Jump to content

blocked malicious website outgoing help


Recommended Posts

I'm new to all of this and I guess I stared this in the wrong place, so i will try agan.

 

I have read several posts with similar issues but would like help so I don’t mess this up.

Malwarebytes keeps popping up every 10 seconds with this message.  Malwarebytes Anti-Malware successfully blocked access to a potentially malicious website: 95.211.194.79 the majority of the time, and a few times 199.21.148.108.  Both type: outgoing.  It happens while on the internet or not.  I have run Malwarebytes, full and quick scans, with zero threats/issues.  Yet the problem continues.  I then ran Malwarebytes Anti-Rootkit which quarantined Trojan.Siredef.C, which I then deleted.  This also did not fix the problem.  I downloaded and ran the dds.scr the info is below.  Any help to resolve this issue would be appreciated.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by Administrator at 12:34:55 on 2013-07-10
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.246 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = localhost
uURLSearchHooks:  - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Freecause Toolbar BHO: {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} -
BHO: GetSavin 5.0: {6B2B7A49-2CC2-4977-B9AF-73251AF22CC6} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Dogpile Toolbar: {C53FE659-316A-4F56-A194-A5BE491BE866} -
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - <orphaned>
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -


TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7F608D78-3FF6-44AA-AE3E-DB3AA992DE7C} : DHCPNameServer = 209.18.47.61 209.18.47.62
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 BayerHealthcareService;BayerHealthcareService;c:\program files\bayer healthcare smartlaunch\bin\BayerHCService.exe [2012-5-21 134584]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-1 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-6 701512]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-6 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-10 40776]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-7-10 35144]
.
=============== Created Last 30 ================
.
2013-07-10 16:21:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-10 15:00:01 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-07-10 01:12:13 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-07-10 01:11:58 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{5586067b-cdee-4d15-b72e-228456be75eb}\mpengine.dll
2013-07-10 01:11:56 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-10 00:55:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
.
==================== Find3M  ====================
.
2013-06-12 00:46:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 00:46:17 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-16 04:09:53 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-04-16 04:09:50 82432 ----a-w- c:\windows\system32\msxml4r.dll
.
============= FINISH: 12:35:41.21 ===============

 

 

 

 

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/3/2010 5:38:12 PM
System Uptime: 7/10/2013 12:12:59 PM (0 hours ago)
.
Motherboard: Dell Inc.           |  | 0YC523
Processor:               Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 78.729 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FDS1____\5&286E6A4&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD-ROM DDU1615
PNP Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FDS1____\5&286E6A4&0&0.0.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GWA4164B_______________D108____\5&286E6A4&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVD+-RW GWA4164B
PNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GWA4164B_______________D108____\5&286E6A4&0&0.1.0
Service: cdrom
.
==== System Restore Points ===================
.
RP878: 4/12/2013 6:19:14 AM - System Checkpoint
RP879: 4/13/2013 6:40:14 AM - System Checkpoint
RP880: 4/14/2013 7:40:17 AM - System Checkpoint
RP881: 4/15/2013 8:40:11 AM - System Checkpoint
RP882: 4/16/2013 12:20:11 AM - Software Distribution Service 3.0
RP883: 4/16/2013 12:27:45 AM - Software Distribution Service 3.0
RP884: 4/17/2013 8:24:21 AM - System Checkpoint
RP885: 4/19/2013 3:07:52 AM - System Checkpoint
RP886: 4/20/2013 11:28:22 AM - System Checkpoint
RP887: 4/21/2013 9:41:25 PM - System Checkpoint
RP888: 4/23/2013 3:09:22 AM - System Checkpoint
RP889: 4/24/2013 4:09:23 AM - System Checkpoint
RP890: 4/25/2013 4:09:44 AM - System Checkpoint
RP891: 4/26/2013 5:09:43 AM - System Checkpoint
RP892: 4/27/2013 8:24:19 AM - System Checkpoint
RP893: 4/28/2013 11:17:24 AM - System Checkpoint
RP894: 4/29/2013 7:41:30 PM - System Checkpoint
RP895: 4/30/2013 3:00:16 PM - Installed DirectX
RP896: 5/1/2013 4:32:20 PM - System Checkpoint
RP897: 5/2/2013 5:04:26 PM - System Checkpoint
RP898: 5/3/2013 5:35:51 PM - System Checkpoint
RP899: 5/4/2013 6:29:08 PM - System Checkpoint
RP900: 5/5/2013 7:08:34 PM - System Checkpoint
RP901: 5/6/2013 7:09:16 PM - System Checkpoint
RP902: 5/7/2013 8:04:30 PM - System Checkpoint
RP903: 5/8/2013 8:06:23 PM - System Checkpoint
RP904: 5/9/2013 8:28:57 PM - System Checkpoint
RP905: 5/10/2013 8:43:10 PM - System Checkpoint
RP906: 5/11/2013 9:26:41 PM - System Checkpoint
RP907: 5/13/2013 12:45:46 AM - System Checkpoint
RP908: 5/14/2013 1:26:38 AM - System Checkpoint
RP909: 5/15/2013 1:52:06 AM - System Checkpoint
RP910: 5/15/2013 9:45:26 AM - Software Distribution Service 3.0
RP911: 5/16/2013 11:56:50 AM - System Checkpoint
RP912: 5/17/2013 1:01:13 PM - System Checkpoint
RP913: 5/18/2013 1:24:36 PM - System Checkpoint
RP914: 5/19/2013 1:29:34 PM - System Checkpoint
RP915: 5/20/2013 4:21:26 PM - System Checkpoint
RP916: 5/20/2013 9:00:14 PM - Installed %1 %2.
RP917: 5/21/2013 9:26:01 PM - Software Distribution Service 3.0
RP918: 5/21/2013 9:57:19 PM - Software Distribution Service 3.0
RP919: 5/21/2013 10:17:47 PM - Printer Driver Microsoft XPS Document Writer Installed
RP920: 5/22/2013 1:16:31 PM - Software Distribution Service 3.0
RP921: 5/23/2013 1:36:16 PM - System Checkpoint
RP922: 5/24/2013 1:42:03 PM - System Checkpoint
RP923: 5/25/2013 3:13:36 PM - System Checkpoint
RP924: 5/26/2013 3:22:57 PM - System Checkpoint
RP925: 5/28/2013 2:42:26 AM - System Checkpoint
RP926: 5/28/2013 9:44:29 PM - Installed Windows Media Player 11
RP927: 5/28/2013 9:46:13 PM - Installed Windows XP MSCompPackV1.
RP928: 5/28/2013 10:51:13 PM - Software Distribution Service 3.0
RP929: 5/29/2013 11:42:46 PM - System Checkpoint
RP930: 5/31/2013 12:16:37 AM - System Checkpoint
RP931: 6/1/2013 12:53:38 AM - System Checkpoint
RP932: 6/2/2013 1:33:58 PM - System Checkpoint
RP933: 6/3/2013 2:31:43 PM - System Checkpoint
RP934: 6/4/2013 4:21:44 PM - System Checkpoint
RP935: 6/5/2013 4:58:08 PM - System Checkpoint
RP936: 6/6/2013 5:25:42 PM - System Checkpoint
RP937: 6/7/2013 5:56:55 PM - System Checkpoint
RP938: 6/8/2013 5:59:50 PM - System Checkpoint
RP939: 6/9/2013 6:36:45 PM - System Checkpoint
RP940: 6/10/2013 7:00:26 PM - System Checkpoint
RP941: 6/11/2013 7:28:05 PM - System Checkpoint
RP942: 6/12/2013 8:46:38 AM - Software Distribution Service 3.0
RP943: 6/13/2013 8:25:55 PM - System Checkpoint
RP944: 6/15/2013 10:45:32 AM - System Checkpoint
RP945: 6/16/2013 11:39:36 AM - System Checkpoint
RP946: 6/17/2013 4:01:09 PM - System Checkpoint
RP947: 6/19/2013 7:02:17 PM - System Checkpoint
RP948: 6/20/2013 11:12:14 PM - System Checkpoint
RP949: 6/22/2013 2:40:08 PM - System Checkpoint
RP950: 6/23/2013 6:51:17 PM - System Checkpoint
RP951: 6/25/2013 7:55:49 PM - System Checkpoint
RP952: 6/26/2013 8:37:51 PM - System Checkpoint
RP953: 6/28/2013 1:14:15 AM - System Checkpoint
RP954: 6/29/2013 2:05:45 AM - System Checkpoint
RP955: 6/30/2013 2:59:40 AM - System Checkpoint
RP956: 7/1/2013 2:18:06 PM - System Checkpoint
RP957: 7/2/2013 7:45:54 PM - System Checkpoint
RP958: 7/3/2013 10:40:06 PM - System Checkpoint
RP959: 7/5/2013 2:22:24 PM - System Checkpoint
RP960: 7/6/2013 5:03:33 PM - System Checkpoint
RP961: 7/7/2013 11:41:47 PM - System Checkpoint
RP962: 7/9/2013 2:47:32 PM - System Checkpoint
RP963: 7/9/2013 9:09:58 PM - Installed Windows Defender
RP964: 7/9/2013 9:11:48 PM - Software Distribution Service 3.0
RP965: 7/10/2013 11:28:23 AM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709a
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Angkor
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI Parental Control
Azteca
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Chameleon Gems
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Dell Resource CD
Destination Component
DeviceDiscovery
Diamond Drop 2
Discovery! A Seek and Find Adventure
DocMgr
DocProc
Dr Wise - Medical Mysteries
ESPNMotion
Fairy Jewels
Fax
Flip Words
Flower Paradise
Free M4a to MP3 Converter 7.2
GetSavin
Glucofacts
GLUCOFACTS® Deluxe
Google Chrome
Google Update Helper
GPBaseService2
High Definition Audio Driver Package - KB835221
HitmanPro 3.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Java 7 Update 7
Java Auto Updater
Magic Encyclopedia
MahJong Quest 3 The Balance of life
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
MSN
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 12.0
ProductContext
QuickTime
Righteous Kill
Scan
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Sonic Encoders
Spellagories
Status
The Lost Cases of Sherlock Holmes
The Secret of Margrave Manor
The Treasures of Montezuma
Toolbox
TrayApp
Trivia Machine
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Virtual Villagers 2: The Lost Children
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Women's Murder Club_ Death in Scarlet
World Mosaics
YTD Video Downloader 4.0
.
==== Event Viewer Messages From Past Week ========
.
7/6/2013 2:58:04 AM, error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
7/10/2013 10:26:19 AM, error: System Error [1003]  - Error code 10000050, parameter1 f0f7f000, parameter2 00000001, parameter3 8053a743, parameter4 00000000.
.
==== End Of File ===========================

 

Link to post
Share on other sites

download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     

 

Kevin

Link to post
Share on other sites

Kevin

 

Great I found the right place to post.  I ran Farbar 32 bit and the files are below. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-07-2013 01
Ran by Administrator (administrator) on 10-07-2013 14:20:35
Running from C:\Documents and Settings\Administrator\Desktop\david\computer program tools
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-03-29] (ATI Technologies, Inc.)
HKLM\...\Run: [sigmatelSysTrayApp] - stsystra.exe [x]
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Defender] - "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-03] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\snsivsy\scrjkbd\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: Freecause Toolbar BHO - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - C:\Program Files\Dogpile Toolbar\Toolbar.dll No File
BHO: GetSavin 5.0 - {6B2B7A49-2CC2-4977-B9AF-73251AF22CC6} - C:\Documents and Settings\Administrator\Local Settings\Application Data\getsavin\ie\getsavin_1362627001.dll No File
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Dogpile Toolbar - {C53FE659-316A-4F56-A194-A5BE491BE866} - C:\Program Files\Dogpile Toolbar\Toolbar.dll No File
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Chrome:
=======

CHR RestoreOnStartup:   "urls_to_restore_on_startup": [
CHR Extension: (ChromeUpdateManager) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0
CHR Extension: (Amazing Coupons) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2005-03-29] ()
R2 BayerHealthcareService; C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [134584 2012-05-21] (Bayer Healthcare LLC)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-16] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-16] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1035264 2005-03-29] (ATI Technologies Inc.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57536 2008-05-01] (FTDI Ltd.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-07-09] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-07-09] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-07-09] (HP)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2013-07-10] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
S4 IntelIde; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-07-10 14:20 - 2013-07-10 14:20 - 00000000 ____D C:\FRST
2013-07-10 12:35 - 2013-07-10 12:35 - 00021168 ____A C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-07-10 12:35 - 2013-07-10 12:35 - 00008179 ____A C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-07-10 11:00 - 2013-07-10 11:00 - 00035144 ____A C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-07-09 21:13 - 2013-07-10 12:16 - 00000330 ___AH C:\WINDOWS\Tasks\MP Scheduled Scan.job
2013-07-09 21:11 - 2013-05-02 02:06 - 00238872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-07-09 21:10 - 2013-07-09 21:10 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 20:55 - 2013-07-10 11:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-30 15:16 - 2013-06-30 23:13 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\old items to burn to cd
2013-06-30 14:14 - 2013-06-30 14:14 - 00090112 ____A C:\WINDOWS\Minidump\Mini063013-01.dmp
2013-06-12 08:50 - 2013-06-12 08:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-06-12 08:46 - 2013-06-12 08:47 - 00010976 ____A C:\WINDOWS\KB2838727-IE8.log
2013-06-12 08:41 - 2013-06-12 08:51 - 00013843 ____A C:\WINDOWS\KB2839229.log

==================== One Month Modified Files and Folders =======

2013-07-10 14:20 - 2013-07-10 14:20 - 00000000 ____D C:\FRST
2013-07-10 14:14 - 2012-08-22 12:44 - 00000900 ____A C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-10 13:46 - 2012-06-04 08:57 - 00000830 ____A C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-10 13:30 - 2010-08-03 17:33 - 01060080 ____A C:\WINDOWS\WindowsUpdate.log
2013-07-10 12:35 - 2013-07-10 12:35 - 00021168 ____A C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-07-10 12:35 - 2013-07-10 12:35 - 00008179 ____A C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-07-10 12:16 - 2013-07-09 21:13 - 00000330 ___AH C:\WINDOWS\Tasks\MP Scheduled Scan.job
2013-07-10 12:13 - 2012-08-22 12:44 - 00000896 ____A C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-10 12:13 - 2010-08-03 17:39 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-07-10 12:13 - 2010-08-03 17:39 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-07-10 12:13 - 2010-08-03 17:39 - 00000006 ___AH C:\WINDOWS\Tasks\SA.DAT
2013-07-10 12:13 - 2010-08-03 17:38 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-07-10 12:13 - 2010-08-03 17:31 - 00000000 ____D C:\WINDOWS\Registration
2013-07-10 12:13 - 2010-08-03 14:12 - 00000159 ____A C:\WINDOWS\wiadebug.log
2013-07-10 12:13 - 2010-08-03 14:12 - 00000049 ____A C:\WINDOWS\wiaservc.log
2013-07-10 12:12 - 2010-08-03 17:39 - 00032354 ____A C:\WINDOWS\SchedLgU.Txt
2013-07-10 12:12 - 2010-08-03 17:39 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-07-10 11:34 - 2011-01-05 12:46 - 00000438 ___AH C:\WINDOWS\Tasks\User_Feed_Synchronization-{740C1768-AA55-4524-A732-9BD80EFED359}.job
2013-07-10 11:29 - 2010-08-03 12:06 - 00526554 ____A C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-10 11:28 - 2013-07-09 20:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-10 11:00 - 2013-07-10 11:00 - 00035144 ____A C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-07-09 21:10 - 2013-07-09 21:10 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 21:07 - 2004-08-10 07:00 - 00002206 ____A C:\WINDOWS\system32\wpa.dbl
2013-07-09 20:17 - 2013-03-07 18:09 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-07-09 20:17 - 2013-03-07 18:09 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-08 19:32 - 2010-08-03 17:31 - 00124385 ____A C:\WINDOWS\wmsetup.log
2013-07-08 19:31 - 2013-02-07 10:38 - 00068791 ____A C:\WINDOWS\setupapi.log
2013-07-01 16:33 - 2011-05-13 18:56 - 00147456 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-30 23:45 - 2011-07-07 15:25 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\david
2013-06-30 23:13 - 2013-06-30 15:16 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\old items to burn to cd
2013-06-30 15:31 - 2010-08-06 13:43 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Scans
2013-06-30 14:14 - 2013-06-30 14:14 - 00090112 ____A C:\WINDOWS\Minidump\Mini063013-01.dmp
2013-06-30 14:14 - 2013-03-23 14:03 - 00000000 ____D C:\WINDOWS\Minidump
2013-06-12 08:51 - 2013-06-12 08:41 - 00013843 ____A C:\WINDOWS\KB2839229.log
2013-06-12 08:51 - 2010-08-03 12:06 - 01878889 ____A C:\WINDOWS\iis6.log
2013-06-12 08:51 - 2010-08-03 12:06 - 01738069 ____A C:\WINDOWS\FaxSetup.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00853316 ____A C:\WINDOWS\ocgen.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00806428 ____A C:\WINDOWS\tsoc.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00588285 ____A C:\WINDOWS\comsetup.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00528940 ____A C:\WINDOWS\msmqinst.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00357676 ____A C:\WINDOWS\ntdtcsetup.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00320221 ____A C:\WINDOWS\netfxocm.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00206939 ____A C:\WINDOWS\MedCtrOC.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00200676 ____A C:\WINDOWS\plusoc.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00097307 ____A C:\WINDOWS\ehOCGen.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00096333 ____A C:\WINDOWS\ocmsn.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00088442 ____A C:\WINDOWS\tabletoc.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00087777 ____A C:\WINDOWS\msgsocm.log
2013-06-12 08:51 - 2010-08-03 12:06 - 00001374 ____A C:\WINDOWS\imsins.log
2013-06-12 08:50 - 2013-06-12 08:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-06-12 08:47 - 2013-06-12 08:46 - 00010976 ____A C:\WINDOWS\KB2838727-IE8.log
2013-06-12 08:47 - 2010-08-04 09:44 - 73381792 ____A (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-06-12 08:47 - 2010-08-03 17:46 - 00201484 ____A C:\WINDOWS\updspapi.log
2013-06-12 08:47 - 2010-08-03 12:06 - 00001374 ____A C:\WINDOWS\imsins.BAK
2013-06-11 20:46 - 2012-06-04 08:57 - 00692104 ____A (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-11 20:46 - 2011-10-14 10:22 - 00071048 ____A (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-07-2013 01
Ran by Administrator at 2013-07-10 14:21:22
Running from C:\Documents and Settings\Administrator\Desktop\david\computer program tools
Boot Mode: Normal
==========================================================

32 Bit HP CIO Components Installer (Version: 3.1.1)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709a (Version: 50.0.165.000)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Angkor
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5145)
ATI Display Driver (Version: 8.122-050329a-023511C-Dell)
ATI Parental Control (Version: 1.0.0.1)
Azteca
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 120.0.194.000)
Chameleon Gems
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.2)
Dell Resource CD (Version: 1.00.0000)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
Diamond Drop 2
Discovery! A Seek and Find Adventure
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
Dr Wise - Medical Mysteries
ESPNMotion (Version: 2.1.6.0011)
Fairy Jewels
Fax (Version: 120.0.194.000)
Flip Words
Flower Paradise
Free M4a to MP3 Converter 7.2
GetSavin (Version: 1.1362627016)
Glucofacts (Version: 1.07.01)
GLUCOFACTS® Deluxe (Version: 2.16.02)
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.149)
GPBaseService2 (Version: 130.0.371.000)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HitmanPro 3.7 (Version: 3.7.6.201)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 120.0.194.000)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Magic Encyclopedia
MahJong Quest 3 The Balance of life
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 120.0.226.000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
MSN
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 120.0.194.000)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
ProductContext (Version: 50.0.165.000)
QuickTime
Righteous Kill
Scan (Version: 12.0.0.0)
Security Task Manager 1.8d (Version: 1.8d)
Shop for HP Supplies (Version: 12)
SigmaTel Audio (Version: 5.10.4493.0)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Sonic Encoders (Version: 1.00)
Spellagories
Status (Version: 120.0.194.000)
The Lost Cases of Sherlock Holmes
The Secret of Margrave Manor
The Treasures of Montezuma
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
Trivia Machine
Uninstall AOL Emergency Connect Utility 1.0
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Virtual Villagers 2: The Lost Children
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 120.0.194.000)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell 1.0 (Version: 2)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
Women's Murder Club_ Death in Scarlet
World Mosaics
YTD Video Downloader 4.0 (Version: 4.0)
 

==================== Restore Points  =========================

12-04-2013 10:19:14 System Checkpoint
13-04-2013 10:40:14 System Checkpoint
14-04-2013 11:40:17 System Checkpoint
15-04-2013 12:40:11 System Checkpoint
16-04-2013 04:20:11 Software Distribution Service 3.0
16-04-2013 04:27:45 Software Distribution Service 3.0
17-04-2013 12:24:21 System Checkpoint
19-04-2013 07:07:52 System Checkpoint
20-04-2013 15:28:22 System Checkpoint
22-04-2013 01:41:25 System Checkpoint
23-04-2013 07:09:22 System Checkpoint
24-04-2013 08:09:23 System Checkpoint
25-04-2013 08:09:44 System Checkpoint
26-04-2013 09:09:43 System Checkpoint
27-04-2013 12:24:19 System Checkpoint
28-04-2013 15:17:24 System Checkpoint
29-04-2013 23:41:30 System Checkpoint
30-04-2013 19:00:16 Installed DirectX
01-05-2013 20:32:20 System Checkpoint
02-05-2013 21:04:26 System Checkpoint
03-05-2013 21:35:51 System Checkpoint
04-05-2013 22:29:08 System Checkpoint
05-05-2013 23:08:34 System Checkpoint
06-05-2013 23:09:16 System Checkpoint
08-05-2013 00:04:30 System Checkpoint
09-05-2013 00:06:23 System Checkpoint
10-05-2013 00:28:57 System Checkpoint
11-05-2013 00:43:10 System Checkpoint
12-05-2013 01:26:41 System Checkpoint
13-05-2013 04:45:46 System Checkpoint
14-05-2013 05:26:38 System Checkpoint
15-05-2013 05:52:06 System Checkpoint
15-05-2013 13:45:26 Software Distribution Service 3.0
16-05-2013 15:56:50 System Checkpoint
17-05-2013 17:01:13 System Checkpoint
18-05-2013 17:24:36 System Checkpoint
19-05-2013 17:29:34 System Checkpoint
20-05-2013 20:21:26 System Checkpoint
21-05-2013 01:00:14 Installed %1 %2.
22-05-2013 01:26:01 Software Distribution Service 3.0
22-05-2013 01:57:19 Software Distribution Service 3.0
22-05-2013 02:17:47 Printer Driver Microsoft XPS Document Writer Installed
22-05-2013 17:16:31 Software Distribution Service 3.0
23-05-2013 17:36:16 System Checkpoint
24-05-2013 17:42:03 System Checkpoint
25-05-2013 19:13:36 System Checkpoint
26-05-2013 19:22:57 System Checkpoint
28-05-2013 06:42:26 System Checkpoint
29-05-2013 01:44:29 Installed Windows Media Player 11
29-05-2013 01:46:13 Installed Windows XP MSCompPackV1.
29-05-2013 02:51:13 Software Distribution Service 3.0
30-05-2013 03:42:46 System Checkpoint
31-05-2013 04:16:37 System Checkpoint
01-06-2013 04:53:38 System Checkpoint
02-06-2013 17:33:58 System Checkpoint
03-06-2013 18:31:43 System Checkpoint
04-06-2013 20:21:44 System Checkpoint
05-06-2013 20:58:08 System Checkpoint
06-06-2013 21:25:42 System Checkpoint
07-06-2013 21:56:55 System Checkpoint
08-06-2013 21:59:50 System Checkpoint
09-06-2013 22:36:45 System Checkpoint
10-06-2013 23:00:26 System Checkpoint
11-06-2013 23:28:05 System Checkpoint
12-06-2013 12:46:38 Software Distribution Service 3.0
14-06-2013 00:25:55 System Checkpoint
15-06-2013 14:45:32 System Checkpoint
16-06-2013 15:39:36 System Checkpoint
17-06-2013 20:01:09 System Checkpoint
19-06-2013 23:02:17 System Checkpoint
21-06-2013 03:12:14 System Checkpoint
22-06-2013 18:40:08 System Checkpoint
23-06-2013 22:51:17 System Checkpoint
25-06-2013 23:55:49 System Checkpoint
27-06-2013 00:37:51 System Checkpoint
28-06-2013 05:14:15 System Checkpoint
29-06-2013 06:05:45 System Checkpoint
30-06-2013 06:59:40 System Checkpoint
01-07-2013 18:18:06 System Checkpoint
02-07-2013 23:45:54 System Checkpoint
04-07-2013 02:40:06 System Checkpoint
05-07-2013 18:22:24 System Checkpoint
06-07-2013 21:03:33 System Checkpoint
08-07-2013 03:41:47 System Checkpoint
09-07-2013 18:47:32 System Checkpoint
10-07-2013 01:09:58 Installed Windows Defender
10-07-2013 01:11:48 Software Distribution Service 3.0
10-07-2013 15:28:23 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{740C1768-AA55-4524-A732-9BD80EFED359}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Faulty Device Manager Devices =============

Name: SONY DVD-ROM DDU1615
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HL-DT-ST DVD+-RW GWA4164B
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2013 00:13:32 PM) (Source: WinDefendRtp) (User: )
Description: %BESSO-A0C0B60E027 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: BESSO-A0C0B60E0\Administrator

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

Error: (07/10/2013 11:44:37 AM) (Source: WinDefendRtp) (User: )
Description: %BESSO-A0C0B60E027 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: BESSO-A0C0B60E0\Administrator

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

Error: (07/10/2013 10:48:52 AM) (Source: WinDefendRtp) (User: )
Description: %BESSO-A0C0B60E027 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: BESSO-A0C0B60E0\Administrator

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

Error: (07/10/2013 10:47:36 AM) (Source: WinDefendRtp) (User: )
Description: %BESSO-A0C0B60E027 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: BESSO-A0C0B60E0\Administrator

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

Error: (07/10/2013 10:31:54 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2013 10:25:59 AM) (Source: WinDefendRtp) (User: )
Description: %BESSO-A0C0B60E027 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: BESSO-A0C0B60E0\Administrator

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

Error: (07/10/2013 00:20:36 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2013 09:10:15 PM) (Source: WinDefendRtp) (User: )
Description: %BESSO-A0C0B60E027 Real-Time Protection checkpoint has encountered an error and failed to start.

 User: BESSO-A0C0B60E0\Administrator

 Checkpoint ID: 27

 Error Code: 0x80070005

 Error description: Access is denied.

Error: (07/09/2013 02:59:05 PM) (Source: MBAMService) (User: )
Description: MBAMService2013/07/09 14:59:02 -0400 BESSO-A0C0B60E0 Administrator IP-BLOCK 95.211.194.79 (Type: outgoing)

Error: (07/09/2013 01:59:37 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (07/10/2013 10:48:37 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/10/2013 10:26:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/10/2013 10:26:19 AM) (Source: System Error) (User: )
Description: Error code 10000050, parameter1 f0f7f000, parameter2 00000001, parameter3 8053a743, parameter4 00000000.

Error: (07/09/2013 08:16:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/09/2013 07:55:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/09/2013 06:08:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/09/2013 02:25:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/09/2013 02:02:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/09/2013 10:53:49 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/08/2013 04:39:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Microsoft Office Sessions:
=========================
Error: (07/10/2013 00:13:32 PM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.0270x80070005Access is denied. BESSO-A0C0B60E0AdministratorS-1-5-21-842925246-861567501-682003330-500

Error: (07/10/2013 11:44:37 AM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.0270x80070005Access is denied. BESSO-A0C0B60E0AdministratorS-1-5-21-842925246-861567501-682003330-500

Error: (07/10/2013 10:48:52 AM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.0270x80070005Access is denied. BESSO-A0C0B60E0AdministratorS-1-5-21-842925246-861567501-682003330-500

Error: (07/10/2013 10:47:36 AM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.0270x80070005Access is denied. BESSO-A0C0B60E0AdministratorS-1-5-21-842925246-861567501-682003330-500

Error: (07/10/2013 10:31:54 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/10/2013 10:25:59 AM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.0270x80070005Access is denied. BESSO-A0C0B60E0AdministratorS-1-5-21-842925246-861567501-682003330-500

Error: (07/10/2013 00:20:36 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/09/2013 09:10:15 PM) (Source: WinDefendRtp)(User: )
Description: %%8271.1.1593.0270x80070005Access is denied. BESSO-A0C0B60E0AdministratorS-1-5-21-842925246-861567501-682003330-500

Error: (07/09/2013 02:59:05 PM) (Source: MBAMService)(User: )
Description: MBAMService2013/07/09 14:59:02 -0400 BESSO-A0C0B60E0 Administrator IP-BLOCK 95.211.194.79 (Type: outgoing)

Error: (07/09/2013 01:59:37 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 1022.09 MB
Available physical RAM: 323.2 MB
Total Pagefile: 2459.5 MB
Available Pagefile: 1717.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.31 GB) (Free:78.67 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=5 GB) - (Type=DB)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

 

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml[/url]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.

 

  •  

     

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

     

     

  • If an update is found, it will download and install the latest version.

     

     

  • Once the program has loaded, select "Perform Quick Scan", then click Scan.

     

     

  • The scan may take some time to finish,so please be patient.

     

     

  • When the scan is complete, click OK, then Show Results to view the results.

     

     

  • Make sure that everything is checked, and click Remove Selected.

     

     

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

     

     

  • Please save the log to a location you will remember.

     

     

  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

     

     

  • Copy and paste the entire report in your next reply.

     

     

 

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.

 

 

 

 

Post those logs... Also give update on any remaing issues/concerns....

 

 

fixlist.txt

Link to post
Share on other sites

Kevin,

 

I hope I did all of this right.

 

I downloaded the fixlist.txt file – put it into the same place as FRST and ran fix.  The document is below.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-07-2013 03

Ran by Administrator at 2013-07-10 15:52:36 Run:1

Running from C:\Documents and Settings\Administrator\Desktop\david\computer program tools

Boot Mode: Normal

 

==============================================

 

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.

 

==== End of Fixlog ====

 

 

I have been using Malwarebytes for some time now on this computer.  I updated Malwarebytes and ran a quick scan.  Nothing was detected.  The results are below.

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.10.07

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: BESSO-A0C0B60E0 [administrator]

 

Protection: Enabled

 

7/10/2013 3:54:06 PM

mbam-log-2013-07-10 (15-54-06).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 224448

Time elapsed: 17 minute(s), 34 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)
 

 

The text document saved in the logs is way to long (around 1000 pages) and I can not get it into the reply area.  Here is a partial of the different parts saved in the logs:

 

2013/07/10 00:00:59 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:00:59 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:01:02 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:01:02 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 00:02:08 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:02:09 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:02:12 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:02:12 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Executing scheduled update:  Hourly | Silent

2013/07/10 00:02:18 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:02:19 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:02:22 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:02:28 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:02:29 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Database already up-to-date

2013/07/10 00:04:15 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:04:18 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:04:24 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 00:49:18 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:49:18 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:49:21 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 00:49:21 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:25:39 -0400     BESSO-A0C0B60E0              MESSAGE      Starting protection

2013/07/10 10:25:40 -0400     BESSO-A0C0B60E0              MESSAGE      Protection started successfully

2013/07/10 10:25:40 -0400     BESSO-A0C0B60E0              MESSAGE      Starting IP protection

2013/07/10 10:26:03 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection started successfully

2013/07/10 10:30:03 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:30:04 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:30:04 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:30:04 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 10:37:02 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:37:03 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:37:05 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:37:07 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:47:32 -0400     BESSO-A0C0B60E0              MESSAGE      Starting protection

2013/07/10 10:47:33 -0400     BESSO-A0C0B60E0              MESSAGE      Protection started successfully

2013/07/10 10:47:33 -0400     BESSO-A0C0B60E0              MESSAGE      Starting IP protection

2013/07/10 10:47:52 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection started successfully

2013/07/10 10:48:57 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:49:00 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:49:06 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 10:49:07 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 11:00:27 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:00:27 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:00:27 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:00:29 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:00:29 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting database refresh

2013/07/10 11:00:29 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Stopping IP protection

2013/07/10 11:00:30 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection stopped successfully

2013/07/10 11:00:37 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Database refreshed successfully

2013/07/10 11:00:38 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting IP protection

2013/07/10 11:01:01 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection started successfully

2013/07/10 11:01:26 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:01:29 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:01:35 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:01:36 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 11:43:02 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:43:05 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:43:11 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:44:49 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting protection

2013/07/10 11:44:49 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Protection started successfully

2013/07/10 11:44:49 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting IP protection

2013/07/10 11:45:07 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection started successfully

2013/07/10 11:45:17 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:45:20 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 11:45:26 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 12:12:10 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 12:12:11 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 12:12:12 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 12:13:46 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting protection

2013/07/10 12:13:46 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Protection started successfully

2013/07/10 12:13:46 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting IP protection

2013/07/10 12:14:04 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection started successfully

2013/07/10 12:14:45 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 12:14:46 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 12:14:46 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 13:02:40 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:02:41 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:02:41 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:02:42 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Executing scheduled update:  Hourly | Silent

2013/07/10 13:02:42 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:02:42 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:02:43 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 13:02:57 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:02:58 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:03:00 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:03:02 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Scheduled update executed successfully:  database updated from version v2013.07.09.09 to version v2013.07.10.06

2013/07/10 13:03:02 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting database refresh

2013/07/10 13:03:02 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Stopping IP protection

2013/07/10 13:03:02 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection stopped successfully

2013/07/10 13:03:10 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Database refreshed successfully

2013/07/10 13:03:10 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting IP protection

2013/07/10 13:03:30 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection started successfully

2013/07/10 13:05:05 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:05:08 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:05:14 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 13:44:49 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:49 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:50 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:51 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Executing scheduled update:  Hourly | Silent

2013/07/10 13:44:51 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:51 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:52 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 13:44:56 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:57 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:57 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:57 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Database already up-to-date

2013/07/10 13:44:58 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:58 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:44:59 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 13:58:52 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:58:55 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:58:56 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:59:00 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Executing scheduled scan:  Quick Scan | Daily

2013/07/10 13:59:00 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Scheduled scan executed successfully

2013/07/10 13:59:01 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:59:02 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 13:59:02 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 15:04:14 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 15:04:17 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 15:04:23 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 15:06:12 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Executing scheduled update:  Hourly | Silent

2013/07/10 15:06:32 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting database refresh

2013/07/10 15:06:32 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Stopping IP protection

2013/07/10 15:06:32 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Scheduled update executed successfully:  database updated from version v2013.07.10.06 to version v2013.07.10.07

2013/07/10 15:06:33 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection stopped successfully

2013/07/10 15:07:17 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Database refreshed successfully

2013/07/10 15:07:17 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Starting IP protection

2013/07/10 15:07:40 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      IP Protection started successfully

2013/07/10 15:07:46 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 15:07:49 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 15:07:49 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 15:58:07 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 15:58:12 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 15:58:13 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:00:55 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Executing scheduled update:  Hourly | Silent

2013/07/10 16:01:11 -0400     BESSO-A0C0B60E0  Administrator    MESSAGE      Database already up-to-date

2013/07/10 16:01:36 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:01:36 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:01:37 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:01:38 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

IP-BLOCK REPEATED

 

2013/07/10 16:25:00 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:25:01 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:25:03 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:25:04 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:25:09 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

2013/07/10 16:25:10 -0400     BESSO-A0C0B60E0  Administrator    IP-BLOCK      95.211.194.79 (Type: outgoing)

 

 

 Next I downloaded Adwcleaner, the results are below. [s1] & [s2]

 

AdwCleaner v2.304 - Logfile created 07/10/2013 at 16:34:15

# Updated 03/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - BESSO-A0C0B60E0

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\david\computer program tools\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

# AdwCleaner v2.304 - Logfile created 07/10/2013 at 16:34:43

# Updated 03/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - BESSO-A0C0B60E0

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\david\computer program tools\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\END

File Deleted : C:\WINDOWS\system32\conduitEngine.tmp

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DriverCure

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\iWin

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\ConduitEngine

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Free Ride Games

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Program Files\ConduitEngine

Folder Deleted : C:\Program Files\Viewpoint

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\conduitEngine

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.3

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl

Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1320680

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856415

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856459

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\conduitEngine

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E042497-2287-461C-8D0D-8EF43AEF5731}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\Viewpoint

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.71

 

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [385 octets] - [10/07/2013 16:34:15]

AdwCleaner[s2].txt - [5875 octets] - [10/07/2013 16:34:43]

 

########## EOF - C:\AdwCleaner[s2].txt - [5935 octets] ##########

 

 

I hope I did all of this correctly.

 

I’m not sure of what all you and I did, but the popup warnings are no longer showing.  I guess this means it is fixed?

 

Thanks,

Buckeye

 

 

 

Link to post
Share on other sites

Well there was evidence of ZeroAccess rootkit infection, that has been cleared up. We still need to run a thorough online AV scan to ensure we`ve missed nothing...

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those two logs, also give an update on any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

Kevin,

 

Sorry about the delay, big thunderstorm just passed and I lost power.  Nothing was running on the computer when the power went out but it did restart.  I ran malwarebytes full scan once the power came back on and it found a Trojan.  The text file is below.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.10.08

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: BESSO-A0C0B60E0 [administrator]

 

Protection: Enabled

 

7/10/2013 6:08:12 PM

mbam-log-2013-07-10 (18-08-12).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 277613

Time elapsed: 49 minute(s), 6 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\WINDOWS\$NtServicePackUninstall$\comres.dll (Trojan.Ransom.FMS) -> Quarantined and deleted successfully.

 

(end)

 

 

Then I came back to the forum and found the new info.  I ran the Eset Online Scanner which found 4 threats.  The text file is below

 

C:\Documents and Settings\Administrator\Application Data\mscpb.dll    a variant of Win32/Medfos.GI trojan

C:\Documents and Settings\Administrator\Desktop\david\download video\cd converter\m4a-to-mp3-converter.exe       a variant of Win32/Bundled.Toolbar.Ask.D application

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js            JS/Redirector.NCG trojan

C:\Documents and Settings\All Users\Application Data\YTD Video Downloader\ytd_installer.exe          a variant of Win32/Bundled.Toolbar.Ask.D application

 

 

Next I ran the Security Check program and the text is below.

 

Results of screen317's Security Check version 0.99.68 

 Windows XP Service Pack 3 x86  

 Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

Please wait while WMIC compiles updated MOF files.

 WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

 Windows Defender   

 Malwarebytes Anti-Malware version 1.75.0.1300 

 Java 7 Update 7 

 Java version out of Date!

 Adobe Reader XI 

 Google Chrome 27.0.1453.116 

 Google Chrome 28.0.1500.71 

 Google Chrome plugins... 

````````Process Check: objlist.exe by Laurent```````` 

 Windows Defender MSMpEng.exe

 Windows Defender MSASCui.exe

 Malwarebytes Anti-Malware mbamservice.exe 

 Malwarebytes Anti-Malware mbamgui.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe  

 Windows Defender MsMpEng.exe  

 Windows Defender MSASCui.exe  

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C:: 8%

````````````````````End of Log``````````````````````

 

 

The internet is running a little slow but other then that everything appears to be working ok.  I have not had the “Malwarebytes Anti-Malware successfully blocked access to a potentially malicious website” warning since my last post.  I am concerned about all of these other tools still finding bad stuff on this computer.

 

Thanks again,

Buckeye 

Link to post
Share on other sites

Yes I do not see a resident AV security program, that is bad news and will leave you prone to infection... Ok we continue..

 

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Filesipconfig /flushdns /cC:\Documents and Settings\Administrator\Application Data\mscpb.dllC:\Documents and Settings\Administrator\Desktop\david\download video\cd converter\m4a-to-mp3-converter.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.jsC:\Documents and Settings\All Users\Application Data\YTD Video Downloader\ytd_installer.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Next,

 

Go here http://www.microsoft.com/en-gb/download/details.aspx?id=5201  Download and install Microsoft Security Essentials, it will want to update and carry out a quick scan, let me know if anything is found...

Link to post
Share on other sites

Kevin,

 

Damn.  Just when everything was going so well.  I seem to be having problems with the OTM program.  I download the file with no problem.  I open the program with no problem.  I paste the text into the yellow bar side with no problem.  I hit MoveIt! and the desktop disappears, the program is still visible no problem.  Within a few minutes the program locks up and I get a OTM Old Timer (not responding).   Its been this way for over an hour.  Not sure what the problem is or what I should do next.  Any suggestions?

 

Thanks again,

Buckeye

Link to post
Share on other sites

Hiya Buckeye,

 

If your system is locked and not responding after one hour you can only power down the system. Leave powered off for 5 minutes then re-boot. See if you can install Microsoft Security Essentials, if that does install ok run a quick scan after updating, see if anything is found.

 

Run Malwarebytes, update, run quick scan, post log. Also go to C:\_OTMoveIt\MovedFiles, see if there is a log inside movedfiles folder, if so post that...

 

Also tell me how your system is responding in general, any obvious issues or concerns..

 

Kevin...

Link to post
Share on other sites

Greyed out files on desktop below.docKevin,

 

I’m not sure why the OTM program locks up the computer – is this possible from some other problems?  I manually stopped the computer and tried one of the other OTM programs with a different name, the OTM.com instead of the OTM.exe, and the computer locked up just the same.  I installed the Microsoft Security Essentials and ran a scan, it came up clean with no threats.  I next ran a quick scan with Malwarebytes the text is below.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.11.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: BESSO-A0C0B60E0 [administrator]

 

Protection: Enabled

 

7/11/2013 1:59:12 PM

mbam-log-2013-07-11 (13-59-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222855

Time elapsed: 21 minute(s), 9 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

I have one major problem that developed possibly due to the OTM failure.  The problem is that I now have quite a few grayed out files in all areas of the computer, both on the desktop and in a lot of folders.  This happened upon restarting the computer after the failed attempt using OTM, and I’m not sure what to do or how to resolve this issue.  Just a thought but some of these files may have been hidden prior.  I will attach a Microsoft word document of the images.  Other then that, the computer appears to run ok. 

 

One question I do have is when I ran the Eset Online Scanner, which found 4 threats, did we ever actually fix/get rid of those threats?

 

Let me know how to proceed and again thanks,

Buckeye

 

 

 

Link to post
Share on other sites

The files you mention were originally hidden, OTM will have made the option visible when the run was done, Did you check to see if the following folder was created:

 

C:\_OTMoveIt\MovedFiles

 

Also was there a log inside to show if OTM actually removed the files we listed? If the log is not there we assume the problem files are still present, do the following:

 

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

 

@echo offdel /f /s /q "C:\Documents and Settings\Administrator\Application Data\mscpb.dll"del /f /s /q "C:\Documents and Settings\Administrator\Desktop\david\download video\cd converter\m4a-to-mp3-converter.exe"del /f /s /q "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdjbnddbclciabnckgeahmneohjlahdm\1.0_0\manager.js"del /f /s /q "C:\Documents and Settings\All Users\Application Data\YTD Video Downloader\ytd_installer.exe"del %0

 

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

It should look like this: batfileicon.gif<--XP vista_bat_icon.png <--vista or windows 7

Double click on delfile.bat to execute it.

A black CMD window will flash, then disappear...this is normal.

The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Let me know how your system is responding after the above, also if any remaining issues or concerns...

 

Kevin..

Link to post
Share on other sites

Kevin,

 

The OTM folder C:\_OTMoveIt\MovedFiles was not created.  I did a search of the C drive and it came up with nothing.  The folders that were created are below.  All folders created are empty (properties for _OTM folder came up with _OTM 5 folders 0 bytes).

 

_OTM

         MovedFiles

              07102013_211538

              07102013_221527

              07102013_222508

              07102013_233943

         Config.Msi

 

(NOTE: all of these files were deleted when the cleanup program was run)

 

 

I then created the notepad document delfile.bat and ran the program - it work as expected.

Next I downloaded and ran the OTC.exe program.  I needed a restart per the program, and like magic all of the greyed items have disappeared.  The computer still appears to work ok. 

 

A question I have is, I have Malwarebytes protection running (enable filesystem protection and enable malicious website blocking are on, with hourly updates and a scan at 2 pm daily) and I now have the Microsoft Security Essentials running as well.  Should both programs be running, or should I modify one of these?  Also, there are a few programs that still need to be removed OTM, Security Check, AdwCleaner, FRST.  From reading other posts I know that eventually we do this, but I wanted to mention it as well. The last question I have for now is, are we sure that all of this garbage stuff that was found has properly been dealt with and the computer is in good shape/clean?

 

Thanks,

Buckeye  

Link to post
Share on other sites

Hiya Buckeye,

Malwarebytes is not an Antivirus Program and offers no AV protection. My own security Setup is Windows FW, Microsoft Security Essentials and Malwarebytes Pro, there are a couple of other tweaks but it does work well.

From your recent logs all looks good on your system, also as you now also have AV protection via MSE it can be maintained...

Continue,

Delete the following from your Desktop:

FRST
Security Checks

Also delete the following via start > my computer > C:\

Anything related to OTM, ALSO frst.

Next,

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner


Next,

We need to remove ESET Online Scanner (Only if installed)

  • Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER.
  • Click to select ESET Online Scanner from the application list, and then click Remove. Only re-boot if prompted



Next,

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) remove Java 7 Update 7 if still present...

Next,

Download tfc_icon.png TFC  to your desktop, from either of the following links
http://oldtimer.geekstogo.com/TFC.exe
http://itxassociates.com/OT-Tools/TFC.exe


  •    
  • Save any open work. TFC will close all open application windows.
       
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
       
  • If prompted, click "Yes" to reboot.


TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete, also if any remaining issues or concerns..

Kevin....

Link to post
Share on other sites

Kevin,

 

Sorry about the delay, I had a few appointments today.  I have successfully removed the programs FRST, Security Checks, OTM, and Adwcleaner.  The ESET Online scanner was removed after using it.  “Do I have Java” said it could not find anything.  It downloaded Java 7 update 25, and removed any old versions.  I could not find Java 7 update 7 on the computer.  Next I downloaded the TFC program.  I ran TFC and got the not responding issue again.  10 minutes after starting the TFC program I manually turned off the computer.  After 5 minutes I restarted the computer.  The TFC program caused the hidden grey items to appear again.  Once the computer restarted, I checked Malwarebytes quarantine which had found 1 item “Trojan.Ransom.FMS” and I deleted it.  Prior to all of this, Malwarebytes ran its scheduled scan at 2 pm and came up clean.  Next I looked at the Microsoft Security Essentials history.  Quarantine items showed 3 items including: “Tojan:35/Medfos.B”, “Trojan:Win32/Alurgon.GQ”, and “Trojan:Win32/Medfos.X”.  I deleted these items.  Next I went to Microsoft Security Essentials history “all detected items” and also found the same 3 items.  I deleted all of these as well.  Just a note about all of the quarantined items from both programs, all were found and quarantined on 7/11/2013.  It looks as if the Malwarebytes and Microsoft Security Essentials are doing their job trying to protect this computer. 

 

Other then the computer running slower at startup, due to Microsoft Security Essentials and Malwarebytes, it appears to be working ok.  Once again I am not sure why the TFC program stalls the computer, but if this is a program I should use weekly then maybe this issue needs to be resolved?  The only other problem is the grayed out “hidden” files.  Should I run the same steps from the previous solution or is there something else to run.

 

As usual many thanks,

Buckeye

 

Link to post
Share on other sites

  1. Open My Computer.

  2. From the Tools menu, choose Folder Options....

  3. Click on the View tab in the Folder Options window.

  4. Set the options as per the attached image, apply then ok.

Next,

 

If TFC is causing issues either delete it or drag and drop it in the recycle bin, it is only a temp file cleaner but may clash with security.

 

Try CCleaner, is a valid alternative:

 

Download and install CCleaner from here:

 

] Ensure to select Slim version.

 

 Then select the items you wish to clean up.

 

In the Windows Tab:

 


    Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    Clean all the entries in the "Windows Explorer" section.
    Clean all entries in the "System" section.
    Clean all entries in the "Advanced" section.
    Clean any others that you choose.
    Make sure "Wipe free space" is unticked, this will dramatically increase scan time if selected.

 

 

In the Applications Tab

 


     Clean all except cookies in the Firefox/Mozilla section if you use it.
     Clean all in the Opera section if you use it.
     Clean Sun Java in the Internet Section.
     Clean any others that you choose.    

 

4. Click the "Run Cleaner" button.

5. A pop up box will appear advising this process will permanently delete files from your system.

6. Click "OK" and it will scan and clean your system.

7. Click "exit" when done.

 

CCleaner is an excellent Utility and well worth keeping, bottom left hand corner of main interface is link "Online Help" use that link to get the full instructions for this very handy application.

 

Let me know how your system is responding, also if any remaining issues or concerns...

 

Kevin

post-3601-0-76052400-1373666662_thumb.jp

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.