1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive XP SP3 Computer Locks Up Shortly After Boot

Discussion in 'Malware and Virus Removal Archive' started by virginia, 2014/03/22.

  1. 2014/03/22
    virginia Lifetime Subscription

    virginia Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,093
    Likes Received:
    25
    [Inactive] XP SP3 Computer Locks Up Shortly After Boot

    Helping a friend with an XP SP3 desktop. First noticed the problem yesterday when using Quicken. In the middle of entering a transaction, the hourglass popped up and nothing could be accessed. Finally had to force a close down.

    I can start the computer and after the boot up, one may get an application to open, but within a short time, the hourglass appears and then nothing happens. I was able to open AVG Free and started a scan (initial as one had never been done) and the status bar remained a 0% for over an hour. It appears that Trend Micro and Webroot Desktop Firewall may also be downloaded/installed. The computer is such that I can't really open much without it stalling.

    I was able to copy Malwarebytes from a flash drive to the Desktop, but when trying to install, it locked up and never completed. I am able to boot into Safe mode and the unit seems fairly stable there but I was reluctant to try using the AVG scan or Malwarebytes in Safe mode. Malwarebytes website recommends against Safe mode.

    I was able to get to the control panel to uninstall some bad stuff but there were several that I was unable to uninstall in Safe mode - Window Washer, SpeedUp Your Computer, System Checkup, Audit Support Center, and SSP Setup?

    What can I do to get this thing starting to respond again? Thanks Broni.
     
    virginia,
    #1
  2. 2014/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Using another working computer....
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Download OTLPENet.exe to your Desktop
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open ImgBurn to burn the file to CD
    • Boot your BAD computer using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a Reatogo desktop.
    • Insert the flash drive with FRST on it
    • Open My Computer to locate the flash drive and run FRST
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
    broni,
    #2


  3. to hide this advert.

  4. 2014/03/23
    virginia Lifetime Subscription

    virginia Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,093
    Likes Received:
    25
    Got the RealToGo Desktop and found and ran the FARBAR tool. Here is the log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
    Ran by SYSTEM on REATOGO on 23-03-2014 15:41:11
    Running from I:\Ron Stuff
    Microsoft Windows XP (X86) OS Language: English(US)
    Internet Explorer Version 7
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Webroot Desktop Firewall] - C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe [2401672 2008-07-31] (Webroot Software Inc (www.webroot.com))
    HKLM\...\Run: [Verizon_McciTrayApp] - C:\Program Files\Verizon\McciTrayApp.exe [1565696 2010-03-17] (Alcatel-Lucent)
    HKLM\...\Run: [TM Outbreak Agent] - C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe [290816 2004-02-17] (Trend Micro Incorporated.)
    HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16143872 2006-04-17] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [Recguard] - C:\Windows\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
    HKLM\...\Run: [readericon] - C:\Program Files\Digital Media Reader\readericon45G.exe [139264 2005-12-09] (Alcor Micro, Corp.)
    HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [98304 2006-08-19] (Apple Computer, Inc.)
    HKLM\...\Run: [Pure Networks Port Magic] - C:\Program Files\Pure Networks\Port Magic\PortAOL.exe [99480 2004-04-05] (Pure Networks, Inc.)
    HKLM\...\Run: [PCClient.exe] - C:\Program Files\Trend Micro\Antivirus\PCClient.exe [634949 2004-02-17] (Trend Micro Incorporated.)
    HKLM\...\Run: [pccguide.exe] - C:\Program Files\Trend Micro\Antivirus\pccguide.exe [950337 2004-02-17] (Trend Micro Incorporated.)
    HKLM\...\Run: [Iomega Drive Icons] - C:\Program Files\Iomega\DriveIcons\ImgIcon.exe [86016 2002-08-13] (Iomega)
    HKLM\...\Run: [HostManager] - C:\Program Files\Common Files\AOL\1155974661\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-12] (Google)
    HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
    HKLM\...\Run: [Deskup] - C:\Program Files\Iomega\DriveIcons\deskup.exe [32768 2002-07-16] (Iomega)
    HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1191936 2006-03-21] (CANON INC.)
    HKLM\...\Run: [AOLDialer] - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [70720 2010-07-13] (America Online)
    HKLM\...\Run: [AOLAspSunset2] - "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe "
    HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [ADUserMon] - "C:\Program Files\Iomega\AutoDisk\ADUserMon.exe "
    HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
    Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
    HKU\Administrator\...\Run: [Power2GoExpress] - NA
    HKU\Administrator\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S0].txt [6694 2014-03-23] ()
    HKU\Default User\...\Run: [Power2GoExpress] - NA
    HKU\Owner\...\Run: [Window Washer] - C:\Program Files\Webroot\Washer\wwDisp.exe [1206600 2007-11-26] (Webroot Software, Inc.)
    HKU\Owner\...\Run: [Power2GoExpress] - NA
    HKU\Owner\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-12] (Google)

    ========================== Services (Whitelisted) =================

    S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
    S2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
    S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-01-26] ()
    S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1418184 2013-02-19] (AVG Technologies CZ, s.r.o.)
    S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-12] (Google)
    S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
    S2 Iomega App Services; C:\Program Files\Iomega\System32\AppServices.exe [73728 2002-09-04] (Iomega Corporation)
    S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
    S2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2006-08-19] (New Boundary Technologies, Inc.)
    S2 Tmntsrv; C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe [241737 2004-02-17] (Trend Micro Incorporated.)
    S2 tmproxy; C:\Program Files\Trend Micro\Antivirus\tmproxy.exe [204873 2004-02-17] (Trend Micro Incorporated.)
    S2 WDFNet; C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [353672 2008-07-31] (Webroot Software Inc (www.webroot.com))
    S2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
    S4 Iomega Activity Disk2; " " [X]

    ==================== Drivers (Whitelisted) ====================

    S0 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    S2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2006-08-19] (Windows (R) 2000 DDK provider)
    S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
    S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
    S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
    S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
    S1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [44288 2004-11-10] (Roxio)
    S1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [24832 2004-11-10] (Roxio)
    S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1033600 2005-03-16] (Conexant Systems, Inc.)
    S0 iomdisk; C:\Windows\System32\DRIVERS\iomdisk.sys [30258 2002-09-04] (Iomega Corporation)
    S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500xp.sys [1034240 2011-03-28] (Broadcom Corporation)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
    S0 ppa3; C:\Windows\System32\DRIVERS\ppa3.sys [17664 2008-04-13] (Microsoft Corporation)
    S1 pwipf6; C:\Windows\system32\drivers\pwipf6.sys [85848 2007-10-18] (Privacyware/PWI, Inc.)
    S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
    S2 Tmfilter; C:\Windows\System32\drivers\TmXPFlt.sys [204816 2008-04-30] (Trend Micro Inc.)
    S2 Tmpreflt; C:\Windows\System32\drivers\Tmpreflt.sys [36368 2008-04-30] (Trend Micro Inc.)
    S1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [14976 2004-02-17] (Trend Micro Inc.)
    S2 Vsapint; C:\Windows\System32\drivers\Vsapint.sys [1169240 2008-04-30] (Trend Micro Inc.)
    S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S1 WS2IFSL;

    ==================== NetSvcs (Whitelisted) ===================

    NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

    ==================== One Month Created Files and Folders ========

    2014-03-23 15:41 - 2014-03-23 15:41 - 00000000 ____D () C:\FRST
    2014-03-23 13:11 - 2014-03-23 13:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2014-03-23 09:37 - 2014-03-23 09:37 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-03-23 09:37 - 2014-03-23 09:37 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2014-03-23 09:37 - 2014-03-23 09:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-03-23 09:35 - 2014-03-23 07:00 - 01950720 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
    2014-03-23 09:29 - 2014-03-23 09:31 - 00000000 ____D () C:\AdwCleaner
    2014-03-23 09:29 - 2014-03-23 07:00 - 01950720 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    2014-03-23 09:28 - 2014-03-23 09:28 - 00001475 _____ () C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
    2014-03-23 09:28 - 2014-03-23 09:28 - 00000000 __SHD () C:\Windows\CSC
    2014-03-23 09:24 - 2014-03-23 09:24 - 00001487 _____ () C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
    2014-03-22 11:45 - 2014-03-23 09:37 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-03-22 11:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2014-03-22 11:38 - 2014-03-22 08:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
    2014-03-21 21:08 - 2014-03-21 21:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\IM
    2014-03-21 20:46 - 2014-03-21 20:46 - 00000000 __HDC () C:\Windows\$NtUninstallKB2934207$
    2014-03-21 20:45 - 2014-03-21 20:46 - 00005757 _____ () C:\Windows\KB2934207.log
    2014-03-21 19:22 - 2014-03-21 19:24 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\RonBackup
    2014-03-21 19:16 - 2014-03-21 19:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
    2014-03-21 13:15 - 2014-03-21 20:12 - 00000000 ___DC () C:\Windows\$NtUninstallKB2929961$
    2014-03-21 13:12 - 2014-03-21 20:55 - 00000000 __HDC () C:\Windows\$NtUninstallKB2930275$
    2014-03-21 12:59 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\Windows\System32\xp_eos.exe
    2014-03-21 12:59 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xp_eos.exe
    2014-03-21 12:59 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xp_eos.exe
    2014-03-13 15:52 - 2014-03-13 15:52 - 00090112 _____ () C:\Windows\Minidump\Mini031314-01.dmp
    2014-03-13 15:39 - 2014-03-13 15:39 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVG2014
    2014-03-13 15:35 - 2014-03-13 15:35 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2014
    2014-03-13 15:33 - 2014-03-13 15:33 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
    2014-03-13 15:31 - 2014-03-13 15:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
    2014-03-13 15:17 - 2014-03-22 10:49 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2014
    2014-03-13 15:14 - 2014-03-21 20:35 - 00142793 _____ () C:\Windows\KB2925418-IE7.log
    2014-03-13 15:13 - 2014-03-21 20:34 - 00016258 _____ () C:\Windows\KB2929961.log
    2014-03-13 15:08 - 2014-03-21 20:55 - 00023214 _____ () C:\Windows\KB2930275.log
    2014-02-21 18:05 - 2014-02-21 18:05 - 00000000 __HDC () C:\Windows\$NtUninstallKB2916036$
    2014-02-21 18:04 - 2014-02-21 18:04 - 00000000 __HDC () C:\Windows\$NtUninstallKB2909212$
    2014-02-21 17:42 - 2014-02-21 17:42 - 00000000 __HDC () C:\Windows\$NtUninstallKB2904878$
    2014-02-21 17:41 - 2014-02-21 17:42 - 00008617 _____ () C:\Windows\KB2904878.log
    2014-02-21 13:51 - 2014-02-21 18:05 - 00018905 _____ () C:\Windows\KB2916036.log
    2014-02-21 13:50 - 2014-02-21 18:04 - 00019102 _____ () C:\Windows\KB2909212.log
    2014-02-21 13:47 - 2014-02-21 18:04 - 00109338 _____ () C:\Windows\KB2909921-IE7.log

    ==================== One Month Modified Files and Folders =======

    2014-03-23 15:41 - 2014-03-23 15:41 - 00000000 ____D () C:\FRST
    2014-03-23 14:24 - 2006-06-17 05:45 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
    2014-03-23 14:24 - 2006-06-17 05:39 - 01249832 _____ () C:\Windows\WindowsUpdate.log
    2014-03-23 13:11 - 2014-03-23 13:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2014-03-23 13:11 - 2006-06-17 05:23 - 00001158 _____ () C:\Windows\System32\wpa.dbl
    2014-03-23 09:39 - 2012-01-04 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
    2014-03-23 09:37 - 2014-03-23 09:37 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-03-23 09:37 - 2014-03-23 09:37 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2014-03-23 09:37 - 2014-03-23 09:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-03-23 09:37 - 2014-03-22 11:45 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
    2014-03-23 09:37 - 2006-06-16 22:31 - 00576808 ____C () C:\Windows\System32\PerfStringBackup.INI
    2014-03-23 09:35 - 2006-06-17 05:36 - 00000000 ____D () C:\Windows\Registration
    2014-03-23 09:33 - 2006-06-17 05:25 - 00000209 __RSH () C:\boot.ini
    2014-03-23 09:33 - 2006-06-17 05:23 - 00000699 _____ () C:\Windows\win.ini
    2014-03-23 09:33 - 2006-06-17 05:23 - 00000227 ____N () C:\Windows\system.ini
    2014-03-23 09:31 - 2014-03-23 09:29 - 00000000 ____D () C:\AdwCleaner
    2014-03-23 09:28 - 2014-03-23 09:28 - 00001475 _____ () C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
    2014-03-23 09:28 - 2014-03-23 09:28 - 00000000 __SHD () C:\Windows\CSC
    2014-03-23 09:24 - 2014-03-23 09:24 - 00001487 _____ () C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
    2014-03-23 07:00 - 2014-03-23 09:35 - 01950720 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
    2014-03-23 07:00 - 2014-03-23 09:29 - 01950720 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    2014-03-22 11:32 - 2006-06-16 22:31 - 00920634 _____ () C:\Windows\setupapi.log
    2014-03-22 10:49 - 2014-03-13 15:17 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2014
    2014-03-22 08:54 - 2014-03-22 11:38 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
    2014-03-21 21:22 - 2009-03-08 13:23 - 00000000 ____D () C:\Windows\pss
    2014-03-21 21:15 - 2006-08-19 03:58 - 00000000 ____D () C:\Program Files\WildTangent
    2014-03-21 21:15 - 2006-08-19 03:58 - 00000000 ____D () C:\Program Files\Gateway Games
    2014-03-21 21:15 - 2006-08-19 03:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WildTangent
    2014-03-21 21:11 - 2013-02-26 19:51 - 00000000 ____D () C:\Windows\System32\appmgmt
    2014-03-21 21:09 - 2013-06-26 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo
    2014-03-21 21:08 - 2014-03-21 21:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\IM
    2014-03-21 20:55 - 2014-03-21 13:12 - 00000000 __HDC () C:\Windows\$NtUninstallKB2930275$
    2014-03-21 20:55 - 2014-03-13 15:08 - 00023214 _____ () C:\Windows\KB2930275.log
    2014-03-21 20:46 - 2014-03-21 20:46 - 00000000 __HDC () C:\Windows\$NtUninstallKB2934207$
    2014-03-21 20:46 - 2014-03-21 20:45 - 00005757 _____ () C:\Windows\KB2934207.log
    2014-03-21 20:46 - 2006-06-17 05:45 - 00032548 _____ () C:\Windows\SchedLgU.Txt
    2014-03-21 20:46 - 2006-06-16 22:31 - 03152466 _____ () C:\Windows\FaxSetup.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 01509289 _____ () C:\Windows\ocgen.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 01446015 _____ () C:\Windows\tsoc.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 01437383 _____ () C:\Windows\iis6.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 01028320 _____ () C:\Windows\comsetup.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00970150 _____ () C:\Windows\msmqinst.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00621255 _____ () C:\Windows\ntdtcsetup.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00565670 _____ () C:\Windows\netfxocm.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00353998 _____ () C:\Windows\plusoc.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00344649 _____ () C:\Windows\MedCtrOC.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00173085 _____ () C:\Windows\ehOCGen.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00169310 _____ () C:\Windows\ocmsn.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00159438 _____ () C:\Windows\tabletoc.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00157687 _____ () C:\Windows\msgsocm.log
    2014-03-21 20:46 - 2006-06-16 22:31 - 00001374 _____ () C:\Windows\imsins.log
    2014-03-21 20:45 - 2013-09-21 13:15 - 00000000 ____D () C:\Windows\System32\MRT
    2014-03-21 20:35 - 2014-03-13 15:14 - 00142793 _____ () C:\Windows\KB2925418-IE7.log
    2014-03-21 20:34 - 2014-03-13 15:13 - 00016258 _____ () C:\Windows\KB2929961.log
    2014-03-21 20:34 - 2006-11-04 12:56 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
    2014-03-21 20:26 - 2007-01-29 21:36 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2014-03-21 20:23 - 2013-04-02 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2013
    2014-03-21 20:23 - 2006-06-16 22:30 - 00174672 _____ () C:\Windows\System32\FNTCACHE.DAT
    2014-03-21 20:17 - 2012-01-04 13:12 - 00000000 ___HD () C:\$AVG
    2014-03-21 20:12 - 2014-03-21 13:15 - 00000000 ___DC () C:\Windows\$NtUninstallKB2929961$
    2014-03-21 19:24 - 2014-03-21 19:22 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\RonBackup
    2014-03-21 19:16 - 2014-03-21 19:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
    2014-03-21 13:16 - 2006-06-19 00:33 - 00555381 _____ () C:\Windows\updspapi.log
    2014-03-21 13:16 - 2006-06-16 22:31 - 00001374 _____ () C:\Windows\imsins.BAK
    2014-03-21 13:15 - 2008-05-19 11:51 - 00000000 ____D () C:\Windows\ie7updates
    2014-03-13 15:52 - 2014-03-13 15:52 - 00090112 _____ () C:\Windows\Minidump\Mini031314-01.dmp
    2014-03-13 15:52 - 2006-11-19 08:35 - 00000000 ____D () C:\Windows\Minidump
    2014-03-13 15:40 - 2012-01-04 12:22 - 00000000 ____D () C:\Program Files\AVG
    2014-03-13 15:39 - 2014-03-13 15:39 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\AVG2014
    2014-03-13 15:36 - 2014-03-13 15:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
    2014-03-13 15:35 - 2014-03-13 15:35 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2014
    2014-03-13 15:33 - 2014-03-13 15:33 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
    2014-02-26 12:57 - 2006-06-17 05:36 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-02-25 21:59 - 2014-03-21 12:59 - 00013312 ____N (Microsoft Corporation) C:\Windows\System32\xp_eos.exe
    2014-02-25 21:59 - 2014-03-21 12:59 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xp_eos.exe
    2014-02-25 21:59 - 2014-03-21 12:59 - 00013312 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xp_eos.exe
    2014-02-21 18:05 - 2014-02-21 18:05 - 00000000 __HDC () C:\Windows\$NtUninstallKB2916036$
    2014-02-21 18:05 - 2014-02-21 13:51 - 00018905 _____ () C:\Windows\KB2916036.log
    2014-02-21 18:04 - 2014-02-21 18:04 - 00000000 __HDC () C:\Windows\$NtUninstallKB2909212$
    2014-02-21 18:04 - 2014-02-21 13:50 - 00019102 _____ () C:\Windows\KB2909212.log
    2014-02-21 18:04 - 2014-02-21 13:47 - 00109338 _____ () C:\Windows\KB2909921-IE7.log
    2014-02-21 17:42 - 2014-02-21 17:42 - 00000000 __HDC () C:\Windows\$NtUninstallKB2904878$
    2014-02-21 17:42 - 2014-02-21 17:41 - 00008617 _____ () C:\Windows\KB2904878.log

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\AcsInstall.dll
    C:\Documents and Settings\Owner\Local Settings\Temp\aol_trio417.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\SHFOLDER.DLL
    C:\Documents and Settings\Owner\Local Settings\Temp\tbInc2.dll
    C:\Documents and Settings\Owner\Local Settings\Temp\tbtriopreinst402.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\UNINSTALL.EXE


    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points (XP) =====================

    RP: -> 2014-03-21 20:53 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP353

    RP: -> 2014-03-21 20:25 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP352

    RP: -> 2014-03-21 20:09 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP351

    RP: -> 2014-03-21 12:58 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP350

    RP: -> 2014-03-13 15:38 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP349

    RP: -> 2014-03-13 15:36 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP348

    RP: -> 2014-03-13 15:32 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP347

    RP: -> 2014-03-13 15:31 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP346

    RP: -> 2014-03-13 15:30 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP345

    RP: -> 2014-02-28 15:02 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP344

    RP: -> 2014-02-26 13:08 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP343

    RP: -> 2014-02-21 17:35 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP342

    RP: -> 2014-02-21 14:40 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP341

    RP: -> 2014-01-16 01:16 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP340

    RP: -> 2014-01-15 15:29 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP339

    RP: -> 2014-01-14 14:56 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP338

    RP: -> 2013-12-30 20:41 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP337

    RP: -> 2013-12-17 12:37 - 028672 _restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP336


    ==================== Memory info ===========================

    Percentage of memory in use: 23%
    Total physical RAM: 893.11 MB
    Available physical RAM: 679.31 MB
    Total Pagefile: 804.7 MB
    Available Pagefile: 706.29 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2000.06 MB

    ==================== Drives ================================

    Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
    Drive c: () (Fixed) (Total:181.01 GB) (Free:162.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive h: (RECOVERY) (Fixed) (Total:5.28 GB) (Free:3.4 GB) FAT32
    Drive i: () (Removable) (Total:1.88 GB) (Free:1.71 GB) FAT
    Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 186 GB) (Disk ID: 2FF02FF0)
    Partition 1: (Active) - (Size=181 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=5 GB) - (Type=0B)

    ========================================================
    Disk: 5 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
    virginia,
    #3
  5. 2014/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't actually see anything malicious there.

    I suggest new topic in Windows forum.

    Good luck :)
     
    broni,
    #4
  6. 2014/03/23
    virginia Lifetime Subscription

    virginia Geek Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    1,093
    Likes Received:
    25
    Thanks a lot Broni. I would have bet that Malware was involved by the way the computer was operating. I have opened a thread in XP.
     
    virginia,
    #5
  7. 2014/03/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG].....
     
    broni,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...