Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I'm infected


  • Please log in to reply
5 replies to this topic

#1 lkass

lkass

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 18 April 2014 - 11:15 PM

Hello

 

I think my computer is infected. I'm running Windows XP. At startup, a couple DOS windows open. One is labeled a\80191915.bat. After this executes, another DOS window opens running taskkill.exe. Within a few minutes, my AV issues a message that it is not running. Additionally, the computer randomly shuts off. It will not start in safe mode with networking, but it will start in regular Windows or in safe mode.

 

Checking services under taskmanager, I see a service that is new called internetport3.exe.  I looked in my file system and found a directory  I have never seen before  c:a\. In this folder I found a zip file 17552478.zip. It has been extracted and it's contents are internetport3.exe., 80191915.bat, FiddlerCore.dll, a gif called loading, n59t0S8BJA.exe, and a file ping.txt that has 0 bytes. I tried deleting the contents of this directory and was denied access to FiddlerCore.dll and internetport3.exe. When deleting the rest of the contents, and rebooting, I could not reach the internet. Both Firefox and IE gave a message that the proxy server could not be found.

 

I ran Security Check, Farbar Service Scanner, MiniToolbox, AdwCleaner.exe, MBAM, Malwarebytes Anti-Rootkit, and RKILL. Here are the logs I've gathered:

 

Results of screen317's Security Check version 0.99.82 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 JavaFX 2.0.3   
 Java 7 Update 6 
 Java version out of Date!
  Adobe Flash Player  12.0.0.77 Flash Player out of Date! 
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
 

 

Farbar Service Scanner Version: 25-02-2014
Ran by ADMIN (administrator) on 18-04-2014 at 18:35:18
Running from "C:\Documents and Settings\ADMIN\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877;

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) HssDrv(9) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by ADMIN (administrator) on 18-04-2014 at 21:23:08
Running from "C:\Documents and Settings\ADMIN\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877;

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)
EasyTether Network Adapter = Local Area Connection 2 (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "{498B0861-39EE-462B-AA44-B54A8452F039}"

set address name="{498B0861-39EE-462B-AA44-B54A8452F039}" source=dhcp
set dns name="{498B0861-39EE-462B-AA44-B54A8452F039}" source=dhcp register=PRIMARY
set wins name="{498B0861-39EE-462B-AA44-B54A8452F039}" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : Kass

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Peer-Peer

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

        Physical Address. . . . . . . . . : 00-1C-23-1C-EA-46

 

Ethernet adapter Wireless Network Connection:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

        Physical Address. . . . . . . . . : 00-1C-BF-90-A9-DD

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Friday, April 18, 2014 8:51:16 PM

        Lease Expires . . . . . . . . . . : Saturday, April 19, 2014 8:51:16 PM

 

Ethernet adapter {498B0861-39EE-462B-AA44-B54A8452F039}:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Anchorfree HSS Adapter - Packet Scheduler Miniport

        Physical Address. . . . . . . . . : 00-FF-49-8B-08-61

 

Ethernet adapter Local Area Connection 2:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : EasyTether Network Adapter

        Physical Address. . . . . . . . . : 02-00-54-74-68-72

Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  173.194.46.99, 173.194.46.100, 173.194.46.101, 173.194.46.102
   173.194.46.103, 173.194.46.104, 173.194.46.105, 173.194.46.110, 173.194.46.96
   173.194.46.97, 173.194.46.98

 

Pinging google.com [173.194.46.103] with 32 bytes of data:

 

Reply from 173.194.46.103: bytes=32 time=45ms TTL=54

Reply from 173.194.46.103: bytes=32 time=50ms TTL=54

 

Ping statistics for 173.194.46.103:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 45ms, Maximum = 50ms, Average = 47ms

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Reply from 98.138.253.109: bytes=32 time=56ms TTL=50

Reply from 98.138.253.109: bytes=32 time=65ms TTL=50

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 56ms, Maximum = 65ms, Average = 60ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 23 1c ea 46 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 1c bf 90 a9 dd ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x4 ...00 ff 49 8b 08 61 ...... Anchorfree HSS Adapter - Packet Scheduler Miniport
0x5 ...02 00 54 74 68 72 ...... EasyTether Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2   25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      169.254.0.0      255.255.0.0      192.168.1.2     192.168.1.2   20
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2   25
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1   25
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2   25
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2   25
  255.255.255.255  255.255.255.255      192.168.1.2               5   1
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2   1
  255.255.255.255  255.255.255.255      192.168.1.2               2   1
  255.255.255.255  255.255.255.255      192.168.1.2               4   1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/18/2014 06:13:26 PM) (Source: MSSQL$ACT7) (User: )
Description: The file "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.

Error: (04/17/2014 08:19:05 PM) (Source: MSSQL$ACT7) (User: )
Description: The file "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed.

Error: (04/14/2014 09:19:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 09:19:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1591656

Error: (04/14/2014 09:19:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1591656

Error: (04/14/2014 09:19:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 09:19:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1589687

Error: (04/14/2014 09:19:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1589687

Error: (04/14/2014 09:19:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/14/2014 09:19:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1587734

System errors:
=============
Error: (04/18/2014 09:24:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
4500_G510nz_Help (Version: 000.0.439.000)
4500G510nz (Version: 000.0.439.000)
4500G510nz_Software_Min (Version: 000.0.423.000)
7-Zip 9.20
AC3Filter 2.5b (Version: 2.5b)
AccelerateTab (Version: 2.0)
ACT! by Sage Premium 2008 (10.0) (Version: 10.1.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Advanced SystemCare 7 (Version: 7.2.1)
AMR Player 1.3
Apple Application Support (Version: 3.0.1)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
AVS Audio Converter 7
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 8.22.11)
BUFFALO LinkStation(LS-VL Series) Setup Guide
BUFFALO NAS Navigator2
BUFFALO Network-USB Navigator (Version: 1.10)
BUFFALO TurboCopy
BUFFALO TurboPC for FLASH/HDD
BufferChm (Version: 130.0.331.000)
calibre (Version: 0.9.13)
CCleaner (Version: 4.01)
Cisco WebEx Meetings
Conexant HDA D330 MDC V.92 Modem
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
CoreAAC Audio Decoder (remove only)
Coupon Printer for Windows (Version: 5.0.0.1)
DivX Setup (Version: 2.6.1.90)
DocProc (Version: 13.0.0.0)
EasyTether (Version: 1.1.13)
eFax Messenger (Version: 4.4.1.528)
Epson Connect Printer Setup (Version: 1.1.1)
EPSON Connect version 1.0 (Version: 1.0)
Epson Customer Participation (Version: 1.4.0.0)
Epson Event Manager (Version: 3.01.0003)
Epson FAX Utility (Version: 1.46.00)
Epson PC-FAX Driver
EPSON Printer Finder (Version: 1.0.0)
EPSON Scan
EPSON WF-3540 Series Printer Uninstall
EpsonNet Print (Version: 2.5.00)
Eraser 6.0.10.2620 (Version: 6.0.2620)
FLAC to MP3 Converter 1.1
Freecorder (Version: 4.1)
Freecorder 8 Applications (8.0.1.26) (Version: 8.0.1.26)
Freecorder extension for Firefox (Version: 7.0.0.13)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.5.4)
GOM Player (Version: 2.2.56.5183)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.23.9)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HPDiagnosticAlert (Version: 1.00.0000)
HydraIRC (Version: 0.3.165)
Intel® PROSet/Wireless Software (Version: 11.5.0000)
IObit Uninstaller (Version: 3.1.8.2434)
iTunes (Version: 11.1.5.5)
Java 7 Update 6 (Version: 7.0.60)
Java Auto Updater (Version: 2.1.6.0)
JavaFX 2.0.3 (Version: 2.0.3)
Ken Rename 1.02 (Version: 1.02)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
mCore (Version: 11.02.0000)
mDriver (Version: 11.02.0000)
mDrWiFi (Version: 11.02.0000)
mHlpDell (Version: 11.02.0000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WinUsb 2.0
MindMaster (Version: 2.0.0)
mIWA (Version: 11.02.0000)
mLogView (Version: 11.02.0000)
mMHouse (Version: 11.02.0000)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 28.0)
Mp3 My Mp3 3.1 (Version: 3.1)
MPEG2 Codec(libmpeg2/mad)
mPfMgr (Version: 11.02.0000)
mPfWiz (Version: 11.02.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 11.02.0000)
mSSO (Version: 11.02.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 11.02.0000)
My Dell (Version: 3.4.6422.14)
mZConfig (Version: 11.02.0000)
Network (Version: 130.0.550.000)
Nitro Reader 3 (Version: 3.5.2.10)
NOOK for PC (Version: 2.5.6.9575)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.36.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Opera 11.61 (Version: 11.61.1250)
Python 2.7 pycrypto-2.3 (Version: 2.3.0)
Python 2.7.1 (Version: 2.7.1150)
QuickTime (Version: 7.74.80.86)
Real Alternative 2.0.2 (Version: 2.0.2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
Scan (Version: 13.0.0.0)
SharpReader 0.9.7.0
Skype Click to Call (Version: 6.13.13771)
Skype™ 6.11 (Version: 6.11.102)
Smart Defrag 3 (Version: 3.1)
Software Updater (Version: 4.2.1)
SopCast 3.4.0 (Version: 3.4.0)
StreamTorrent 1.0
StreamTransport version: 1.0.2.2171
SumatraPDF 2.2.1 (Version: 2.2.1)
Surfing Protection (Version: 1.0)
TAS Navigator 7
Toolbox (Version: 130.0.648.000)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222)
TurboTax 2010 wohiper (Version: 010.000.1608)
TurboTax 2010 wrapper (Version: 010.000.0157)
TVUPlayer 2.5.3.1 (Version: 2.5.3.1)
Ulead VideoStudio SE DVD (Version: 10.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB2934207) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
USB2.0 Capture Device (Version: 1.0.3.0)
V1 Home 2.0 (Version: 2.02.43)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR) (Version: 1.10.1002)
VLC media player 2.1.3 (Version: 2.1.3)
WebEx Recorder and Player (Version: 3.17.2105)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
WinDjView 1.0.3 (Version: 1.0.3)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
WinPcap 4.1.3 (Version: 4.1.0.2980)
Xvid 1.2.2 final uninstall (Version: 1.2)
Xvid Video Codec (Version: 1.3.1)
ZIP Password Recovery Magic v6.1.1.240

========================= Devices: ================================

Name: 4500 G510n-z,192.168.1.2
Description: Officejet 4500 G510n-z
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: hp color LaserJet 2550 series
Description: hp color LaserJet 2550 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 2045.89 MB
Available physical RAM: 777.34 MB
Total Pagefile: 4960.61 MB
Available Pagefile: 3619.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.66 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:26.46 GB) NTFS
2 Drive d: (USB-AVCPT) (CDROM) (Total:0.48 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\KASS

ADMIN                    Administrator            fbwuser                 
Guest                    HelpAssistant            lkass                   
SUPPORT_388945a0        

**** End of log ****

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/18/2014
Scan Time: 7:51:08 PM
Logfile: MBAM 4-18-14.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.18.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: ADMIN

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310909
Time Elapsed: 1 hr, 7 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.18.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ADMIN :: KASS [administrator]

4/18/2014 8:52:09 PM
mbar-log-2014-04-18 (20-52-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 303313
Time elapsed: 3 hour(s), 8 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 2145275904, free: 974147584

Host not found
Downloaded database version: v2014.04.18.09
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 69D6AF0D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 156297216
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-156281488-156301488)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/19/2014 12:12:16 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\System32\StkASv2K.exe (PID: 2080) [WD-HEUR]

1 proccess terminated!

Active Proxy Server Detected

 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Backup Registry file created at:
 C:\Documents and Settings\ADMIN\Desktop\rkill\rkill-04-19-2014-12-12-34.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321 => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 [Dir]
     * C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321 => C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f [Dir]

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/19/2014 12:14:17 AM
Execution time: 0 hours(s), 2 minute(s), and 0 seconds(s)



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:04 AM

Posted 19 April 2014 - 10:09 AM

For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
  • [/list]

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lkass

lkass
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 20 April 2014 - 12:00 PM

Thank you! Before reading this post I went into Firefox and disabled the use of a proxy, and then ran:

 

reg "delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f" to shut it off in IE.

 

I also reset the winsock per your instructions.I have been able to connect without allowing internetport3.exe to run since changing the proxy settings.

 

 

While I had deleted the contents of a\, it was in the recycle bin until I figured this out. My AV found it and quarantined internetport3.exe 

 

Here is the ESET Log.

 

C:\Documents and Settings\ADMIN\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\44\60ccba6c-7a64d37d a variant of Java/Exploit.Agent.RFX trojan cleaned by deleting - quarantined
C:\Documents and Settings\ADMIN\My Documents\Downloads\ac3filter_2_5b.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Documents and Settings\ADMIN\My Documents\Downloads\advanced-systemcare-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\ADMIN\My Documents\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\ADMIN\My Documents\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\ADMIN\My Documents\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\ADMIN\My Documents\Downloads\streamtransport_setup.exe Win32/Somoto.E potentially unwanted application deleted - quarantined
C:\Documents and Settings\ADMIN\My Documents\Temp\ccsetup400.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Documents and Settings\ADMIN\My Documents\Temp\setup.exe a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vshare.tv_Bar\ldrtbvsh0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vshare.tv_Bar\ldrtbvsha.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vshare.tv_Bar\tbvsh0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Application Data\vshare.tv_Bar\tbvsha.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP814\A0199458.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP814\A0199459.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP814\A0199462.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP814\A0199469.exe multiple threats cleaned by deleting - quarantined
C:\System Volume Information\_restore{A029713B-E857-4A3D-A355-5CD912F2C3D8}\RP814\A0199470.exe multiple threats cleaned by deleting - quarantined

 

 

Thank you for your help. I would be grateful for any additional suggestions.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:04 AM

Posted 20 April 2014 - 11:08 PM

Hello...

you should remove hese thru ontrol Panel
IObit Uninstaller (Version: 3.1.8.2434)
..as I don't see IoBit installed

Java 7 Update 6 (Version: 7.0.60)
AS older versions can e exploited by malware.

Reboot.

Run ADWcleaner again to see if there are any more Conduit infections..
last ....
.

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 lkass

lkass
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 25 April 2014 - 07:14 PM

Here are the results of the JRT scan. either there is no recognized junkware or I did something wrong.

Thanks

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by ADMIN on Fri 04/25/2014 at 19:36:38.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/25/2014 at 20:10:28.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:04 AM

Posted 25 April 2014 - 07:24 PM

OK, well most everything bad was already removed.

How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users