Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

malware found with malwarebytes, need help cleaning registry [Solved]


  • This topic is locked This topic is locked
18 replies to this topic

#1 83valentine

83valentine

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 27 February 2014 - 10:09 AM

found malware with malware bytes need help cleaning register.  Only symptom noted is computer keep restarting itself.  Want to clear all spyware before I investigate hardware issues.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:22 AM, on 2/27/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Trend Micro\Security Agent\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe
C:\Documents and Settings\administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DIA File Watcher (EyeFi).lnk = C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1358884253169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GONPH.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = GONPH.LOCAL
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GONPH.LOCAL
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
O23 - Service: Trend Micro Security Agent NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Agent\TmProxy.exe

--
End of file - 4421 bytes

 

OTL logfile created on: 2/27/2014 9:32:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.49 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 82.06% Memory free
4.82 Gb Paging File | 4.34 Gb Available in Paging File | 90.04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 60.05 Gb Free Space | 80.58% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 0.96 Gb Free Space | 51.66% Space Free | Partition Type: FAT
 
Computer Name: RM4 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trend Micro\Security Agent\TmListen.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Security Agent\PccNTMon.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Security Agent\NTRtScan.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\Security Agent\TmProxy.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll ()
MOD - C:\Program Files\Trend Micro\Security Agent\sqlite3.dll ()
MOD - C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (tmlisten) -- C:\Program Files\Trend Micro\Security Agent\TmListen.exe (Trend Micro Inc.)
SRV - (NewServiceInstall1) -- C:\Program Files\Elinc\Via\Via Service\Eklin.Via.Service.exe (VIA Information Systems)
SRV - (ntrtscan) -- C:\Program Files\Trend Micro\Security Agent\NTRtScan.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Security Agent\TmProxy.exe (Trend Micro Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (TmFilter) -- C:\Program Files\Trend Micro\Security Agent\TmXpflt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files\Trend Micro\Security Agent\TmPreflt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files\Trend Micro\Security Agent\vsapiNT.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (AX88178) -- C:\WINDOWS\system32\drivers\ax88178.sys (ASIX Electronics Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Security Agent\FirefoxExtension [2013/01/31 15:11:38 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DIA File Watcher (EyeFi).lnk = C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1358866712532 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1358884253169 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.113.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GONPH.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E73B84E-EA5F-4D12-87CB-214B764CC45D}: DhcpNameServer = 192.168.113.2
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/18 15:52:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{459bf7b6-6180-11e2-8fa8-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{459bf7b6-6180-11e2-8fa8-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{459bf7b6-6180-11e2-8fa8-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe index.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/27 09:28:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
[2014/02/27 09:25:08 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\administrator\Desktop\HijackThis.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/27 09:40:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{018DE095-827F-4162-82C0-68BBD2A0C85F}.job
[2014/02/27 09:40:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2F2B7E73-B049-423D-9B6C-72EBFBDF731B}.job
[2014/02/27 09:31:00 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2014/02/27 09:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
[2014/02/27 09:26:41 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8C306F95-8AAC-4620-9025-E5A678B16158}.job
[2014/02/27 09:24:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/27 09:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/27 09:00:54 | 000,014,250 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2014/02/27 07:18:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/27 00:00:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\TMLogs.job
[2014/02/26 19:30:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Vetstreet Data Transfer.job
[2014/02/20 17:03:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/20 17:03:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/13 03:15:15 | 000,457,992 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/13 03:15:15 | 000,077,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/13 03:06:22 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 17:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 17:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 17:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 17:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 17:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 17:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 17:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 17:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 17:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 17:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 17:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 17:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 17:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 17:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 17:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 17:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 17:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 17:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 17:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 17:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 17:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 17:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 17:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 17:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 17:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 17:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 17:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 17:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 17:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 17:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 16:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/27 09:30:58 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\administrator\Desktop\dds.scr
[2013/12/20 12:45:24 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2013/12/20 12:45:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\libpng13d.dll
[2013/12/20 12:45:22 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2013/12/20 12:45:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2013/12/20 12:45:09 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2013/11/06 17:12:26 | 000,527,952 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/08/09 16:50:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/25 15:21:42 | 000,033,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uninstaller.exe
[2013/02/25 15:16:43 | 000,003,767 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/01/31 15:12:06 | 000,014,250 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2013/01/22 12:53:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/01/18 17:22:53 | 000,003,082 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/01/18 15:54:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/01/18 15:48:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/01/18 09:36:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/01/18 09:35:27 | 000,130,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2013/01/18 17:29:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/01/22 16:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Leadertech
[2013/02/26 16:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\SearchProtect
[2013/06/27 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\TeamViewer
[2013/01/22 16:18:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Xerox
[2013/01/18 17:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eklin
[2013/01/22 16:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: EXPLORER.EXE-082F38A9.PF  >
[2014/02/27 09:24:47 | 000,093,946 | ---- | M] () MD5=18AB77B4B39EF20F31626A4E67962A18 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
 
< MD5 for: EXPLORER.HTM  >
[2003/05/19 10:37:54 | 000,002,160 | ---- | M] () MD5=40C6F4D57261630B95830FBACD05EE91 -- C:\Program Files\xerox\Support Centre\data\Phaser 8560\html\htmldocs\wwhelp\wwhimpl\java\html\explorer.htm
 
< MD5 for: EXPLORER.SCF  >
[2004/08/04 06:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
 
< MD5 for: IEXPLORE.CHM  >
[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/04 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm
 
< MD5 for: IEXPLORE.EXE  >
[2008/04/14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie8\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-27122324.PF  >
[2014/02/27 09:28:08 | 000,076,500 | ---- | M] () MD5=3999C4E36D1CC8AF8E56D66797A1D8CB -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
 
< MD5 for: IEXPLORE.HLP  >
[2004/08/04 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
 
< MD5 for: SERVICES  >
[2013/11/07 13:59:38 | 000,007,139 | ---- | M] () MD5=82BEFFE8558A55731AE7074591E8A194 -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.CSV  >
[2014/02/26 20:08:05 | 025,095,006 | ---- | M] () MD5=DAD44B75871E893DF726883767377F4A -- C:\petportals\data\services.csv
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
 
< MD5 for: SERVICES.LNK  >
[2013/01/18 15:52:06 | 000,001,602 | ---- | M] () MD5=F3BAD3FC3835EF4648C9FC106673E33E -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.RDB  >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WINLOGON.LOG  >
[2014/02/27 03:55:01 | 000,273,626 | ---- | M] () MD5=53478C279D0FC89EA466FACC1ED70BA4 -- C:\WINDOWS\security\logs\winlogon.log
 
< MD5 for: WINLOGON.OLD  >
[2013/12/09 20:48:12 | 001,050,542 | ---- | M] () MD5=0974E9737CC84278626483EC7D80B99C -- C:\WINDOWS\security\logs\winlogon.old
 
< %SYSTEMDRIVE%\*.* >
[2013/01/18 15:52:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/01/18 15:46:40 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/01/18 15:52:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013/01/18 15:52:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/01/18 15:52:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2013/01/22 12:26:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/02/27 07:18:12 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2013/01/18 15:51:37 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 2060-686E
 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/13/2014  03:14 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/13/2014  03:14 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)  64,443,863,040 bytes free
 
< %systemroot%\System32\config\*.sav >
[2013/01/18 09:34:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2013/01/18 09:34:19 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2013/01/18 09:34:19 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2013/01/22 12:30:29 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/01/18 17:24:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2013/01/18 17:24:20 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
 
< %USERPROFILE%\Desktop\*.exe >
[2013/02/26 16:33:17 | 135,933,721 | ---- | M] () -- C:\Documents and Settings\administrator\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
[2013/11/06 17:19:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\administrator\Desktop\ATF_Cleaner.exe
[2009/10/13 11:48:36 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\administrator\Desktop\HijackThis.exe
[2014/02/27 09:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\administrator\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-02-13 09:17:10

< End of report >

 

OTL Extras logfile created on: 2/27/2014 9:32:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.49 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 82.06% Memory free
4.82 Gb Paging File | 4.34 Gb Available in Paging File | 90.04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 60.05 Gb Free Space | 80.58% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 0.96 Gb Free Space | 51.66% Space Free | Partition Type: FAT
 
Computer Name: RM4 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"18730:TCP" = 18730:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"18730:TCP" = 18730:TCP:*:Enabled:Trend Micro Client/Server Security Agent Listener
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe" = C:\Documents and Settings\administrator\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
"C:\Documents and Settings\administrator\Local Settings\Temp\RarSFX0\Windows Utilities\Installer32\InstallationManager.exe" = C:\Documents and Settings\administrator\Local Settings\Temp\RarSFX0\Windows Utilities\Installer32\InstallationManager.exe:*:Enabled:Xerox Windows Common Installer
"C:\Documents and Settings\tech\Local Settings\Apps\2.0\0BCNA0DH.L68\Z4HC51ZO.22Q\kimw..tion_f914228da3ef8757_0001.003c_b556cbefa99aa34d\KimWindow.exe" = C:\Documents and Settings\tech\Local Settings\Apps\2.0\0BCNA0DH.L68\Z4HC51ZO.22Q\kimw..tion_f914228da3ef8757_0001.003c_b556cbefa99aa34d\KimWindow.exe:*:Disabled:KimWindow -- (optsp)
"C:\konicaminolta\Kim\Client\MonitoringTool\RemoteServer\MTool.RemoteServer.exe" = C:\konicaminolta\Kim\Client\MonitoringTool\RemoteServer\MTool.RemoteServer.exe:*:Disabled:MTool.RemoteService -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\konicaminolta\Kim\Client\MonitoringTool\RemoteServer\MTool.RemoteServer.exe" = C:\konicaminolta\Kim\Client\MonitoringTool\RemoteServer\MTool.RemoteServer.exe:*:Disabled:MTool.RemoteService -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{61D7AE0A-D3B1-4BF7-9CE5-8D67DFFA1B0A}" = AX88178 Windows XP Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8456195C-3BA3-45A4-A6A7-30AE7A62EADB}" = Trend Micro Worry-Free Business Security Agent
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD6130F9-DB76-4FD3-ADEC-99F5A0D3A746}" = VIA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F692B23E-A1F9-4FB6-89AC-792F5D6C0599}" = Diagnostic Imaging Atlas
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{61D7AE0A-D3B1-4BF7-9CE5-8D67DFFA1B0A}" = AX88178 Windows XP Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Pet Portal Data Transfer" = Pet Portal Data Transfer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wofie" = Trend Micro Worry-Free Business Security Agent
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xerox_Support_Centre" = Xerox Support Centre
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
Error - 1/16/2014 9:32:12 AM | Computer Name = RM4 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....authrootseq.txt>
 with error: This network connection does not exist. 
 
[ System Events ]
Error - 2/3/2014 4:23:26 PM | Computer Name = RM4 | Source = TermServDevices | ID = 1111
Description = Driver Microsoft Shared Fax Driver required for printer Fax is unknown.
 Contact the administrator to install the driver before you log in again.
 
Error - 2/10/2014 10:29:04 AM | Computer Name = RM4 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.  The
 backup browser is stopping.
 
Error - 2/11/2014 11:45:04 AM | Computer Name = RM4 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.  The
 backup browser is stopping.
 
Error - 2/13/2014 5:46:22 AM | Computer Name = RM4 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.  The
 backup browser is stopping.
 
Error - 2/24/2014 10:39:22 AM | Computer Name = RM4 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
 times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.  The
 backup browser is stopping.
 
 
< End of report >
 

 

Thank you

 

 

 


    Advertisements

Register to Remove


#2 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 01 March 2014 - 05:38 AM

:welcome:

Hello 83valentine,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
Graduate of the WTT Classroom
Cheers,
Jo

#3 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 04 March 2014 - 02:57 AM


Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.
Graduate of the WTT Classroom
Cheers,
Jo

#4 83valentine

83valentine

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 04 March 2014 - 07:14 AM

Sorry, yes I still need help will reply to post this afternoon. Have been away from computer this weekend.

#5 83valentine

83valentine

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 04 March 2014 - 11:00 AM

 Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Trend Micro Security Agent  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Malwarebytes Anti-Malware version 1.75.0.1300 
 HijackThis 2.0.2   
 Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Trend Micro OfficeScan Client pccntmon.exe
 Trend Micro Security Agent ntrtscan.exe 
 Trend Micro Security Agent tmlisten.exe 
 Trend Micro Security Agent TmProxy.exe 
 Trend Micro BM TMBMSRV.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2014 01
Ran by Administrator (administrator) on RM4 on 04-03-2014 10:52:18
Running from C:\Documents and Settings\administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\TmProxy.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\pccntmon.exe
() C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe
(Microsoft Corporation) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [OfficeScanNT Monitor] - C:\Program Files\Trend Micro\Security Agent\pccntmon.exe [1373040 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKU\S-1-5-21-1951382-3801802459-3850981174-500\...\MountPoints2: {459bf7b6-6180-11e2-8fa8-806d6172696f} - D:\autorun.exe index.html
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DIA File Watcher (EyeFi).lnk
ShortcutTarget: DIA File Watcher (EyeFi).lnk -> C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe ()
Startup: C:\Documents and Settings\tech\Start Menu\Programs\Startup\MTool.RemoteServer.lnk
ShortcutTarget: MTool.RemoteServer.lnk -> C:\konicaminolta\Kim\Client\MonitoringTool\RemoteServer\MTool.RemoteServer.exe ()
Startup: C:\Documents and Settings\tech\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1358866712532
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1358884253169
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.113.2

========================== Services (Whitelisted) =================

S4 NewServiceInstall1; C:\Program Files\Elinc\Via\Via Service\Eklin.Via.Service.exe [13824 2013-06-28] (VIA Information Systems)
R2 ntrtscan; C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe [2275336 2012-12-18] (Trend Micro Inc.)
R3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345648 2012-10-30] (Trend Micro Inc.)
R2 tmlisten; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [2293088 2013-08-29] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files\Trend Micro\Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

S3 AX88178; C:\WINDOWS\System32\DRIVERS\ax88178.sys [39936 2010-11-24] (ASIX Electronics Corp.)
R2 tmactmon; C:\WINDOWS\system32\drivers\tmactmon.sys [74600 2012-10-30] (Trend Micro Inc.)
R2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [258976 2012-11-13] (Trend Micro Inc.)
R2 tmevtmgr; C:\WINDOWS\system32\drivers\tmevtmgr.sys [62728 2012-10-30] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90448 2011-08-31] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-04 10:52 - 2014-03-04 10:52 - 00006294 _____ () C:\Documents and Settings\administrator\Desktop\FRST.txt
2014-03-04 10:52 - 2014-03-04 10:52 - 00000000 ____D () C:\FRST
2014-03-04 10:50 - 2014-03-04 10:50 - 00001201 _____ () C:\Documents and Settings\administrator\Desktop\checkup.txt
2014-03-04 09:00 - 2014-03-04 09:00 - 01145344 _____ (Farbar) C:\Documents and Settings\administrator\Desktop\FRST.exe
2014-03-04 08:59 - 2014-03-04 08:59 - 00987425 _____ () C:\Documents and Settings\administrator\Desktop\SecurityCheck.exe
2014-03-01 07:57 - 2014-03-01 08:55 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\Application Data\OvsDia
2014-02-27 09:45 - 2014-02-27 09:45 - 00063564 _____ () C:\Documents and Settings\administrator\Desktop\OTL.Txt
2014-02-27 09:45 - 2014-02-27 09:45 - 00029812 _____ () C:\Documents and Settings\administrator\Desktop\Extras.Txt
2014-02-27 09:30 - 2014-02-27 09:31 - 00625664 _____ () C:\Documents and Settings\administrator\Desktop\dds.scr
2014-02-27 09:28 - 2014-02-27 09:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\administrator\Desktop\OTL.exe
2014-02-27 09:25 - 2014-02-27 09:28 - 00004422 _____ () C:\Documents and Settings\administrator\Desktop\hijackthis.log
2014-02-27 09:25 - 2009-10-13 11:48 - 00401720 _____ (Trend Micro Inc.) C:\Documents and Settings\administrator\Desktop\HijackThis.exe
2014-02-13 03:17 - 2014-02-13 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 03:05 - 2014-02-13 03:06 - 00012016 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 03:04 - 2014-02-13 03:05 - 00004752 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 18:36 - 2014-02-13 03:17 - 00014475 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 09:28 - 2014-02-11 09:28 - 00050688 _____ (Atribune.org) C:\Documents and Settings\tech\Desktop\ATF_Cleaner.exe

==================== One Month Modified Files and Folders =======

2014-03-04 10:52 - 2014-03-04 10:52 - 00006294 _____ () C:\Documents and Settings\administrator\Desktop\FRST.txt
2014-03-04 10:52 - 2014-03-04 10:52 - 00000000 ____D () C:\FRST
2014-03-04 10:52 - 2013-02-26 16:22 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F2B7E73-B049-423D-9B6C-72EBFBDF731B}.job
2014-03-04 10:50 - 2014-03-04 10:50 - 00001201 _____ () C:\Documents and Settings\administrator\Desktop\checkup.txt
2014-03-04 10:50 - 2013-01-22 11:09 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{018DE095-827F-4162-82C0-68BBD2A0C85F}.job
2014-03-04 10:03 - 2013-11-06 16:09 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-04 09:27 - 2013-01-18 17:21 - 00000120 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-03-04 09:06 - 2013-01-22 13:49 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{8C306F95-8AAC-4620-9025-E5A678B16158}.job
2014-03-04 09:00 - 2014-03-04 09:00 - 01145344 _____ (Farbar) C:\Documents and Settings\administrator\Desktop\FRST.exe
2014-03-04 09:00 - 2013-01-31 15:12 - 00014250 _____ () C:\WINDOWS\cfgall.ini
2014-03-04 09:00 - 2013-01-31 15:11 - 09378328 _____ () C:\WINDOWS\system32\TmInstall.log
2014-03-04 08:59 - 2014-03-04 08:59 - 00987425 _____ () C:\Documents and Settings\administrator\Desktop\SecurityCheck.exe
2014-03-04 05:42 - 2013-01-18 09:27 - 00000000 ____D () C:\WINDOWS\security
2014-03-04 05:36 - 2013-01-18 15:50 - 01197133 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-04 00:04 - 2013-01-18 16:12 - 00032482 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-04 00:00 - 2013-12-20 12:49 - 00000274 _____ () C:\WINDOWS\Tasks\TMLogs.job
2014-03-03 19:30 - 2013-01-22 17:15 - 00000000 ____D () C:\petportals
2014-03-03 19:30 - 2013-01-22 17:09 - 00000248 _____ () C:\WINDOWS\Tasks\Vetstreet Data Transfer.job
2014-03-01 08:55 - 2014-03-01 07:57 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\Application Data\OvsDia
2014-02-28 08:57 - 2004-08-04 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-27 19:30 - 2013-01-18 17:24 - 00000178 ___SH () C:\Documents and Settings\administrator\ntuser.ini
2014-02-27 09:45 - 2014-02-27 09:45 - 00063564 _____ () C:\Documents and Settings\administrator\Desktop\OTL.Txt
2014-02-27 09:45 - 2014-02-27 09:45 - 00029812 _____ () C:\Documents and Settings\administrator\Desktop\Extras.Txt
2014-02-27 09:31 - 2014-02-27 09:30 - 00625664 _____ () C:\Documents and Settings\administrator\Desktop\dds.scr
2014-02-27 09:28 - 2014-02-27 09:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\administrator\Desktop\OTL.exe
2014-02-27 09:28 - 2014-02-27 09:25 - 00004422 _____ () C:\Documents and Settings\administrator\Desktop\hijackthis.log
2014-02-27 09:24 - 2013-01-18 18:04 - 00000178 ___SH () C:\Documents and Settings\tech\ntuser.ini
2014-02-27 09:23 - 2013-01-18 09:35 - 00465655 _____ () C:\WINDOWS\setupapi.log
2014-02-27 07:18 - 2013-01-18 17:22 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-27 07:18 - 2013-01-18 16:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-25 15:18 - 2013-12-20 12:46 - 00000000 ____D () C:\Documents and Settings\tech\Local Settings\Application Data\Deployment
2014-02-20 17:03 - 2013-11-06 16:09 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-20 17:03 - 2013-11-06 16:09 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-13 03:26 - 2013-01-18 17:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 03:17 - 2014-02-13 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 03:17 - 2014-02-12 18:36 - 00014475 _____ () C:\WINDOWS\KB2916036.log
2014-02-13 03:17 - 2013-01-22 11:03 - 00186674 _____ () C:\WINDOWS\updspapi.log
2014-02-13 03:17 - 2013-01-18 09:36 - 01310043 _____ () C:\WINDOWS\iis6.log
2014-02-13 03:17 - 2013-01-18 09:36 - 01192462 _____ () C:\WINDOWS\FaxSetup.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00579077 _____ () C:\WINDOWS\ocgen.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00548008 _____ () C:\WINDOWS\tsoc.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00404744 _____ () C:\WINDOWS\comsetup.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00368222 _____ () C:\WINDOWS\msmqinst.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00243371 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00209317 _____ () C:\WINDOWS\netfxocm.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00083216 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00066026 _____ () C:\WINDOWS\ocmsn.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00060851 _____ () C:\WINDOWS\tabletoc.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00059734 _____ () C:\WINDOWS\msgsocm.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00001809 _____ () C:\WINDOWS\imsins.log
2014-02-13 03:15 - 2013-01-18 09:36 - 00524780 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-13 03:11 - 2013-08-16 02:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 03:06 - 2014-02-13 03:05 - 00012016 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 03:06 - 2013-01-22 13:32 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 03:06 - 2013-01-18 09:36 - 00001809 _____ () C:\WINDOWS\imsins.BAK
2014-02-13 03:05 - 2014-02-13 03:04 - 00004752 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-13 03:05 - 2013-01-22 13:13 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-11 09:28 - 2014-02-11 09:28 - 00050688 _____ (Atribune.org) C:\Documents and Settings\tech\Desktop\ATF_Cleaner.exe
2014-02-11 09:18 - 2013-11-06 17:12 - 00527952 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-06 03:54 - 2004-08-04 06:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2004-08-04 06:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 17:26 - 2013-01-22 12:59 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 17:26 - 2013-01-18 15:49 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 17:26 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 17:26 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 17:26 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 17:26 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 17:26 - 2004-08-04 06:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 17:26 - 2004-08-04 06:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 16:24 - 2004-08-04 06:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2014 01
Ran by Administrator at 2014-03-04 10:53:05
Running from C:\Documents and Settings\administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Trend Micro Security Agent (Disabled - Up to date) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
AX88178 Windows XP Drivers (HKLM\...\InstallShield_{61D7AE0A-D3B1-4BF7-9CE5-8D67DFFA1B0A}) (Version: 1.0.1.0 - ASIX Electronics Corporation)
AX88178 Windows XP Drivers (Version: 1.0.1.0 - ASIX Electronics Corporation) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Diagnostic Imaging Atlas (HKLM\...\{F692B23E-A1F9-4FB6-89AC-792F5D6C0599}) (Version: 2.1 - Odyssey Veterinary Software)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Pet Portal Data Transfer (HKLM\...\Pet Portal Data Transfer) (Version:  - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 18.0.2013 - Trend Micro Inc.)
Trend Micro Worry-Free Business Security Agent (Version: 8.0.0 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VIA (HKLM\...\{CD6130F9-DB76-4FD3-ADEC-99F5A0D3A746}) (Version: 7.1.0 - VIA Information Systems)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Xerox Support Centre (HKLM\...\Xerox_Support_Centre) (Version:  - )

==================== Restore Points  =========================

05-12-2013 00:52:25 System Checkpoint
06-12-2013 00:54:19 System Checkpoint
07-12-2013 01:54:22 System Checkpoint
08-12-2013 02:54:20 System Checkpoint
09-12-2013 03:54:21 System Checkpoint
10-12-2013 05:42:23 System Checkpoint
11-12-2013 05:54:22 System Checkpoint
12-12-2013 06:54:23 System Checkpoint
12-12-2013 09:00:16 Software Distribution Service 3.0
13-12-2013 09:00:16 Software Distribution Service 3.0
14-12-2013 09:04:20 System Checkpoint
15-12-2013 10:04:21 System Checkpoint
16-12-2013 11:04:22 System Checkpoint
17-12-2013 13:28:23 System Checkpoint
19-12-2013 00:17:37 System Checkpoint
20-12-2013 02:28:25 System Checkpoint
20-12-2013 18:44:54 Installed Microsoft Visual C++ 2005 Redistributable
21-12-2013 18:57:55 System Checkpoint
22-12-2013 19:57:56 System Checkpoint
23-12-2013 22:21:32 System Checkpoint
24-12-2013 22:57:57 System Checkpoint
25-12-2013 23:57:57 System Checkpoint
27-12-2013 03:58:01 System Checkpoint
28-12-2013 04:57:59 System Checkpoint
29-12-2013 04:59:11 System Checkpoint
30-12-2013 05:59:13 System Checkpoint
31-12-2013 06:59:02 System Checkpoint
01-01-2014 07:59:05 System Checkpoint
02-01-2014 08:59:06 System Checkpoint
03-01-2014 09:59:03 System Checkpoint
04-01-2014 10:59:03 System Checkpoint
05-01-2014 11:59:05 System Checkpoint
06-01-2014 12:59:05 System Checkpoint
07-01-2014 15:22:19 System Checkpoint
09-01-2014 00:49:28 System Checkpoint
10-01-2014 00:55:29 System Checkpoint
11-01-2014 01:54:25 System Checkpoint
12-01-2014 04:18:28 System Checkpoint
13-01-2014 05:06:27 System Checkpoint
14-01-2014 05:57:55 System Checkpoint
15-01-2014 06:52:21 System Checkpoint
15-01-2014 09:00:16 Software Distribution Service 3.0
16-01-2014 09:12:47 System Checkpoint
17-01-2014 10:12:48 System Checkpoint
18-01-2014 11:12:48 System Checkpoint
19-01-2014 12:12:49 System Checkpoint
20-01-2014 13:12:50 System Checkpoint
21-01-2014 14:12:50 System Checkpoint
22-01-2014 23:44:54 System Checkpoint
24-01-2014 00:12:51 System Checkpoint
25-01-2014 00:33:29 System Checkpoint
26-01-2014 00:36:54 System Checkpoint
27-01-2014 01:36:54 System Checkpoint
28-01-2014 02:12:54 System Checkpoint
29-01-2014 03:12:55 System Checkpoint
30-01-2014 04:12:55 System Checkpoint
31-01-2014 05:12:57 System Checkpoint
01-02-2014 05:29:28 System Checkpoint
02-02-2014 05:55:07 System Checkpoint
03-02-2014 11:19:00 System Checkpoint
04-02-2014 12:29:31 System Checkpoint
05-02-2014 14:04:59 System Checkpoint
06-02-2014 15:04:29 System Checkpoint
07-02-2014 15:33:21 System Checkpoint
08-02-2014 16:56:34 System Checkpoint
10-02-2014 13:52:41 System Checkpoint
11-02-2014 15:47:03 System Checkpoint
12-02-2014 17:15:28 System Checkpoint
13-02-2014 09:00:17 Software Distribution Service 3.0
14-02-2014 09:23:31 System Checkpoint
15-02-2014 09:28:02 System Checkpoint
16-02-2014 10:28:02 System Checkpoint
17-02-2014 11:28:02 System Checkpoint
18-02-2014 12:28:03 System Checkpoint
19-02-2014 13:28:03 System Checkpoint
20-02-2014 14:28:04 System Checkpoint
21-02-2014 15:28:04 System Checkpoint
22-02-2014 15:29:28 System Checkpoint
24-02-2014 14:09:59 System Checkpoint
25-02-2014 16:04:04 System Checkpoint
27-02-2014 00:29:52 System Checkpoint
27-02-2014 15:35:02 OTL Restore Point - 2/27/2014 9:34:58 AM
28-02-2014 15:37:33 System Checkpoint
01-03-2014 15:38:03 System Checkpoint
02-03-2014 15:47:49 System Checkpoint
03-03-2014 16:59:18 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 06:00 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\TMLogs.job => C:\KonicaMinolta\Kim\Client\TM\KM.ImageManager.Scheduler.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{018DE095-827F-4162-82C0-68BBD2A0C85F}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F2B7E73-B049-423D-9B6C-72EBFBDF731B}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8C306F95-8AAC-4620-9025-E5A678B16158}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\Vetstreet Data Transfer.job => c:\petportals\vixfer.exe

==================== Loaded Modules (whitelisted) =============

2011-08-31 13:55 - 2011-08-31 13:55 - 00499712 _____ () C:\Program Files\Trend Micro\Security Agent\sqlite3.dll
2008-02-02 20:06 - 2008-02-02 20:06 - 00086016 _____ () C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2014 04:50:09 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application via.exe, version 7.1.0.0, stamp 51cdfb7b, faulting module msvbvm60.dll, version 6.0.98.2, stamp 4802a186, debug? 0, fault address 0x000ce380.

Error: (02/26/2014 06:02:09 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application via.exe, version 7.1.0.0, stamp 51cdfb7b, faulting module crqe.dll, version 11.5.12.1977, stamp 4bcd745d, debug? 0, fault address 0x000152bf.

Error: (02/11/2014 09:31:28 AM) (Source: Application Error) (User: )
Description: Fault bucket -483413774.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (02/11/2014 09:30:10 AM) (Source: Application Error) (User: )
Description: Faulting application TmListen.exe, version 18.0.0.2013, faulting module TmSock.dll, version 18.0.0.1267, fault address 0x00038af2.
Error in creating result PEAP-TLV in response to received PEAP-TLV (TmListen.exe!ld!)

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

System errors:
=============
Error: (02/27/2014 10:57:25 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/24/2014 08:39:22 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/13/2014 03:46:22 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/11/2014 09:45:04 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/10/2014 08:29:04 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/03/2014 02:23:26 PM) (Source: TermServDevices) (User: )
Description: Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.

Microsoft Office Sessions:
=========================
Error: (02/28/2014 04:50:09 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: via.exe7.1.0.051cdfb7bmsvbvm60.dll6.0.98.24802a1860000ce380

Error: (02/26/2014 06:02:09 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: via.exe7.1.0.051cdfb7bcrqe.dll11.5.12.19774bcd745d0000152bf

Error: (02/11/2014 09:31:28 AM) (Source: Application Error)(User: )
Description: -483413774

Error: (02/11/2014 09:30:10 AM) (Source: Application Error)(User: )
Description: TmListen.exe18.0.0.2013TmSock.dll18.0.0.126700038af2

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3574.07 MB
Available physical RAM: 2917.23 MB
Total Pagefile: 4934.54 MB
Available Pagefile: 4450.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:59.92 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 09F7A3EE)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Thank You



#6 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 04 March 2014 - 11:27 AM

Hello 83valentine,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo

#7 83valentine

83valentine

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 04 March 2014 - 04:57 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.04.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: RM4 [administrator]

3/4/2014 1:43:00 PM
mbar-log-2014-03-04 (13-43-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 255871
Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

# AdwCleaner v3.020 - Report created 04/03/2014 at 13:56:17
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - RM4
# Running from : C:\Documents and Settings\administrator\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\administrator\Application Data\SearchProtect
Folder Found C:\Documents and Settings\administrator\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\tech\Application Data\SearchProtect
Folder Found C:\Documents and Settings\tech\Local Settings\Application Data\Conduit
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Description
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{324B571A-7837-4A8A-AB4E-64FC421CE1F1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343AE264-1638-451C-8779-6873CAC2CD26}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\WhiteSmoke_B

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [1747 octets] - [04/03/2014 13:56:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1807 octets] ##########

 

 

As far as i can tell niether program found anything.  When I found the issue previously, i was logged in as a different user.  All of these scans have been run as administrator.  Please let me know if I need to do anything under that user.



#8 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 05 March 2014 - 07:33 AM

Hello 83valentine,

the best is to run these scans as administrator.

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo

#9 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 07 March 2014 - 03:18 AM

Hello,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.
Graduate of the WTT Classroom
Cheers,
Jo

#10 83valentine

83valentine

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 07 March 2014 - 06:58 AM

Sorry, I posted a question, after your last reply and was waiting for an answer. Looking now, it did not post.

When I run adwckeaner, how do I know which elements I should keep?

    Advertisements

Register to Remove


#11 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 07 March 2014 - 07:06 AM

Hi,

we did already scan with AdwCleaner (post #7
http://forums.whatth...75#entry844776)

There is nothing you should keep.

=> With this new scan all elements that AdwCleaner finds, can be deleted.
Graduate of the WTT Classroom
Cheers,
Jo

#12 83valentine

83valentine

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 07 March 2014 - 11:30 AM

# AdwCleaner v3.020 - Report created 07/03/2014 at 08:42:07
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - RM4
# Running from : C:\Documents and Settings\administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Documents and Settings\tech\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\tech\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\administrator\Application Data\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{324B571A-7837-4A8A-AB4E-64FC421CE1F1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343AE264-1638-451C-8779-6873CAC2CD26}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\WhiteSmoke_B

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [1887 octets] - [04/03/2014 13:56:17]
AdwCleaner[R1].txt - [1947 octets] - [05/03/2014 10:51:37]
AdwCleaner[R2].txt - [2007 octets] - [07/03/2014 08:36:30]
AdwCleaner[S0].txt - [1978 octets] - [07/03/2014 08:42:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2038 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Fri 03/07/2014 at  8:50:40.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at  8:55:43.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2014 01
Ran by Administrator (administrator) on RM4 on 07-03-2014 11:23:06
Running from C:\Documents and Settings\administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\Misc\xpupg.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Security Agent\Temp\pccntupd.exe
(Xerox Corporation) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\x2jobtEC.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [OfficeScanNT Monitor] - C:\Program Files\Trend Micro\Security Agent\pccntmon.exe [1373040 2013-08-29] (Trend Micro Inc.)
HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKU\S-1-5-21-1951382-3801802459-3850981174-500\...\MountPoints2: {459bf7b6-6180-11e2-8fa8-806d6172696f} - D:\autorun.exe index.html
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DIA File Watcher (EyeFi).lnk
ShortcutTarget: DIA File Watcher (EyeFi).lnk -> C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe ()
Startup: C:\Documents and Settings\tech\Start Menu\Programs\Startup\MTool.RemoteServer.lnk
ShortcutTarget: MTool.RemoteServer.lnk -> C:\konicaminolta\Kim\Client\MonitoringTool\RemoteServer\MTool.RemoteServer.exe ()
Startup: C:\Documents and Settings\tech\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1358866712532
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1358884253169
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.113.2

========================== Services (Whitelisted) =================

S4 NewServiceInstall1; C:\Program Files\Elinc\Via\Via Service\Eklin.Via.Service.exe [13824 2013-06-28] (VIA Information Systems)
S2 ntrtscan; C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe [2275336 2012-12-18] (Trend Micro Inc.)
S3 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345648 2012-10-30] (Trend Micro Inc.)
S2 tmlisten; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [2293088 2013-08-29] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Security Agent\TmProxy.exe [689712 2012-08-08] (Trend Micro Inc.)

==================== Drivers (Whitelisted) ====================

S3 AX88178; C:\WINDOWS\System32\DRIVERS\ax88178.sys [39936 2010-11-24] (ASIX Electronics Corp.)
S2 tmactmon; C:\WINDOWS\system32\drivers\tmactmon.sys [74600 2012-10-30] (Trend Micro Inc.)
S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [258976 2012-11-13] (Trend Micro Inc.)
S2 tmevtmgr; C:\WINDOWS\system32\drivers\tmevtmgr.sys [62728 2012-10-30] (Trend Micro Inc.)
S2 TmFilter; C:\Program Files\Trend Micro\Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [90448 2011-08-31] (Trend Micro Inc.)
S2 VSApiNt; C:\Program Files\Trend Micro\Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-07 08:55 - 2014-03-07 11:21 - 00000597 _____ () C:\Documents and Settings\administrator\Desktop\JRT.txt
2014-03-07 08:50 - 2014-03-07 08:50 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-07 08:48 - 2014-03-07 08:48 - 00002118 _____ () C:\Documents and Settings\administrator\Desktop\AdwCleaner[S0].txt
2014-03-05 10:50 - 2014-03-05 10:50 - 01037734 _____ (Thisisu) C:\Documents and Settings\administrator\Desktop\JRT.exe
2014-03-04 15:43 - 2014-03-04 15:43 - 00001887 _____ () C:\Documents and Settings\administrator\Desktop\AdwCleaner[R0].txt
2014-03-04 13:56 - 2014-03-07 08:42 - 00000000 ____D () C:\AdwCleaner
2014-03-04 13:42 - 2014-03-04 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-04 13:42 - 2014-03-04 13:42 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-04 13:41 - 2014-03-04 13:55 - 00000000 ____D () C:\Documents and Settings\administrator\Desktop\mbar
2014-03-04 13:41 - 2014-03-04 13:41 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-04 13:37 - 2014-03-04 13:37 - 01244192 _____ () C:\Documents and Settings\administrator\Desktop\AdwCleaner.exe
2014-03-04 13:35 - 2014-03-04 13:35 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\administrator\Desktop\mbar-1.07.0.1009.exe
2014-03-04 10:53 - 2014-03-04 10:53 - 00018281 _____ () C:\Documents and Settings\administrator\Desktop\Addition.txt
2014-03-04 10:52 - 2014-03-07 11:23 - 00006108 _____ () C:\Documents and Settings\administrator\Desktop\FRST.txt
2014-03-04 10:52 - 2014-03-07 11:23 - 00000000 ____D () C:\FRST
2014-03-04 10:50 - 2014-03-04 10:50 - 00001201 _____ () C:\Documents and Settings\administrator\Desktop\checkup.txt
2014-03-04 09:00 - 2014-03-04 09:00 - 01145344 _____ (Farbar) C:\Documents and Settings\administrator\Desktop\FRST.exe
2014-03-04 08:59 - 2014-03-04 08:59 - 00987425 _____ () C:\Documents and Settings\administrator\Desktop\SecurityCheck.exe
2014-03-01 07:57 - 2014-03-01 08:55 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\Application Data\OvsDia
2014-02-27 09:45 - 2014-02-27 09:45 - 00063564 _____ () C:\Documents and Settings\administrator\Desktop\OTL.Txt
2014-02-27 09:45 - 2014-02-27 09:45 - 00029812 _____ () C:\Documents and Settings\administrator\Desktop\Extras.Txt
2014-02-27 09:30 - 2014-02-27 09:31 - 00625664 _____ () C:\Documents and Settings\administrator\Desktop\dds.scr
2014-02-27 09:28 - 2014-02-27 09:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\administrator\Desktop\OTL.exe
2014-02-27 09:25 - 2014-02-27 09:28 - 00004422 _____ () C:\Documents and Settings\administrator\Desktop\hijackthis.log
2014-02-27 09:25 - 2009-10-13 11:48 - 00401720 _____ (Trend Micro Inc.) C:\Documents and Settings\administrator\Desktop\HijackThis.exe
2014-02-13 03:17 - 2014-02-13 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 03:05 - 2014-02-13 03:06 - 00012016 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 03:04 - 2014-02-13 03:05 - 00004752 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 18:36 - 2014-02-13 03:17 - 00014475 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 09:28 - 2014-02-11 09:28 - 00050688 _____ (Atribune.org) C:\Documents and Settings\tech\Desktop\ATF_Cleaner.exe

==================== One Month Modified Files and Folders =======

2014-03-07 11:23 - 2014-03-04 10:52 - 00006108 _____ () C:\Documents and Settings\administrator\Desktop\FRST.txt
2014-03-07 11:23 - 2014-03-04 10:52 - 00000000 ____D () C:\FRST
2014-03-07 11:22 - 2013-02-26 16:22 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F2B7E73-B049-423D-9B6C-72EBFBDF731B}.job
2014-03-07 11:21 - 2014-03-07 08:55 - 00000597 _____ () C:\Documents and Settings\administrator\Desktop\JRT.txt
2014-03-07 11:20 - 2013-01-22 13:49 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{8C306F95-8AAC-4620-9025-E5A678B16158}.job
2014-03-07 11:19 - 2013-01-22 11:09 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{018DE095-827F-4162-82C0-68BBD2A0C85F}.job
2014-03-07 11:18 - 2013-01-18 15:50 - 01276762 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-07 11:03 - 2013-11-06 16:09 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-07 10:33 - 2013-01-18 17:21 - 00000120 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-03-07 08:50 - 2014-03-07 08:50 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-07 08:48 - 2014-03-07 08:48 - 00002118 _____ () C:\Documents and Settings\administrator\Desktop\AdwCleaner[S0].txt
2014-03-07 08:47 - 2004-08-04 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-07 08:44 - 2013-01-31 15:12 - 00014250 _____ () C:\WINDOWS\cfgall.ini
2014-03-07 08:44 - 2013-01-31 15:11 - 09498432 _____ () C:\WINDOWS\system32\TmInstall.log
2014-03-07 08:43 - 2013-11-06 17:12 - 00527952 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-03-07 08:43 - 2013-01-18 17:24 - 00000178 ___SH () C:\Documents and Settings\administrator\ntuser.ini
2014-03-07 08:43 - 2013-01-18 16:12 - 00032498 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-07 08:43 - 2013-01-18 09:27 - 00000000 ____D () C:\WINDOWS\security
2014-03-07 08:42 - 2014-03-04 13:56 - 00000000 ____D () C:\AdwCleaner
2014-03-07 08:42 - 2013-01-18 16:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-07 00:00 - 2013-12-20 12:49 - 00000274 _____ () C:\WINDOWS\Tasks\TMLogs.job
2014-03-06 19:30 - 2013-01-22 17:15 - 00000000 ____D () C:\petportals
2014-03-06 19:30 - 2013-01-22 17:09 - 00000248 _____ () C:\WINDOWS\Tasks\Vetstreet Data Transfer.job
2014-03-05 10:50 - 2014-03-05 10:50 - 01037734 _____ (Thisisu) C:\Documents and Settings\administrator\Desktop\JRT.exe
2014-03-04 15:43 - 2014-03-04 15:43 - 00001887 _____ () C:\Documents and Settings\administrator\Desktop\AdwCleaner[R0].txt
2014-03-04 13:55 - 2014-03-04 13:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-03-04 13:55 - 2014-03-04 13:41 - 00000000 ____D () C:\Documents and Settings\administrator\Desktop\mbar
2014-03-04 13:42 - 2014-03-04 13:42 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-04 13:41 - 2014-03-04 13:41 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-04 13:37 - 2014-03-04 13:37 - 01244192 _____ () C:\Documents and Settings\administrator\Desktop\AdwCleaner.exe
2014-03-04 13:35 - 2014-03-04 13:35 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\administrator\Desktop\mbar-1.07.0.1009.exe
2014-03-04 10:53 - 2014-03-04 10:53 - 00018281 _____ () C:\Documents and Settings\administrator\Desktop\Addition.txt
2014-03-04 10:50 - 2014-03-04 10:50 - 00001201 _____ () C:\Documents and Settings\administrator\Desktop\checkup.txt
2014-03-04 09:00 - 2014-03-04 09:00 - 01145344 _____ (Farbar) C:\Documents and Settings\administrator\Desktop\FRST.exe
2014-03-04 08:59 - 2014-03-04 08:59 - 00987425 _____ () C:\Documents and Settings\administrator\Desktop\SecurityCheck.exe
2014-03-01 08:55 - 2014-03-01 07:57 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\Application Data\OvsDia
2014-02-27 09:45 - 2014-02-27 09:45 - 00063564 _____ () C:\Documents and Settings\administrator\Desktop\OTL.Txt
2014-02-27 09:45 - 2014-02-27 09:45 - 00029812 _____ () C:\Documents and Settings\administrator\Desktop\Extras.Txt
2014-02-27 09:31 - 2014-02-27 09:30 - 00625664 _____ () C:\Documents and Settings\administrator\Desktop\dds.scr
2014-02-27 09:28 - 2014-02-27 09:28 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\administrator\Desktop\OTL.exe
2014-02-27 09:28 - 2014-02-27 09:25 - 00004422 _____ () C:\Documents and Settings\administrator\Desktop\hijackthis.log
2014-02-27 09:24 - 2013-01-18 18:04 - 00000178 ___SH () C:\Documents and Settings\tech\ntuser.ini
2014-02-27 09:23 - 2013-01-18 09:35 - 00465655 _____ () C:\WINDOWS\setupapi.log
2014-02-27 07:18 - 2013-01-18 17:22 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-25 15:18 - 2013-12-20 12:46 - 00000000 ____D () C:\Documents and Settings\tech\Local Settings\Application Data\Deployment
2014-02-20 17:03 - 2013-11-06 16:09 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-20 17:03 - 2013-11-06 16:09 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-13 03:26 - 2013-01-18 17:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 03:17 - 2014-02-13 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 03:17 - 2014-02-12 18:36 - 00014475 _____ () C:\WINDOWS\KB2916036.log
2014-02-13 03:17 - 2013-01-22 11:03 - 00186674 _____ () C:\WINDOWS\updspapi.log
2014-02-13 03:17 - 2013-01-18 09:36 - 01310043 _____ () C:\WINDOWS\iis6.log
2014-02-13 03:17 - 2013-01-18 09:36 - 01192462 _____ () C:\WINDOWS\FaxSetup.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00579077 _____ () C:\WINDOWS\ocgen.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00548008 _____ () C:\WINDOWS\tsoc.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00404744 _____ () C:\WINDOWS\comsetup.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00368222 _____ () C:\WINDOWS\msmqinst.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00243371 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00209317 _____ () C:\WINDOWS\netfxocm.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00083216 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00066026 _____ () C:\WINDOWS\ocmsn.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00060851 _____ () C:\WINDOWS\tabletoc.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00059734 _____ () C:\WINDOWS\msgsocm.log
2014-02-13 03:17 - 2013-01-18 09:36 - 00001809 _____ () C:\WINDOWS\imsins.log
2014-02-13 03:15 - 2013-01-18 09:36 - 00524780 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-13 03:11 - 2013-08-16 02:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 03:06 - 2014-02-13 03:05 - 00012016 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 03:06 - 2013-01-22 13:32 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 03:06 - 2013-01-18 09:36 - 00001809 _____ () C:\WINDOWS\imsins.BAK
2014-02-13 03:05 - 2014-02-13 03:04 - 00004752 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-13 03:05 - 2013-01-22 13:13 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-11 09:28 - 2014-02-11 09:28 - 00050688 _____ (Atribune.org) C:\Documents and Settings\tech\Desktop\ATF_Cleaner.exe
2014-02-06 03:54 - 2004-08-04 06:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2004-08-04 06:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 17:26 - 2013-01-22 12:59 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 17:26 - 2013-01-22 12:59 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 17:26 - 2013-01-18 15:49 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 17:26 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 17:26 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 17:26 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 17:26 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 17:26 - 2004-08-04 06:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 17:26 - 2004-08-04 06:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 17:26 - 2004-08-04 06:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 16:24 - 2004-08-04 06:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

Some content of TEMP:
====================
C:\Documents and Settings\administrator\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2014 01
Ran by Administrator at 2014-03-04 10:53:05
Running from C:\Documents and Settings\administrator\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Trend Micro Security Agent (Disabled - Up to date) {4CA5B9AB-4295-4D4C-9664-0EBE85AE0525}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
AX88178 Windows XP Drivers (HKLM\...\InstallShield_{61D7AE0A-D3B1-4BF7-9CE5-8D67DFFA1B0A}) (Version: 1.0.1.0 - ASIX Electronics Corporation)
AX88178 Windows XP Drivers (Version: 1.0.1.0 - ASIX Electronics Corporation) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.10.07 - Broadcom Corporation)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Diagnostic Imaging Atlas (HKLM\...\{F692B23E-A1F9-4FB6-89AC-792F5D6C0599}) (Version: 2.1 - Odyssey Veterinary Software)
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Pet Portal Data Transfer (HKLM\...\Pet Portal Data Transfer) (Version:  - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 18.0.2013 - Trend Micro Inc.)
Trend Micro Worry-Free Business Security Agent (Version: 8.0.0 - Trend Micro Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VIA (HKLM\...\{CD6130F9-DB76-4FD3-ADEC-99F5A0D3A746}) (Version: 7.1.0 - VIA Information Systems)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Xerox Support Centre (HKLM\...\Xerox_Support_Centre) (Version:  - )

==================== Restore Points  =========================

05-12-2013 00:52:25 System Checkpoint
06-12-2013 00:54:19 System Checkpoint
07-12-2013 01:54:22 System Checkpoint
08-12-2013 02:54:20 System Checkpoint
09-12-2013 03:54:21 System Checkpoint
10-12-2013 05:42:23 System Checkpoint
11-12-2013 05:54:22 System Checkpoint
12-12-2013 06:54:23 System Checkpoint
12-12-2013 09:00:16 Software Distribution Service 3.0
13-12-2013 09:00:16 Software Distribution Service 3.0
14-12-2013 09:04:20 System Checkpoint
15-12-2013 10:04:21 System Checkpoint
16-12-2013 11:04:22 System Checkpoint
17-12-2013 13:28:23 System Checkpoint
19-12-2013 00:17:37 System Checkpoint
20-12-2013 02:28:25 System Checkpoint
20-12-2013 18:44:54 Installed Microsoft Visual C++ 2005 Redistributable
21-12-2013 18:57:55 System Checkpoint
22-12-2013 19:57:56 System Checkpoint
23-12-2013 22:21:32 System Checkpoint
24-12-2013 22:57:57 System Checkpoint
25-12-2013 23:57:57 System Checkpoint
27-12-2013 03:58:01 System Checkpoint
28-12-2013 04:57:59 System Checkpoint
29-12-2013 04:59:11 System Checkpoint
30-12-2013 05:59:13 System Checkpoint
31-12-2013 06:59:02 System Checkpoint
01-01-2014 07:59:05 System Checkpoint
02-01-2014 08:59:06 System Checkpoint
03-01-2014 09:59:03 System Checkpoint
04-01-2014 10:59:03 System Checkpoint
05-01-2014 11:59:05 System Checkpoint
06-01-2014 12:59:05 System Checkpoint
07-01-2014 15:22:19 System Checkpoint
09-01-2014 00:49:28 System Checkpoint
10-01-2014 00:55:29 System Checkpoint
11-01-2014 01:54:25 System Checkpoint
12-01-2014 04:18:28 System Checkpoint
13-01-2014 05:06:27 System Checkpoint
14-01-2014 05:57:55 System Checkpoint
15-01-2014 06:52:21 System Checkpoint
15-01-2014 09:00:16 Software Distribution Service 3.0
16-01-2014 09:12:47 System Checkpoint
17-01-2014 10:12:48 System Checkpoint
18-01-2014 11:12:48 System Checkpoint
19-01-2014 12:12:49 System Checkpoint
20-01-2014 13:12:50 System Checkpoint
21-01-2014 14:12:50 System Checkpoint
22-01-2014 23:44:54 System Checkpoint
24-01-2014 00:12:51 System Checkpoint
25-01-2014 00:33:29 System Checkpoint
26-01-2014 00:36:54 System Checkpoint
27-01-2014 01:36:54 System Checkpoint
28-01-2014 02:12:54 System Checkpoint
29-01-2014 03:12:55 System Checkpoint
30-01-2014 04:12:55 System Checkpoint
31-01-2014 05:12:57 System Checkpoint
01-02-2014 05:29:28 System Checkpoint
02-02-2014 05:55:07 System Checkpoint
03-02-2014 11:19:00 System Checkpoint
04-02-2014 12:29:31 System Checkpoint
05-02-2014 14:04:59 System Checkpoint
06-02-2014 15:04:29 System Checkpoint
07-02-2014 15:33:21 System Checkpoint
08-02-2014 16:56:34 System Checkpoint
10-02-2014 13:52:41 System Checkpoint
11-02-2014 15:47:03 System Checkpoint
12-02-2014 17:15:28 System Checkpoint
13-02-2014 09:00:17 Software Distribution Service 3.0
14-02-2014 09:23:31 System Checkpoint
15-02-2014 09:28:02 System Checkpoint
16-02-2014 10:28:02 System Checkpoint
17-02-2014 11:28:02 System Checkpoint
18-02-2014 12:28:03 System Checkpoint
19-02-2014 13:28:03 System Checkpoint
20-02-2014 14:28:04 System Checkpoint
21-02-2014 15:28:04 System Checkpoint
22-02-2014 15:29:28 System Checkpoint
24-02-2014 14:09:59 System Checkpoint
25-02-2014 16:04:04 System Checkpoint
27-02-2014 00:29:52 System Checkpoint
27-02-2014 15:35:02 OTL Restore Point - 2/27/2014 9:34:58 AM
28-02-2014 15:37:33 System Checkpoint
01-03-2014 15:38:03 System Checkpoint
02-03-2014 15:47:49 System Checkpoint
03-03-2014 16:59:18 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 06:00 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\TMLogs.job => C:\KonicaMinolta\Kim\Client\TM\KM.ImageManager.Scheduler.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{018DE095-827F-4162-82C0-68BBD2A0C85F}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{2F2B7E73-B049-423D-9B6C-72EBFBDF731B}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8C306F95-8AAC-4620-9025-E5A678B16158}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\Vetstreet Data Transfer.job => c:\petportals\vixfer.exe

==================== Loaded Modules (whitelisted) =============

2011-08-31 13:55 - 2011-08-31 13:55 - 00499712 _____ () C:\Program Files\Trend Micro\Security Agent\sqlite3.dll
2008-02-02 20:06 - 2008-02-02 20:06 - 00086016 _____ () C:\Program Files\Odyssey Veterinary Software\Diagnostic Imaging Atlas\DiaFileWatcher.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2014 04:50:09 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application via.exe, version 7.1.0.0, stamp 51cdfb7b, faulting module msvbvm60.dll, version 6.0.98.2, stamp 4802a186, debug? 0, fault address 0x000ce380.

Error: (02/26/2014 06:02:09 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application via.exe, version 7.1.0.0, stamp 51cdfb7b, faulting module crqe.dll, version 11.5.12.1977, stamp 4bcd745d, debug? 0, fault address 0x000152bf.

Error: (02/11/2014 09:31:28 AM) (Source: Application Error) (User: )
Description: Fault bucket -483413774.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (02/11/2014 09:30:10 AM) (Source: Application Error) (User: )
Description: Faulting application TmListen.exe, version 18.0.0.2013, faulting module TmSock.dll, version 18.0.0.1267, fault address 0x00038af2.
Error in creating result PEAP-TLV in response to received PEAP-TLV (TmListen.exe!ld!)

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

System errors:
=============
Error: (02/27/2014 10:57:25 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/24/2014 08:39:22 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/13/2014 03:46:22 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/11/2014 09:45:04 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/10/2014 08:29:04 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8E73B84E-EA5F-4D12-87CB-214B764CC45D}.
The backup browser is stopping.

Error: (02/03/2014 02:23:26 PM) (Source: TermServDevices) (User: )
Description: Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.

Microsoft Office Sessions:
=========================
Error: (02/28/2014 04:50:09 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: via.exe7.1.0.051cdfb7bmsvbvm60.dll6.0.98.24802a1860000ce380

Error: (02/26/2014 06:02:09 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: via.exe7.1.0.051cdfb7bcrqe.dll11.5.12.19774bcd745d0000152bf

Error: (02/11/2014 09:31:28 AM) (Source: Application Error)(User: )
Description: -483413774

Error: (02/11/2014 09:30:10 AM) (Source: Application Error)(User: )
Description: TmListen.exe18.0.0.2013TmSock.dll18.0.0.126700038af2

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (01/16/2014 07:32:13 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3574.07 MB
Available physical RAM: 2917.23 MB
Total Pagefile: 4934.54 MB
Available Pagefile: 4450.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:59.92 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 09F7A3EE)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Computer seems to run ok, but problem was intermitent before.



#13 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 07 March 2014 - 11:51 AM

Hello 83valentine,


1. Java
1.1 Uninstall old Java versions (if present):
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java Updates
  • Uninstall them all.
1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***


2. Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
Note to Vista | Windows 7/8 users, please right-click and select Run as Administrator.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***



How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo

#14 83valentine

83valentine

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 07 March 2014 - 05:50 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.07.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: RM4 [administrator]

3/7/2014 4:30:11 PM
mbam-log-2014-03-07 (16-30-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257860
Time elapsed: 11 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\administrator\Local Settings\Temporary Internet Files\Content.IE5\LMB2V5G7\InstallConverter_TSV15BKM5[1].exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

(end)

 

 

 

ESET did not find any threats

 

SETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=33b3de8a15b10d4bab916c16637c570c
# engine=17361
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-07 11:42:20
# local_time=2014-03-07 05:42:20 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=53507
# found=0
# cleaned=0
# scan_time=2640
 

 

The item found by malwarebytes is the one I origionally posted about needing help cleaning.



#15 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 08 March 2014 - 04:40 AM


Hello 83valentine,


1. Uninstall old versions:
Please go to Start > Control Panel > Add Remove Programs (XP)
Or Start > Control Panel > Programs and Features ( Vista | Windows 7/8 ).

Locate the following programs:
  • Adobe Reader 8, 9, 10
Uninstall them all.

2. Install these programs:
  • Install latest Adobe Reader:
  • Go to http://get.adobe.com.../otherversions/
  • Use the drop down menu's to select your operating system
  • Select your language > Select The current version of Adobe Reader for your language
  • Remove the check mark from the box "Install Chrome as standard browser and Google Toolbar for Internet explorer"
  • Click the Download button, and follow the onscreen directions to complete the installation.
3. Restart your pc:

How the computer is running now?
Any remaining issues?


***


Graduate of the WTT Classroom
Cheers,
Jo

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users