011-04-13 13:00 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-31 12:30 - 2012-04-20 13:13 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-12-31 12:30 - 2012-04-18 16:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2624667$
2014-12-31 12:30 - 2011-04-13 20:05 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-31 11:57 - 2012-04-20 13:13 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-12-30 15:53 - 2012-08-20 15:27 - 00002515 _____ () C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
2014-12-15 16:55 - 2014-10-29 14:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2014-12-15 16:53 - 2012-04-30 19:24 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-15 16:53 - 2012-04-30 19:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-10 22:02 - 2013-04-23 09:10 - 00149507 _____ () C:\WINDOWS\setupapi.log
2014-12-10 22:01 - 2011-04-13 13:00 - 00006138 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-10 21:11 - 2011-04-13 20:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-12-10 19:44 - 2014-06-17 11:00 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-10 19:44 - 2014-06-17 11:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-10 19:44 - 2014-06-17 11:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-09 20:29 - 2011-04-13 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-09 20:25 - 2013-08-18 13:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-09 20:22 - 2011-04-13 21:06 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-08 16:39 - 2014-03-27 15:00 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

Files to move or delete:
====================
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat


Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\CloudBackup5998.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Hack v.1.7.3 Setup__7835_il790.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\setup_ospd_us.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tu17p84.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\xmlUpdater.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ytdkiemon_amodk_setup.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f892b4b5.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

Here is RogueKiller report:

 

RogueKiller V10.1.2.0 [Jan  6 2015] by Adlice Software
mail :
Feedback :
Website :
Blog :

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Scan -- Date : 01/06/2015  20:37:43

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000026c]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
 

Link to post
Share on other sites

Sorry for not posting Addition.txt  Here it is:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-01-2015
Ran by Administrator at 2015-01-06 20:26:22
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apricorn EZ Gig II (HKLM\...\EZ Gig II) (Version:  - Apricorn)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
Corona SDK (HKLM\...\{9675BA49-E6DF-4E46-867D-36595EC5CEA2}) (Version: 14.0.2381 - Corona Labs)
Grade10 (HKLM\...\Liping Ma HCC_is1) (Version:  - )
Higher Score on the SAT/PSAT (HKLM\...\Higher Score on the SAT/PSAT_is1) (Version:  - Kaplan)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
moters (HKLM\...\{c8730ca5-3f82-41cc-65e2-01b87600cd89}) (Version: 1.0.0 - ningsup) <==== ATTENTION
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA Graphics Driver 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation)
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Search Module Plus (HKLM\...\Search Module Plus) (Version:  - Goobzo)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
tricomfi (HKLM\...\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}) (Version: 1.0.0 - estdemin)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinCheck (HKLM\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION!
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3861656779-3710855277-2322924600-500_Classes\CLSID\{3050f406-98b5-11cf-bb82-00aa00bdce0b}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\moters\roalward.dll ()
CustomCLSID: HKU\S-1-5-21-3861656779-3710855277-2322924600-500_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\tricomfi\inteten.dll ()

==================== Restore Points  =========================

07-10-2014 17:05:40 Software Distribution Service 3.0
08-10-2014 17:08:21 System Checkpoint
09-10-2014 16:39:56 Software Distribution Service 3.0
09-10-2014 17:34:42 Removed Oracle VM VirtualBox 4.3.12
11-10-2014 09:44:44 Software Distribution Service 3.0
12-10-2014 10:46:52 Software Distribution Service 3.0
13-10-2014 15:35:42 Software Distribution Service 3.0
14-10-2014 18:08:37 System Checkpoint
15-10-2014 15:36:32 Software Distribution Service 3.0
16-10-2014 15:57:04 Software Distribution Service 3.0
17-10-2014 16:29:16 System Checkpoint
18-10-2014 12:19:53 Software Distribution Service 3.0
20-10-2014 16:09:53 Software Distribution Service 3.0
21-10-2014 16:30:21 Software Distribution Service 3.0
22-10-2014 16:47:44 System Checkpoint
23-10-2014 16:17:46 Software Distribution Service 3.0
24-10-2014 16:49:33 System Checkpoint
25-10-2014 11:44:10 Software Distribution Service 3.0
26-10-2014 12:22:51 System Checkpoint
27-10-2014 17:44:30 Software Distribution Service 3.0
27-10-2014 19:02:42 Removed Java 7 Update 67
27-10-2014 19:03:01 Installed Java 7 Update 71
28-10-2014 19:09:03 System Checkpoint
29-10-2014 15:03:20 Software Distribution Service 3.0
30-10-2014 16:52:34 Software Distribution Service 3.0
31-10-2014 18:05:37 System Checkpoint
01-11-2014 13:14:30 Software Distribution Service 3.0
03-11-2014 17:18:35 Software Distribution Service 3.0
04-11-2014 19:00:14 System Checkpoint
05-11-2014 16:21:25 Software Distribution Service 3.0
06-11-2014 17:42:06 Software Distribution Service 3.0
07-11-2014 17:57:17 System Checkpoint
08-11-2014 10:15:35 Software Distribution Service 3.0
09-11-2014 11:15:09 Software Distribution Service 3.0
10-11-2014 12:16:32 System Checkpoint
11-11-2014 10:40:10 Software Distribution Service 3.0
11-11-2014 20:13:07 Software Distribution Service 3.0
12-11-2014 19:34:31 Software Distribution Service 3.0
13-11-2014 19:42:24 System Checkpoint
14-11-2014 15:54:16 Software Distribution Service 3.0
15-11-2014 19:26:16 Software Distribution Service 3.0
16-11-2014 19:31:40 System Checkpoint
17-11-2014 17:13:05 Software Distribution Service 3.0
18-11-2014 18:54:02 System Checkpoint
19-11-2014 16:31:04 Software Distribution Service 3.0
20-11-2014 17:44:47 Software Distribution Service 3.0
21-11-2014 17:48:45 System Checkpoint
21-11-2014 18:32:02 Software Distribution Service 3.0
23-11-2014 10:37:44 Software Distribution Service 3.0
24-11-2014 16:42:49 Software Distribution Service 3.0
25-11-2014 17:10:49 Software Distribution Service 3.0
26-11-2014 17:56:38 System Checkpoint
28-11-2014 12:42:03 Software Distribution Service 3.0
30-11-2014 10:55:50 Software Distribution Service 3.0
01-12-2014 18:30:58 Software Distribution Service 3.0
02-12-2014 18:49:04 System Checkpoint
03-12-2014 16:00:27 Software Distribution Service 3.0
04-12-2014 16:57:51 Software Distribution Service 3.0
05-12-2014 18:21:57 System Checkpoint
06-12-2014 17:53:21 Software Distribution Service 3.0
07-12-2014 20:07:32 Software Distribution Service 3.0
09-12-2014 17:41:18 Software Distribution Service 3.0
09-12-2014 20:21:29 Software Distribution Service 3.0
10-12-2014 21:11:05 Installed TP-LINK Wireless LAN
10-12-2014 21:56:52 Unsigned driver install
10-12-2014 22:01:48 Removed TP-LINK Wireless LAN
11-12-2014 17:37:20 Software Distribution Service 3.0
12-12-2014 22:39:23 Software Distribution Service 3.0
14-12-2014 11:26:55 Software Distribution Service 3.0
15-12-2014 16:03:10 Software Distribution Service 3.0
16-12-2014 18:33:38 System Checkpoint
16-12-2014 22:17:02 Software Distribution Service 3.0
18-12-2014 13:22:47 Software Distribution Service 3.0
19-12-2014 13:24:21 System Checkpoint
20-12-2014 19:07:30 Software Distribution Service 3.0
28-12-2014 17:49:05 Software Distribution Service 3.0
30-12-2014 13:28:02 Software Distribution Service 3.0
31-12-2014 15:56:16 Software Distribution Service 3.0
01-01-2015 12:11:27 Software Distribution Service 3.0
02-01-2015 12:32:33 Software Distribution Service 3.0
03-01-2015 13:40:45 System Checkpoint
05-01-2015 17:13:39 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 04:00 - 2008-04-14 04:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMWPUpd.job => C:\Program Files\Common Files\GBUpdatePlus\Updater.exe
Task: C:\WINDOWS\Tasks\SMW_UpdateTask_Time_323836333438373535342d3437415a556c2a3223346c41.job => C:\Documents and Settings\All Users\Application Data\SearchModulePlus\smhe.js" smu.exe
Task: C:\WINDOWS\Tasks\YTDownloader.job => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-31 03:03 - 2014-12-31 03:03 - 00528896 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\wincheck\wincheck.exe
2014-12-31 12:40 - 2014-11-26 08:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3861656779-3710855277-2322924600-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-3861656779-3710855277-2322924600-1004 - Limited - Enabled)
Guest (S-1-5-21-3861656779-3710855277-2322924600-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3861656779-3710855277-2322924600-1015 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-3861656779-3710855277-2322924600-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2015 08:21:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/05/2015 05:54:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/05/2015 05:54:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/05/2015 05:02:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/03/2015 09:54:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/03/2015 09:54:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/03/2015 08:54:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/03/2015 08:54:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/03/2015 07:54:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]

Error: (01/03/2015 07:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application smu.exe, version 2.1.7.319, faulting module smu.exe, version 2.1.7.319, fault address 0x000c1666.
Processing media-specific event for [smu.exe!ws!]


System errors:
=============
Error: (01/06/2015 08:21:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Search Module Plus Update service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/06/2015 08:21:34 PM) (Source: DCOM) (EventID: 10005) (User: ADTERACT-ACEDAE)
Description: DCOM got error "%%1058" attempting to start the service gusvc with arguments ""
in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error: (01/06/2015 08:21:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The X4HSEx service failed to start due to the following error:
%%3

Error: (01/06/2015 08:21:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Scutum50 NDIS Protocol Driver service failed to start due to the following error:
%%2

Error: (01/06/2015 08:21:00 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (01/05/2015 05:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Search Module Plus Update service terminated unexpectedly.  It has done this 2 time(s).

Error: (01/05/2015 05:14:37 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (01/05/2015 05:14:37 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (01/05/2015 05:12:39 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (01/05/2015 05:12:32 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® D CPU 3.00GHz
Percentage of memory in use: 40%
Total physical RAM: 2046.08 MB
Available physical RAM: 1212.71 MB
Total Pagefile: 3938.1 MB
Available Pagefile: 3260.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:45.55 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 22A90F6A)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Kevin.

 

 

 

Fixlist.txt

Link to post
Share on other sites

Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-01-2015
Ran by Administrator at 2015-01-07 20:18:57 Run:1
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profile: Administrator (Available profiles: Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Run: [WinCheck] => C:\Documents and Settings\Administrator\Local Settings\Application Data\wincheck\wincheck.exe [528896 2014-12-31] ()
C:\Documents and Settings\Administrator\Local Settings\Application Data\wincheck
HKU\S-1-5-21-3861656779-3710855277-2322924600-500\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
C:\Program Files\YTDownloader
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com"<=======ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
S4 IntelIde; No ImagePath
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S2 Scutum50; System32\Drivers\Scutum50.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
U1 WS2IFSL; No ImagePath
S2 X4HSEx; \??\C:\Program Files\Free Ride Games\X4HSEx.Sys [X]
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\CloudBackup5998.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Hack v.1.7.3 Setup__7835_il790.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\setup_ospd_us.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tu17p84.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\xmlUpdater.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ytdkiemon_amodk_setup.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f892b4b5.exe
Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
Task: C:\WINDOWS\Tasks\SMW_UpdateTask_Time_323836333438373535342d3437415a556c2a3223346c41.job => C:\Documents and Settings\All Users\Application Data\SearchModulePlus\smhe.js" smu.exe
C:\Documents and Settings\All Users\Application Data\SearchModulePlus\smhe.js
Task: C:\WINDOWS\Tasks\YTDownloader.job => C:\Program Files\YTDownloader\YTDownloader.exe <==== ATTENTION
EmptyTemp:
end



*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\WinCheck => value deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\wincheck => Moved successfully.
HKU\S-1-5-21-3861656779-3710855277-2322924600-500\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
"C:\Program Files\YTDownloader" => File/Directory not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
IntelIde => Service deleted successfully.
rt2870 => Service deleted successfully.
Scutum50 => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
WS2IFSL => Service deleted successfully.
X4HSEx => Service deleted successfully.
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\1.tmp.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\CloudBackup5998.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\Hack v.1.7.3 Setup__7835_il790.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\setup.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\setup_ospd_us.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\tu17p84.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\xmlUpdater.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\ytdkiemon_amodk_setup.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f892b4b5.exe => Moved successfully.
C:\WINDOWS\Tasks\SMupdate2.job => Moved successfully.
C:\WINDOWS\Tasks\SMupdate3.job => Moved successfully.
"C:\PROGRA~1\COMMON~1\System\SysMenu.dll" => File/Directory not found.
C:\WINDOWS\Tasks\SMW_UpdateTask_Time_323836333438373535342d3437415a556c2a3223346c41.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\SearchModulePlus\smhe.js => Moved successfully.
C:\WINDOWS\Tasks\YTDownloader.job => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 20:27:06 ====

Link to post
Share on other sites

Here is the Malwarebytes Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/7/2015
Scan Time: 8:35:31 PM
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.08.03
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401966
Time Elapsed: 23 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Amonetize, C:\Documents and Settings\Administrator\My Documents\Downloads\Hack v.1.7.3 Setup__7835_il790.exe, Quarantined, [049416ded5b45dd9adb85ea755aded13],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Here is the AdwCleaner Log:

 

# AdwCleaner v4.107 - Report created 07/01/2015 at 21:19:53
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - ADTERACT-ACEDAE
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : SMUpdd

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Wideblue installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\b899ef3fd1e60e8f
Folder Deleted : C:\Program Files\predm
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\CrashRpt
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossBrowser
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2741f3pb.default\Extensions\usxasg8a@oc-fmhkv.com
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
[!] Folder Deleted : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
[!] Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
[!] Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
[!] Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Folder Deleted : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Folder Deleted : C:\Documents and Settings\Guest\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Folder Deleted : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Folder Deleted : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Comodo\Dragon\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4DF319C7-9357-4F52-ADDC-8D589FBCCF4C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FB69D52A-59A3-4FBC-BEA1-8AB13D301138}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c8730ca5-3f82-41cc-65e2-01b87600cd89}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c8730ca5-3f82-41cc-65e2-01b87600cd89}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wincheck

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[2741f3pb.default\prefs.js] - Line Deleted : user_pref("extensions.FI4NX6XTXvR.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"[...]
[2741f3pb.default\prefs.js] - Line Deleted : user_pref("extensions.U7l2RP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumor[...]
[2741f3pb.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=ECVzamodk07835,c76a2b04-8ad0-4e88-83d1-dd9890b20e8d,&q=");
[bewl6b20.default-1420056304000\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=ECVzamodk07835,c76a2b04-8ad0-4e88-83d1-dd9890b20e8d,&q=");

-\\ Google Chrome v


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [4757 octets] - [07/01/2015 21:06:47]
AdwCleaner[s0].txt - [4767 octets] - [07/01/2015 21:19:53]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4827 octets] ##########
 

Link to post
Share on other sites

Here is JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Wed 01/07/2015 at 21:23:47.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\moters"



~~~ FireFox

Successfully deleted: [File] C:\user.js





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/07/2015 at 21:31:32.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Here is MRT:

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Wed May 15 16:23:15 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 15 16:25:35 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Tue Jun 11 21:33:42 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jun 11 21:36:09 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Tue Jul 09 22:07:28 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 09 22:10:00 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Sun Aug 18 14:49:09 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Aug 18 14:53:06 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Thu Sep 12 15:36:42 2013

Engine: 1.1.9800.0
Signatures: 1.157.932.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 12 15:38:30 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Wed Oct 09 21:27:48 2013

Engine: 1.1.9901.0
Signatures: 1.159.530.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 09 21:30:24 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Tue Nov 12 18:40:33 2013

Engine: 1.1.10003.0
Signatures: 1.161.1618.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 12 18:42:10 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Tue Dec 10 18:13:23 2013

Engine: 1.1.10100.0
Signatures: 1.163.1013.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 10 18:14:51 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Tue Jan 14 17:41:42 2014

Engine: 1.1.10201.0
Signatures: 1.165.1273.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 14 17:44:19 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Tue Feb 11 17:30:17 2014

Engine: 1.1.10201.0
Signatures: 1.165.3163.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Feb 11 17:32:01 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Wed Mar 19 11:03:27 2014

Engine: 1.1.10302.0
Signatures: 1.167.1001.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 11:05:03 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Tue Apr 08 17:05:11 2014

Engine: 1.1.10401.0
Signatures: 1.169.1258.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Apr 08 17:06:50 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Wed May 14 16:18:43 2014

Engine: 1.1.10502.0
Signatures: 1.173.1305.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 14 16:20:29 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Wed Jun 11 11:45:33 2014

Engine: 1.1.10600.0
Signatures: 1.175.1113.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 11:47:36 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Wed Jul 09 11:54:47 2014

Engine: 1.1.10701.0
Signatures: 1.177.949.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 11:56:28 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Fri Aug 15 18:12:43 2014

Engine: 1.1.10802.0
Signatures: 1.179.1796.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 15 18:14:40 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Thu Sep 11 22:19:44 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 11 22:22:06 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Wed Oct 15 16:37:04 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 16:39:50 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
Started On Tue Nov 11 20:13:36 2014

Engine: 1.1.11104.0
Signatures: 1.187.1116.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 11 20:16:23 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Dec 09 20:22:55 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 09 20:25:54 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Wed Jan 07 21:45:57 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 07 21:49:26 2015


Return code: 0 (0x0)
 

Link to post
Share on other sites

If no remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Activate UAC
    Remove disinfection tools
     Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thank you,

 

Kevin..

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.