Jump to content

dutchboi

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by dutchboi

  1. What is the best CURRENT options to protect our company from Meltdown and Spectre? We have both Windows 2003 Server and Windows XP with Malwarebytes protection. Our company is in the process of migrating software and it is NECESSARY to keep these computers running with these specific operating systems for the next months to operate this until the migration is complete. Our current software will only operate on Windows 2003 server and Windows XP. Upgrading the operating system is not a viable option. Any timely help and guidance would be greatly appreciated. Thank you in advance.
  2. remove duplicate post, but respond to orginial

  3. I have been infected with Cryptowall 3.0. On the server, I have restored the encrypted filed from a previous backup. These drives were mapped to this infected computer. I have since removed the map while I clean this machine out as I understand this virus propagates through mapped drives. Is this true? I can not wipe with computer and need assistance in cleaning. . I was not able to get malwarebytes to run so I uninstalled it and tried to reinstall no no avail, I eventually got it to run once using mbam-clean-2.1.1.1001.exe and ran a full scan. It rebooted and and was unable to launch mbamgui.exe due to a software restriction policy again. I tried to launch malwarebytes manually and was unable to launch mbam.exe due to a software restriction policy again. I uninstalled using the malwarebyes cleaner and tried re-install malwarebytes agaain and and it would not install. No error provided. The install process did not start. I have a paid corporate license for all of out computers and I have not yet had a response yet via email. I am not sure if I am still infected So far these are the tools I have tried ( I realize I should have posted prior to attempting to clean. I apologize) Logs attached as well FRST.txt and addition.txt in the body of this post below. combofix rkill smitfraud hijack this jrt tds killer malwarebytes rootkit spyware scan online eset scan (see attached log along with logs for the above) After running the full scan with 1.75 it came up with one pup (this pup was from one of the tools I copied from my flash drive and has not been executed yet) see below: Malwarebytes Anti-Malware (Corporate) 1.75.0.1300www.malwarebytes.org Database version: v2015.02.28.06 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702gml1337 :: GLORIA2-XP [administrator] Protection: Enabled 2/28/2015 6:55:32 PMmbam-log-2015-02-28 (18-55-32).txt Scan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 467736Time elapsed: 59 minute(s), 32 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Documents and Settings\GML1337\Desktop\2-28-15\flash drive\Virus\Unlocker1.9.2.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. (end) __________________________________________________________________________________________ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01Ran by gml1337 (administrator) on GLORIA2-XP on 28-02-2015 12:54:40Running from C:\Documents and Settings\GML1337\Desktop\2-28-15Loaded Profiles: gml1337 (Available profiles: CMS0113 & gml1337 & Administrator & PJC0714)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Symantec Corporation) C:\Program Files\Symantec AntiVirus\Smc.exe(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE(Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe(Symantec Corporation) C:\Program Files\Symantec AntiVirus\SmcGui.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-04-28] (Symantec Corporation)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\RunOnce: [1] => X:\temp\Chris\2-28-15\glo\Chameleon\Windows\mbam-chameleon.exe [761656 2014-10-01] (MalwareBytes) <===== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTIONHKU\S-1-5-21-2545601776-398900742-3236737263-1146\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-26] (Google Inc.)Startup: C:\Documents and Settings\GML1337\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()Startup: C:\Documents and Settings\GML1337\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()Startup: C:\Documents and Settings\GML1337\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()InternetURL: C:\Documents and Settings\GML1337\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.torconnectpaycom/10gRY7z ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2545601776-398900742-3236737263-1146\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-2545601776-398900742-3236737263-1146\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-2545601776-398900742-3236737263-1146 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://frontrange.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/support/ieatgpc.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No FileFF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-11]FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ffFF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-21] Chrome: =======CHR Profile: C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-02]CHR Extension: (Google Docs) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-20]CHR Extension: (Google Drive) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-20]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-02]CHR Extension: (YouTube) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-20]CHR Extension: (Google Search) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-20]CHR Extension: (Google Sheets) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-02]CHR Extension: (Google Wallet) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-20]CHR Extension: (Gmail) - C:\Documents and Settings\GML1337\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-20] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-04-28] (Symantec Corporation)R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-04-28] (Symantec Corporation)R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-21] (Sun Microsystems, Inc.)S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2009-07-13] (Symantec Corporation)R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]R2 SmcService; C:\Program Files\Symantec AntiVirus\Smc.exe [1864888 2010-04-28] (Symantec Corporation)S4 SNAC; C:\Program Files\Symantec AntiVirus\SNAC.EXE [341320 2010-04-28] (Symantec Corporation)R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2477304 2010-04-28] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]S3 COH_Mon; C:\WINDOWS\system32\Drivers\COH_Mon.sys [23888 2010-04-28] (Symantec Corporation)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-08] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-08] (Symantec Corporation)R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2015-02-28] (Malwarebytes Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130405.069\NAVENG.SYS [93296 2013-01-16] (Symantec Corporation)R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130405.069\NAVEX15.SYS [1603824 2013-01-16] (Symantec Corporation)R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2010-04-28] (Symantec Corporation)R1 SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [281648 2010-04-28] (Symantec Corporation)S3 SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [320560 2010-04-28] (Symantec Corporation)R1 SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [43696 2010-04-28] (Symantec Corporation)R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2010-04-29] (Symantec Corporation)S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [26416 2010-04-28] (Symantec Corporation)R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [188080 2010-04-28] (Symantec Corporation)R3 catchme; \??\C:\DOCUME~1\GML1337\LOCALS~1\Temp\catchme.sys [X]S4 IntelIde; No ImagePathU5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 mbr; \??\C:\ComboFix\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-28 12:54 - 2015-02-28 12:54 - 00000000 ____D () C:\FRST2015-02-28 12:52 - 2015-02-28 12:52 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-02-28 12:52 - 2015-02-28 12:52 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy2015-02-28 12:50 - 2015-02-28 12:50 - 00000591 _____ () C:\Documents and Settings\GML1337\Desktop\JRT.txt2015-02-28 12:31 - 2015-02-28 12:55 - 00000000 ____D () C:\Documents and Settings\GML1337\Local Settings\temp2015-02-28 12:31 - 2015-02-28 12:31 - 00007041 _____ () C:\ComboFix.txt2015-02-28 12:31 - 2015-02-28 12:31 - 00000000 ____D () C:\Documents and Settings\PJC0714\Local Settings\temp2015-02-28 12:31 - 2015-02-28 12:31 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp2015-02-28 12:31 - 2015-02-28 12:31 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp2015-02-28 12:31 - 2015-02-28 12:31 - 00000000 ____D () C:\Documents and Settings\cms0113\Local Settings\temp2015-02-28 12:31 - 2015-02-28 12:31 - 00000000 ____D () C:\Documents and Settings\administrator\Local Settings\temp2015-02-28 11:48 - 2015-02-28 11:55 - 00000000 ____D () C:\AdwCleaner2015-02-28 11:12 - 2015-02-28 11:12 - 00000000 _RSHD () C:\cmdcons2015-02-28 11:12 - 2014-12-12 09:11 - 00000211 _____ () C:\Boot.bak2015-02-28 11:12 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr2015-02-28 11:09 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe2015-02-28 11:09 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe2015-02-28 11:09 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe2015-02-28 11:09 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe2015-02-28 11:09 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe2015-02-28 11:09 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe2015-02-28 11:09 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe2015-02-28 11:09 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe2015-02-28 11:09 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe2015-02-28 11:08 - 2015-02-28 12:31 - 00000000 ____D () C:\Qoobox2015-02-28 11:07 - 2015-02-28 11:29 - 00000000 ____D () C:\WINDOWS\erdnt2015-02-28 10:08 - 2015-02-28 12:54 - 00000000 ____D () C:\Documents and Settings\GML1337\Desktop\2-28-152015-02-28 10:07 - 2015-02-28 10:08 - 00000046 _____ () C:\WINDOWS\wiaservc.log2015-02-28 10:07 - 2015-02-28 10:07 - 00005264 _____ () C:\WINDOWS\setupapi.log2015-02-28 10:07 - 2015-02-28 10:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log2015-02-28 10:07 - 2015-02-28 10:07 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log2015-02-28 09:17 - 2015-02-28 09:17 - 00000000 ____D () C:\Documents and Settings\GML1337\Desktop\2-28-15 backup2015-02-27 17:32 - 2015-02-27 17:32 - 00008630 _____ () C:\Documents and Settings\GML1337\Desktop\HELP_DECRYPT.HTML2015-02-27 17:32 - 2015-02-27 17:32 - 00004258 _____ () C:\Documents and Settings\GML1337\Desktop\HELP_DECRYPT.TXT2015-02-27 17:32 - 2015-02-27 17:32 - 00000292 _____ () C:\Documents and Settings\GML1337\Desktop\HELP_DECRYPT.URL2015-02-27 14:14 - 2015-02-27 14:14 - 00008630 _____ () C:\HELP_DECRYPT.HTML2015-02-27 14:14 - 2015-02-27 14:14 - 00004258 _____ () C:\HELP_DECRYPT.TXT2015-02-27 14:14 - 2015-02-27 14:14 - 00000292 _____ () C:\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\PJC0714\Local Settings\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\PJC0714\Local Settings\Application Data\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\PJC0714\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\PJC0714\Application Data\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00008630 _____ () C:\Documents and Settings\GML1337\HELP_DECRYPT.HTML2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\PJC0714\Local Settings\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\PJC0714\Local Settings\Application Data\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\PJC0714\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\PJC0714\Application Data\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00004258 _____ () C:\Documents and Settings\GML1337\HELP_DECRYPT.TXT2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\PJC0714\Local Settings\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\PJC0714\Local Settings\Application Data\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\PJC0714\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\PJC0714\Application Data\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\HELP_DECRYPT.URL2015-02-27 14:06 - 2015-02-27 14:06 - 00000292 _____ () C:\Documents and Settings\GML1337\HELP_DECRYPT.URL2015-02-27 14:05 - 2015-02-27 14:05 - 00008630 _____ () C:\Documents and Settings\GML1337\My Documents\HELP_DECRYPT.HTML2015-02-27 14:05 - 2015-02-27 14:05 - 00004258 _____ () C:\Documents and Settings\GML1337\My Documents\HELP_DECRYPT.TXT2015-02-27 14:05 - 2015-02-27 14:05 - 00000292 _____ () C:\Documents and Settings\GML1337\My Documents\HELP_DECRYPT.URL2015-02-27 14:03 - 2015-02-27 14:03 - 00008630 _____ () C:\Documents and Settings\GML1337\Local Settings\HELP_DECRYPT.HTML2015-02-27 14:03 - 2015-02-27 14:03 - 00008630 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\HELP_DECRYPT.HTML2015-02-27 14:03 - 2015-02-27 14:03 - 00004258 _____ () C:\Documents and Settings\GML1337\Local Settings\HELP_DECRYPT.TXT2015-02-27 14:03 - 2015-02-27 14:03 - 00004258 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\HELP_DECRYPT.TXT2015-02-27 14:03 - 2015-02-27 14:03 - 00000292 _____ () C:\Documents and Settings\GML1337\Local Settings\HELP_DECRYPT.URL2015-02-27 14:03 - 2015-02-27 14:03 - 00000292 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\HELP_DECRYPT.URL2015-02-27 13:57 - 2015-02-27 13:57 - 00008630 _____ () C:\Documents and Settings\GML1337\Application Data\HELP_DECRYPT.HTML2015-02-27 13:57 - 2015-02-27 13:57 - 00004258 _____ () C:\Documents and Settings\GML1337\Application Data\HELP_DECRYPT.TXT2015-02-27 13:57 - 2015-02-27 13:57 - 00000292 _____ () C:\Documents and Settings\GML1337\Application Data\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\cms0113\Local Settings\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\cms0113\Local Settings\Application Data\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\cms0113\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\cms0113\Application Data\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00008630 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\cms0113\Local Settings\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\cms0113\Local Settings\Application Data\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\cms0113\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\cms0113\Application Data\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00004258 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\cms0113\Local Settings\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\cms0113\Local Settings\Application Data\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\cms0113\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\cms0113\Application Data\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 00000292 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL2015-02-27 13:25 - 2015-02-27 13:25 - 00008630 _____ () C:\Documents and Settings\administrator\Local Settings\HELP_DECRYPT.HTML2015-02-27 13:25 - 2015-02-27 13:25 - 00008630 _____ () C:\Documents and Settings\administrator\Local Settings\Application Data\HELP_DECRYPT.HTML2015-02-27 13:25 - 2015-02-27 13:25 - 00008630 _____ () C:\Documents and Settings\administrator\HELP_DECRYPT.HTML2015-02-27 13:25 - 2015-02-27 13:25 - 00008630 _____ () C:\Documents and Settings\administrator\Application Data\HELP_DECRYPT.HTML2015-02-27 13:25 - 2015-02-27 13:25 - 00004258 _____ () C:\Documents and Settings\administrator\Local Settings\HELP_DECRYPT.TXT2015-02-27 13:25 - 2015-02-27 13:25 - 00004258 _____ () C:\Documents and Settings\administrator\Local Settings\Application Data\HELP_DECRYPT.TXT2015-02-27 13:25 - 2015-02-27 13:25 - 00004258 _____ () C:\Documents and Settings\administrator\HELP_DECRYPT.TXT2015-02-27 13:25 - 2015-02-27 13:25 - 00004258 _____ () C:\Documents and Settings\administrator\Application Data\HELP_DECRYPT.TXT2015-02-27 13:25 - 2015-02-27 13:25 - 00000292 _____ () C:\Documents and Settings\administrator\Local Settings\HELP_DECRYPT.URL2015-02-27 13:25 - 2015-02-27 13:25 - 00000292 _____ () C:\Documents and Settings\administrator\Local Settings\Application Data\HELP_DECRYPT.URL2015-02-27 13:25 - 2015-02-27 13:25 - 00000292 _____ () C:\Documents and Settings\administrator\HELP_DECRYPT.URL2015-02-27 13:25 - 2015-02-27 13:25 - 00000292 _____ () C:\Documents and Settings\administrator\Application Data\HELP_DECRYPT.URL ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-28 12:39 - 2012-08-03 10:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-02-28 12:31 - 2010-01-11 11:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-28 12:28 - 2004-08-04 05:00 - 00000227 _____ () C:\WINDOWS\system.ini2015-02-28 12:18 - 2010-01-11 11:46 - 00032486 _____ () C:\WINDOWS\SchedLgU.Txt2015-02-28 12:07 - 2014-03-28 07:08 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2015-02-28 12:07 - 2010-04-26 17:07 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-28 12:07 - 2010-01-11 13:54 - 00000152 _____ () C:\WINDOWS\system32\config\netlogon.ftl2015-02-28 12:07 - 2004-08-04 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl2015-02-28 12:01 - 2010-01-11 11:07 - 02027389 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-28 11:58 - 2010-01-11 11:06 - 00000000 ____D () C:\WINDOWS\system32\Restore2015-02-28 11:56 - 2010-01-11 13:55 - 00000278 ___SH () C:\Documents and Settings\GML1337\ntuser.ini2015-02-28 11:56 - 2010-01-11 13:55 - 00000000 ____D () C:\Documents and Settings\GML13372015-02-28 11:33 - 2010-01-11 16:47 - 00000283 _____ () C:\WINDOWS\hpbafd.ini2015-02-28 11:30 - 2010-01-11 05:44 - 00000000 ____D () C:\WINDOWS\repair2015-02-28 11:12 - 2010-01-11 05:50 - 00000327 __RSH () C:\boot.ini2015-02-28 10:56 - 2010-01-11 13:55 - 00000000 __SHD () C:\WINDOWS\CSC2015-02-28 10:19 - 2010-04-26 17:07 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-28 09:23 - 2010-01-11 05:51 - 00263824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-02-27 16:06 - 2014-08-20 15:18 - 00032039 _____ () C:\WINDOWS\pvsw.log2015-02-27 16:04 - 2010-01-11 16:30 - 00000000 ____D () C:\PFW2015-02-27 14:14 - 2010-01-13 11:07 - 00000000 ____D () C:\SLIMCD2015-02-27 14:14 - 2010-01-11 16:36 - 00000000 ____D () C:\PVSW2015-02-27 14:06 - 2010-01-11 12:03 - 00000000 ____D () C:\Documents and Settings\PJC07142015-02-27 14:06 - 2010-01-11 11:46 - 00000000 __SHD () C:\Documents and Settings\LocalService2015-02-27 14:02 - 2015-01-14 13:23 - 00000000 ____D () C:\Documents and Settings\GML1337\Desktop\ALL PO'S E-MAILED2015-02-27 14:02 - 2013-11-20 11:56 - 00000000 ____D () C:\Documents and Settings\GML1337\Desktop\REPORTS2015-02-27 13:57 - 2010-01-11 17:09 - 00000000 ____D () C:\Documents and Settings\GML1337\Application Data\Sun2015-02-27 13:50 - 2013-10-25 07:49 - 00000000 ____D () C:\Documents and Settings\cms01132015-02-27 13:50 - 2010-01-13 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec2015-02-27 13:50 - 2010-01-11 16:47 - 00000000 ____D () C:\Documents and Settings\GML1337\Application Data\Adobe2015-02-27 13:49 - 2010-10-22 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes2015-02-27 13:25 - 2014-10-10 08:59 - 00000000 ____D () C:\Documents and Settings\administrator2015-02-27 13:25 - 2010-01-11 11:09 - 00000000 ____D () C:\DELL2015-02-20 16:43 - 2010-01-11 16:28 - 00068256 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2015-02-20 16:42 - 2010-01-11 15:12 - 00000000 ____D () C:\Program Files\Microsoft Office2015-02-20 16:42 - 2010-01-11 05:52 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2015-02-20 00:20 - 2013-04-16 14:44 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2015-02-19 15:26 - 2010-01-13 10:52 - 00002399 _____ () C:\Documents and Settings\GML1337\Desktop\Crystal Reports 10 for Sage.lnk2015-02-18 09:58 - 2014-10-13 07:18 - 00151024 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2015-02-11 03:05 - 2013-08-14 02:07 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-02-11 03:00 - 2010-01-11 14:59 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-02-08 15:00 - 2014-03-28 07:08 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2015-02-04 20:39 - 2012-04-10 11:33 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-02-04 20:39 - 2011-10-24 13:43 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-01-30 16:57 - 2011-09-20 13:59 - 00000668 _____ () C:\Documents and Settings\GML1337\Desktop\2013.lnk ==================== Files in the root of some directories ======= 2010-01-11 16:35 - 2010-01-11 16:35 - 0000190 _____ () C:\Program Files\Common Files\psasetup.log2015-02-27 13:57 - 2015-02-27 13:57 - 0008630 _____ () C:\Documents and Settings\GML1337\Application Data\HELP_DECRYPT.HTML2015-02-27 13:57 - 2015-02-27 13:57 - 0046057 _____ () C:\Documents and Settings\GML1337\Application Data\HELP_DECRYPT.PNG2015-02-27 13:57 - 2015-02-27 13:57 - 0004258 _____ () C:\Documents and Settings\GML1337\Application Data\HELP_DECRYPT.TXT2015-02-27 13:57 - 2015-02-27 13:57 - 0000292 _____ () C:\Documents and Settings\GML1337\Application Data\HELP_DECRYPT.URL2014-12-14 03:12 - 2014-12-14 03:12 - 0000664 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\d3d9caps.dat2015-02-27 14:03 - 2015-02-27 14:03 - 0008630 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\HELP_DECRYPT.HTML2015-02-27 14:03 - 2015-02-27 14:03 - 0046057 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\HELP_DECRYPT.PNG2015-02-27 14:03 - 2015-02-27 14:03 - 0004258 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\HELP_DECRYPT.TXT2015-02-27 14:03 - 2015-02-27 14:03 - 0000292 _____ () C:\Documents and Settings\GML1337\Local Settings\Application Data\HELP_DECRYPT.URL2015-02-27 13:50 - 2015-02-27 13:50 - 0008630 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML2015-02-27 13:50 - 2015-02-27 13:50 - 0046057 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG2015-02-27 13:50 - 2015-02-27 13:50 - 0004258 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.TXT2015-02-27 13:50 - 2015-02-27 13:50 - 0000292 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL Files to move or delete:====================X:\temp\Chris\2-28-15\glo\Chameleon\Windows\mbam-chameleon.exe Some zero byte size files/folders:==========================C:\Windows\System32\dhbavu.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ __________________________________________________________________________________- Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01Ran by gml1337 at 2015-02-28 12:55:53Running from C:\Documents and Settings\GML1337\Desktop\2-28-15Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Symantec Endpoint Protection (Enabled - Out of date) {FB06448E-52B8-493A-90F3-E43226D3305C} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Compliance for GoldMine (HKLM\...\ST6UNST #1) (Version: - )Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )Crystal Reports 10 for Sage (HKLM\...\{A0DB4D2C-E85B-4C23-A4F2-F1B95D3C3BE8}) (Version: 10.0.0.53327 - Crystal Decisions, Inc.)GoldMine (HKLM\...\{96EECA13-5877-46D3-AF4D-3FEE97F5F5F9}) (Version: 8.5.2.8 - FrontRange Solutions USA)Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.26.9 - Google Inc.) HiddenIntel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )J2SE Runtime Environment 5.0 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)Java 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)LiveUpdate 3.3 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.92 - Symantec Corporation)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2545601776-398900742-3236737263-1146\...\Octoshape add-in for Adobe Flash Player) (Version: - )OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) HiddenPervasive PSQL OLEDB (HKLM\...\Pervasive PSQL OLEDB_is1) (Version: - Pervasive Software)Pervasive System Analyzer (HKLM\...\Pervasive System Analyzer) (Version: - )Pervasive.SQL 9 SP1 Client for Windows (9.1) (HKLM\...\{1105C4D0-518B-4223-A2DC-1F889E9D2CA9}) (Version: 9.10.999.999 - Pervasive Software Inc.)Sage PFW 5.5 Client (HKLM\...\{44738484-F692-448F-AC67-088196EDBCCA}) (Version: 5.5 - Sage Software)SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)STC Utilities (HKLM\...\STC Utilities) (Version: - )Symantec Endpoint Protection (HKLM\...\{2EFCC193-D915-4CCB-9201-31773A27BC06}) (Version: 11.0.5002.333 - Symantec Corporation)Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWindows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 28-02-2015 11:59:01 System Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-04 05:00 - 2015-02-28 11:27 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============== ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2545601776-398900742-3236737263-1146\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\GML1337\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmpDNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exeMSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-57989841-1085031214-725345543-500 - Administrator - Enabled)Guest (S-1-5-21-57989841-1085031214-725345543-501 - Limited - Disabled)HelpAssistant (S-1-5-21-57989841-1085031214-725345543-1000 - Limited - Disabled)PJC0714 (S-1-5-21-57989841-1085031214-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\PJC0714SUPPORT_388945a0 (S-1-5-21-57989841-1085031214-725345543-1002 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/28/2015 00:07:33 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. Error: (02/28/2015 00:04:01 PM) (Source: AutoEnrollment) (EventID: 15) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007003a). The specified server cannot perform the requested operation. Enrollment will not be performed. Error: (02/28/2015 00:03:16 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. Error: (02/28/2015 11:55:41 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: SSETECHNOLOGIES)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec AntiVirus\SmcGui.exeEvent Info: Terminate ProcessAction Taken: LoggedActor Process: C:\Documents and Settings\GML1337\Desktop\2-28-15\AdwCleaner.exe (PID 440)Time: Saturday, February 28, 2015 11:55:41 AM Error: (02/28/2015 11:55:40 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: SSETECHNOLOGIES)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec AntiVirus\SmcGui.exeEvent Info: Terminate ProcessAction Taken: LoggedActor Process: C:\Documents and Settings\GML1337\Desktop\2-28-15\AdwCleaner.exe (PID 440)Time: Saturday, February 28, 2015 11:55:40 AM Error: (02/28/2015 11:06:13 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. Error: (02/28/2015 11:02:38 AM) (Source: AutoEnrollment) (EventID: 15) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007003a). The specified server cannot perform the requested operation. Enrollment will not be performed. Error: (02/28/2015 11:01:55 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. Error: (02/28/2015 10:25:55 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted. Error: (02/28/2015 10:21:07 AM) (Source: AutoEnrollment) (EventID: 15) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007003a). The specified server cannot perform the requested operation. Enrollment will not be performed. System errors:=============Error: (02/28/2015 10:11:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (02/28/2015 10:11:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). Error: (02/28/2015 09:24:17 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""in order to run the server:{4991D34B-80A1-4291-83B6-3328366B9097} Error: (02/28/2015 09:18:39 AM) (Source: DCOM) (EventID: 10005) (User: SSETECHNOLOGIES)Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""in order to run the server:{4991D34B-80A1-4291-83B6-3328366B9097} Error: (02/28/2015 09:18:38 AM) (Source: DCOM) (EventID: 10005) (User: SSETECHNOLOGIES)Description: DCOM got error "%%1058" attempting to start the service BITS with arguments ""in order to run the server:{4991D34B-80A1-4291-83B6-3328366B9097} Error: (02/13/2015 10:52:03 AM) (Source: W32Time) (EventID: 29) (User: )Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes.NtpClient has no source of accurate time. Error: (02/13/2015 10:51:55 AM) (Source: Dhcp) (EventID: 1002) (User: )Description: The IP address lease 192.168.1.64 for the Network Card with network address 0013728DC181 has beendenied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Microsoft Office Sessions:=========================Error: (02/28/2015 00:56:38 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: The RPC server is unavailable. Error: (02/28/2015 00:07:33 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: The RPC server is unavailable. Error: (02/28/2015 00:04:01 PM) (Source: AutoEnrollment) (EventID: 15) (User: )Description: local system0x8007003aThe specified server cannot perform the requested operation. Error: (02/28/2015 00:03:16 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: The RPC server is unavailable. Error: (02/28/2015 11:55:41 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: SSETECHNOLOGIES)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec AntiVirus\SmcGui.exeEvent Info: Terminate ProcessAction Taken: LoggedActor Process: C:\Documents and Settings\GML1337\Desktop\2-28-15\AdwCleaner.exe (PID 440)Time: Saturday, February 28, 2015 11:55:41 AM Error: (02/28/2015 11:55:40 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: SSETECHNOLOGIES)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec AntiVirus\SmcGui.exeEvent Info: Terminate ProcessAction Taken: LoggedActor Process: C:\Documents and Settings\GML1337\Desktop\2-28-15\AdwCleaner.exe (PID 440)Time: Saturday, February 28, 2015 11:55:40 AM Error: (02/28/2015 11:06:13 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: The RPC server is unavailable. Error: (02/28/2015 11:02:38 AM) (Source: AutoEnrollment) (EventID: 15) (User: )Description: local system0x8007003aThe specified server cannot perform the requested operation. Error: (02/28/2015 11:01:55 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: The RPC server is unavailable. Error: (02/28/2015 10:25:55 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)Description: The RPC server is unavailable. ==================== Memory info =========================== Processor: Intel® Celeron® CPU 2.66GHzPercentage of memory in use: 43%Total physical RAM: 2038.07 MBAvailable physical RAM: 1158.29 MBTotal Pagefile: 3931.02 MBAvailable Pagefile: 3385 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1936.44 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.04 GB) (Free:133.63 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive p: () (Network) (Total:55.67 GB) (Free:8.5 GB) Drive s: () (Network) (Total:260.16 GB) (Free:47.73 GB) Drive x: () (Network) (Total:260.16 GB) (Free:47.73 GB) ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 8B653A34)Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================ eset scan log.txt glo combofix log.txt hijackthis.log JRT.txt JRT_1.txt log.txt online scanner.txt rapport.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.