Jump to content

cannot connect to Internet


WJames
 Share

Recommended Posts

Hello - A friend asked me to resurrect an old Dell running Windows XP SP2 (32-bit). After making several hardware, software and necessary changes to make XP as safe as possible, when the Home Page starts to load in IE, it stops and displays, "This page cannot be displayed". Even booting to a live CD does not help... Knoppix blocked several scripts (e.g., unable to connect to surveymonkey.com:443). Online scans cannot be performed. The registry cannot be edited, except in Safe Mode. I was able install and run MBAM; it found 1 issue but did not resolve the other issues. Thank you in advance for whatever help you may offer.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-10-2015
Ran by Nancy McNamara (administrator) on OAHU (24-10-2015 21:36:27)
Running from C:\Documents and Settings\Nancy McNamara\Desktop
Loaded Profiles: Nancy McNamara (Available Profiles: Nancy McNamara & Martin McNamara & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\cisvc.exe
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Dell - Advanced Desktop Engineering) C:\WINDOWS\SYSTEM32\DSentry.exe
(Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
(Roxio) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DwlClient] => C:\Program Files\Common Files\Dell\EUSW\Support.exe [69632 2005-10-14] (Dell)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2003-02-10] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2004-05-24] (Apple Computer, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [MoneyStartUp10.0] => C:\Program Files\Microsoft Money\System\Activation.exe [241714 2001-07-25] (Microsoft Corporation)
HKLM\...\Run: [greatheartwebslow] => C:\Documents and Settings\All Users\Application Data\Licensethatgreatheart\meta info.exe [0 2005-10-13] ()
HKLM\...\Run: [Fragmetaerrorstupid] => C:\Documents and Settings\All Users\Application Data\For list frag meta\listpile.exe
HKLM\...\Run: [DVDSentry] => C:\WINDOWS\System32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering)
HKLM\...\Run: [bCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
HKLM\...\Run: [AdaptecDirectCD] => C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [679936 2002-04-10] (Roxio)
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [srrstr] => C:\WINDOWS\System32\srrstr.exe
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [send Copy] => C:\DOCUME~1\NANCYM~1\APPLIC~1\DEFYWM~1\ford tool.exe
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MsnMsgr] => "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation)
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MoneyAgent] => C:\Program Files\Microsoft Money\System\Money Express.exe [184376 2001-07-25] (Microsoft Corporation)
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe [163576 2006-10-18] (Google Inc.)
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\SSMYPICS.SCR [47104 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2003-02-10]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2004-01-16]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk [2004-01-16]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files\Quicken\QWDLLS.EXE (Intuit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{743F44A5-C84A-49D0-91F4-5FF1C8EE281A}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchportal.info
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.dellnet.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dellnet.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dellnet.com/
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hickamairforcebase.com/
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.search.msn.com
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 - (No Name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
BHO: No Name -> {0D91188C-9DA5-AA7F-51C7-8C959F2F0515} -> C:\DOCUME~1\NANCYM~1\APPLIC~1\UPLOAD~1\managernoun.exe => No File
BHO: No Name -> {1AF96305-C21B-59B7-D450-615508DB2746} -> C:\WINDOWS\System32\pqeaygao.dll => No File
BHO: No Name -> {4CFA620C-9D41-59BD-D103-61550881731A} -> C:\WINDOWS\System32\horp.dll => No File
BHO: No Name -> {5652ED2A-007B-AE27-07FE-97735BFA9DD9} -> C:\DOCUME~1\NANCYM~1\APPLIC~1\UPLOAD~1\managernoun.exe => No File
BHO: Military.com Toolbar Helper -> {7D5FBE1D-F012-4f2a-8A1C-42E1037972B7} -> C:\Documents and Settings\All Users\Application Data\Military.com\Helper.6.dll [2005-02-24] ()
BHO: No Name -> {849CC480-5983-4D30-A12C-774E8E8D8291} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.)
BHO: No Name -> {B9FB4EF8-8339-4656-B394-0548DC556D02} -> No File
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25] (Microsoft Corporation)
Toolbar: HKLM - Military.com Toolbar - {1685C500-A1A8-4b18-91DD-B79D39A8A532} - C:\Documents and Settings\All Users\Application Data\Military.com\Toolbar.6.dll [2005-02-24] (Tickle.com Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.)
Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {C6139A57-16FB-4FA4-8045-A847FBFFD695} -  No File
Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {08FCF7E3-5F7D-444E-8554-76A516EB3C6C} -  No File
Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.)
DPF: {10D8725C-C80B-4790-8C4B-A863D234AEA6} hxxp://files.searchrover.net/installs/1.0.0.100/10001/Rover_10001.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {1D0D9077-3798-49BB-9058-393499174D5D} file://c:\counter.cab
DPF: {205FF73B-CA67-11D5-99DD-444553540000} hxxp://www.spywarestormer.com/files2/Install.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {49DB1B20-4E35-4E2E-8C6F-765E238865D6} hxxp://militaryclient.tickle.com/download/client/Install%20Air%20Force%20Toolbar.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38058.5802546296
DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-05-03] (Intel Corporation) [File not signed]
S4 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ADM8511; C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2003-02-10] (Windows ® 2000 DDK provider) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [59440 2003-02-10] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23724 2003-02-10] (Roxio) [File not signed]
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [236032 2002-04-10] (Roxio) [File not signed]
S3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [24554 2002-04-10] (Roxio) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 glauiad; C:\WINDOWS\System32\DRIVERS\glauiad.sys [29603 2003-04-09] (GlobespanVirata Inc.)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [29638 2002-04-10] (Roxio) [File not signed]
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28164 2003-02-10] (MusicMatch, Inc.) [File not signed]
S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-05-03] (Intel Corporation) [File not signed]
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2002-07-19] (Dell Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42496 2004-08-03] (Microsoft Corporation)
R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [117898 2002-04-10] (Roxio) [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2002-08-29] ()
R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206336 2002-04-10] (Roxio)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 bvrp_pci; no ImagePath
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S3 EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S2 mrtRate; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-24 21:36 - 2015-10-24 21:36 - 00015024 _____ C:\Documents and Settings\Nancy McNamara\Desktop\FRST.txt
2015-10-24 21:34 - 2015-10-24 21:36 - 00000000 ____D C:\FRST
2015-10-24 21:33 - 2015-10-23 23:46 - 01700352 _____ (Farbar) C:\Documents and Settings\Nancy McNamara\Desktop\FRST.exe
2015-10-24 09:40 - 2015-10-24 09:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Lavasoft
2015-10-24 09:31 - 2015-10-24 09:31 - 00000000 ____D C:\Program Files\ESET
2015-10-23 23:48 - 2015-10-23 23:48 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-23 23:48 - 2015-10-23 23:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-23 23:48 - 2015-10-23 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-23 23:48 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-23 23:43 - 2015-10-23 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-10-23 23:42 - 2015-10-24 00:02 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-23 23:42 - 2015-10-23 23:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-10-23 23:41 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-23 23:40 - 2015-10-23 23:40 - 00000000 ___HD C:\WINDOWS\PIF
2015-10-23 23:38 - 2015-10-23 23:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-10-23 23:25 - 2015-10-23 23:25 - 00000000 ____D C:\Program Files\FileASSASSIN
2015-10-23 23:25 - 2015-10-23 23:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
2015-10-23 21:32 - 2015-10-23 21:32 - 00000000 ___SD C:\Documents and Settings\Martin McNamara\UserData
2015-10-22 17:00 - 2015-10-22 17:00 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Application Data\Weather Studio
2015-10-22 17:00 - 2015-10-22 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Weather Studio
2015-10-20 16:58 - 2015-10-20 16:58 - 00002778 _____ C:\WINDOWS\KB926255.log
2015-10-20 16:57 - 2015-10-20 16:58 - 00003451 _____ C:\WINDOWS\KB923694.log
2015-10-20 16:56 - 2015-10-20 16:57 - 00002837 _____ C:\WINDOWS\KB925454.log
2015-10-20 16:41 - 2015-10-20 16:41 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Local Settings\Application Data\Google
2015-10-20 16:41 - 2015-10-20 16:41 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Application Data\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-24 21:36 - 2003-02-13 21:55 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Local Settings\Temp
2015-10-24 21:32 - 2004-08-14 22:39 - 01079999 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-24 21:32 - 2003-02-10 13:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-24 21:32 - 2003-02-10 13:40 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL
2015-10-24 21:32 - 2002-09-03 07:53 - 00000159 _____ C:\WINDOWS\WIADEBUG.LOG
2015-10-24 21:32 - 2002-09-03 07:53 - 00000050 _____ C:\WINDOWS\WIASERVC.LOG
2015-10-24 14:43 - 2003-02-10 13:41 - 00032464 _____ C:\WINDOWS\SchedLgU.Txt
2015-10-24 09:42 - 2003-01-20 00:01 - 00000178 ___SH C:\Documents and Settings\Administrator\NTUSER.INI
2015-10-24 09:41 - 2003-01-20 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-10-24 00:09 - 2003-02-13 21:55 - 00000278 ___SH C:\Documents and Settings\Nancy McNamara\NTUSER.INI
2015-10-24 00:09 - 2003-02-13 21:54 - 00000178 ___SH C:\Documents and Settings\Martin McNamara\NTUSER.INI
2015-10-24 00:07 - 2003-02-10 13:27 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-24 00:03 - 2003-02-13 21:54 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Local Settings\Temp
2015-10-24 00:01 - 2006-08-09 06:01 - 00093374 _____ C:\WINDOWS\setupapi.log
2015-10-24 00:00 - 2005-10-05 14:00 - 00000286 ____H C:\WINDOWS\Tasks\CA86E94FF1A99A73.job
2015-10-24 00:00 - 2005-03-24 02:01 - 00000286 ____H C:\WINDOWS\Tasks\913BFC3BB60077DF.job
2015-10-24 00:00 - 2004-10-09 14:10 - 00000252 ____H C:\WINDOWS\Tasks\A50429D39187A597.job
2015-10-23 21:32 - 2003-02-13 21:54 - 00000000 ____D C:\Documents and Settings\Martin McNamara
2015-10-23 12:35 - 2003-02-10 13:41 - 00414482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-22 15:55 - 2003-02-10 13:26 - 00000000 ____D C:\WINDOWS\TWAIN_32
2015-10-22 15:53 - 2004-08-16 04:46 - 00000510 _____ C:\Documents and Settings\Nancy McNamara\Desktop\AOL Saved Files.lnk
2015-10-22 15:53 - 2004-08-16 04:46 - 00000014 _____ C:\WINDOWS\msoffice.ini
2015-10-22 15:53 - 2004-08-16 04:46 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Desktop\AOL Saved PFC
2015-10-22 15:53 - 2004-02-11 16:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AOL
2015-10-22 15:53 - 2003-09-13 13:02 - 00000671 _____ C:\WINDOWS\WIN.INI
2015-10-22 15:49 - 2004-08-11 20:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee
2015-10-22 15:44 - 2004-04-13 18:09 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\AOL
2015-10-22 15:33 - 2004-06-12 00:12 - 00154112 _____ C:\WINDOWS\system32\Status.MPF
2015-10-20 17:56 - 2006-08-23 10:41 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\Weather Studio
2015-10-20 17:54 - 2003-02-10 13:34 - 00000211 __RSH C:\BOOT.INI
2015-10-20 17:54 - 2002-09-03 07:50 - 00000276 _____ C:\WINDOWS\SYSTEM.INI
2015-10-20 17:41 - 2004-03-12 11:59 - 00000000 ____D C:\WINDOWS\pss
2015-10-20 17:35 - 2006-09-16 01:42 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\Google
2015-10-20 17:16 - 2006-09-16 01:42 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Local Settings\Application Data\Google
2015-10-20 16:58 - 2004-12-15 14:23 - 00000000 ___HD C:\WINDOWS\$hf_mig$

==================== Files in the root of some directories =======

2004-06-18 17:46 - 2004-06-18 17:49 - 0000000 _____ () C:\Documents and Settings\Nancy McNamara\Application Data\dm.ini
2003-08-14 18:04 - 2006-05-15 14:31 - 0013312 _____ () C:\Documents and Settings\Nancy McNamara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Martin McNamara\Local Settings\Temp\A~NSISu_.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-10-2015
Ran by Nancy McNamara (2015-10-24 21:37:20)
Running from C:\Documents and Settings\Nancy McNamara\Desktop
Microsoft Windows XP Home Edition Service Pack 2 (X86) (2003-02-14 04:53:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3276103468-1748845545-3590808707-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-3276103468-1748845545-3590808707-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3276103468-1748845545-3590808707-1005 - Limited - Disabled)
Martin McNamara (S-1-5-21-3276103468-1748845545-3590808707-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Martin McNamara
Nancy McNamara (S-1-5-21-3276103468-1748845545-3590808707-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Nancy McNamara
SUPPORT_388945a0 (S-1-5-21-3276103468-1748845545-3590808707-1002 - Limited - Disabled)
SUPPORT_3f151ab9 (S-1-5-21-3276103468-1748845545-3590808707-1004 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware SE Personal (HKLM\...\Ad-Aware SE Personal) (Version:  - Lavasoft)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.)
Adobe Reader 6.0.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Banctec Service Agreement (Version: 1.00.0004 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
CD Ripper (HKLM\...\{F7A42F5B-41EF-43E9-9A49-4FA6ED9B8B60}) (Version:  - )
Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software)
Dell Modem-On-Hold (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 1.39 - BVRP Software, Inc)
Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc)
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell)
Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.2.0.56 - Roxio Inc)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 3.0.0762 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )
Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Macromedia Flash Player 8 (HKLM\...\ShockwaveFlash) (Version: 8 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB886906) (HKLM\...\M886906) (Version:  - )
Microsoft Interactive Training (HKLM\...\Microsoft Press Interactive Training) (Version:  - )
Microsoft Money 2002 (HKLM\...\{E7298FD5-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.50 - Microsoft)
Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}) (Version: 10.0.80 - Microsoft)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM\...\{91190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Military.com Toolbar (HKLM\...\Military.com Toolbar) (Version:  - Military Advantage, Inc.)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
MSN Gaming Zone (HKLM\...\Microsoft Internet Gaming Zone) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MUSICMATCH Jukebox (HKLM\...\MUSICMATCH Jukebox) (Version:  - )
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.05.0000 - Jasc Software Inc)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Quicken 2003 Deluxe (HKLM\...\InstallShield_{E1174FD3-6818-4F31-AD74-F57A62FA845D}) (Version: 12.00.0000 - Intuit)
Quicken 2003 Deluxe (Version: 12.00.0000 - Intuit) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Search Plugin (HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\showwindownurb) (Version:  - )
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0540.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Windows XP Hotfix - KB885295 (HKLM\...\KB885295) (Version: 20040901.162738 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB885884 (HKLM\...\KB885884) (Version: 20040924.025457 - Microsoft Corporation)
Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation)
Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)
Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)
Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows XP Service Pack) (Version: 20040803.231319 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

15-09-2006 12:15:49 System Checkpoint
16-09-2006 01:42:04 Installed Google Earth
17-09-2006 02:37:59 System Checkpoint
18-09-2006 03:15:54 System Checkpoint
19-09-2006 03:27:42 System Checkpoint
20-09-2006 04:28:54 System Checkpoint
20-09-2006 04:31:37 Software Distribution Service 2.0
21-09-2006 05:27:47 System Checkpoint
22-09-2006 10:10:27 System Checkpoint
22-09-2006 12:30:55 Software Distribution Service 2.0
23-09-2006 12:38:50 System Checkpoint
24-09-2006 03:26:19 Software Distribution Service 2.0
25-09-2006 03:38:51 System Checkpoint
26-09-2006 04:07:10 System Checkpoint
26-09-2006 14:31:29 Software Distribution Service 2.0
27-09-2006 06:00:33 Software Distribution Service 2.0
28-09-2006 21:23:20 Software Distribution Service 2.0
29-09-2006 22:24:34 System Checkpoint
30-09-2006 23:23:30 System Checkpoint
02-10-2006 10:21:05 System Checkpoint
03-10-2006 10:22:03 System Checkpoint
04-10-2006 10:34:44 System Checkpoint
04-10-2006 16:04:45 Software Distribution Service 2.0
05-10-2006 13:26:34 Software Distribution Service 2.0
06-10-2006 14:26:34 System Checkpoint
07-10-2006 15:27:42 System Checkpoint
08-10-2006 16:50:08 System Checkpoint
09-10-2006 17:18:49 System Checkpoint
10-10-2006 18:18:49 System Checkpoint
11-10-2006 04:32:33 Software Distribution Service 2.0
11-10-2006 06:00:30 Software Distribution Service 2.0
12-10-2006 06:15:01 System Checkpoint
13-10-2006 07:15:13 System Checkpoint
14-10-2006 08:39:11 System Checkpoint
15-10-2006 09:00:53 System Checkpoint
16-10-2006 12:22:47 System Checkpoint
17-10-2006 12:35:03 System Checkpoint
18-10-2006 01:33:33 Software Distribution Service 2.0
19-10-2006 02:33:35 System Checkpoint
19-10-2006 17:08:51 Software Distribution Service 2.0
20-10-2006 17:33:38 System Checkpoint
21-10-2006 18:19:40 System Checkpoint
22-10-2006 18:46:11 System Checkpoint
23-10-2006 19:44:37 System Checkpoint
24-10-2006 20:02:35 System Checkpoint
25-10-2006 04:21:30 Software Distribution Service 2.0
26-10-2006 04:55:00 System Checkpoint
26-10-2006 18:00:44 Software Distribution Service 2.0
27-10-2006 18:24:09 System Checkpoint
28-10-2006 18:24:42 System Checkpoint
29-10-2006 19:54:36 System Checkpoint
30-10-2006 20:23:42 System Checkpoint
31-10-2006 20:25:05 System Checkpoint
31-10-2006 22:38:49 Software Distribution Service 2.0
01-11-2006 23:23:41 System Checkpoint
02-11-2006 20:49:29 Software Distribution Service 2.0
03-11-2006 14:50:51 Software Distribution Service 2.0
04-11-2006 10:04:40 Software Distribution Service 2.0
04-11-2006 20:02:43 Software Distribution Service 2.0
05-11-2006 23:52:10 System Checkpoint
07-11-2006 00:01:49 System Checkpoint
08-11-2006 01:01:54 System Checkpoint
08-11-2006 05:20:35 Software Distribution Service 2.0
08-11-2006 20:28:59 System Checkpoint
09-11-2006 01:53:00 Software Distribution Service 2.0
09-11-2006 22:32:31 Software Distribution Service 2.0
10-11-2006 23:07:57 System Checkpoint
11-11-2006 23:14:54 System Checkpoint
13-11-2006 01:14:52 System Checkpoint
14-11-2006 02:14:53 System Checkpoint
15-11-2006 02:34:50 System Checkpoint
10-12-2006 13:03:56 Software Distribution Service 2.0
11-12-2006 06:00:20 Software Distribution Service 2.0
12-12-2006 06:23:46 System Checkpoint
13-12-2006 07:23:47 System Checkpoint
20-01-2003 03:16:15 System Checkpoint
22-10-2015 15:55:29 Removed Print to Fax
22-10-2015 15:58:46 Removed Samsung YP-35
23-10-2015 23:47:06 Malwarebytes Anti-Rootkit Restore Point
24-10-2015 00:07:43 Removed Windows Defender

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-08-29 04:00 - 2006-03-06 22:28 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\913BFC3BB60077DF.job => c:\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe
Task: C:\WINDOWS\Tasks\A50429D39187A597.job => c:\progra~1\defywm~1\site funk dog.exe
Task: C:\WINDOWS\Tasks\CA86E94FF1A99A73.job => c:\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\afs.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss\Billminder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Military.com Launcher.lnk => C:\WINDOWS\pss\Military.com Launcher.lnkCommon Startup
MSCONFIG\startupreg: Spyware Doctor => "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2015 05:02:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x10021905.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/20/2015 06:35:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/20/2015 04:46:42 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 04:46:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (10/20/2015 04:46:22 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 04:46:22 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 04:41:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 04:41:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/20/2003 03:17:46 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application winlogon.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00064ed1.
Error in creating result PEAP-TLV in response to received PEAP-TLV (winlogon.exe!ld!)

Error: (01/20/2003 03:17:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00064ed1.
Processing media-specific event for [!ws!]

System errors:
=============
Error: (10/24/2015 09:32:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (10/24/2015 02:43:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (10/24/2015 02:42:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (10/24/2015 09:42:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/24/2015 09:40:08 AM) (Source: DCOM) (EventID: 10005) (User: OAHU)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (10/24/2015 09:26:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
mbamchameleon

Error: (10/24/2015 09:25:06 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/24/2015 12:08:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/24/2015 12:08:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (10/24/2015 12:07:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.66GHz
Percentage of memory in use: 38%
Total physical RAM: 511 MB
Available physical RAM: 315.67 MB
Total Virtual: 864.13 MB
Available Virtual: 707.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.84 GB) (Free:45.75 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Marty's Toolbox) (CDROM) (Total:0.08 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 

Link to post
Share on other sites

Thank you (!) for your help...

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/29/2015 11:47:45 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\System32\DSentry.exe (PID: 472) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 10/29/2015 11:48:40 PM
Execution time: 0 hours(s), 0 minute(s), and 54 seconds(s)

 

--------------------------------------------------------------------------------------------

 

Please note... since XP does not have a "Run as administrator" option. I ran the program logged in as a user with administrator privileges, but I see the log file below still indicates "Administrator: No"...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/29/2015
Scan Time: 11:04:14 PM
Logfile:
Administrator: No

Version: 2.2.0.1024
Malware Database: v2015.10.30.01
Rootkit Database: v2015.10.28.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: Nancy McNamara

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 160114
Time Elapsed: 4 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

  • Root Admin

Well this is not good. Don't update to Service Pack 3 until we're done here but there have been hundreds of security updates since SP2 no good reason not to update to SP3

 

 

OS: Windows XP Service Pack 2

 

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Thank you, AdvancedSetup, for your continued good service.

 

I have on my to-do-list to install SP3, but as you indicated, was not going to do until we are done here.

 

Verifying... there was no STEP 03

 

STEP 04 - Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Microsoft Windows XP x86
Ran by Nancy McNamara on Sat 10/31/2015 at 17:28:45.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software

\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08FCF7E3-5F7D-444E-

8554-76A516EB3C6C}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software

\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C6139A57-16FB-4FA4-

8045-A847FBFFD695}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software

\Microsoft\Internet Explorer\Search\\SearchAssistant

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID

\{0D91188C-9DA5-AA7F-51C7-8C959F2F0515}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AF96305

-C21B-59B7-D450-615508DB2746}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID

\{4CFA620C-9D41-59BD-D103-61550881731A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID

\{5652ED2A-007B-AE27-07FE-97735BFA9DD9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{849CC480

-5983-4D30-A12C-774E8E8D8291}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B9FB4EF8

-8339-4656-B394-0548DC556D02}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software

\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{0D91188C-9DA5-AA7F-51C7-8C959F2F0515}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{1AF96305-C21B-59B7-D450-615508DB2746}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{4CFA620C-9D41-59BD-D103-61550881731A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{5652ED2A-007B-AE27-07FE-97735BFA9DD9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{849CC480-5983-4D30-A12C-774E8E8D8291}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{B9FB4EF8-8339-4656-B394-0548DC556D02}

 

~~~ Files

 

~~~ Informational

C:\WINDOWS\system32\tasklist.exe doesn't exist [Process check skipped .

Windows XP Home Edition?]

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files\viewpoint

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/31/2015 at 17:30:47.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

STEP 05 - AdwCleaner

 

# AdwCleaner v5.014 - Logfile created 31/10/2015 at 17:38:37
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Local]
# Operating system : Microsoft Windows XP Service Pack 2 (x86)
# Username : Nancy McNamara - OAHU
# Running from : C:\Documents and Settings\Nancy McNamara\Desktop

\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application

Data\Viewpoint

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes

\AxMetaStream.MetaStreamCtlSecondary
[-] Key Deleted : HKLM\SOFTWARE\Classes

\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed

Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed

Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498

-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6

-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-

A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\MetaStream
[-] Key Deleted : HKLM\SOFTWARE\Viewpoint
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

\Uninstall\ViewpointMediaPlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App

Management\ARPCache\ViewpointMediaPlayer

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1908 bytes]

##########

STEP 06 - Malwarebytes Anti-Malware

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/31/2015
Scan Time: 7:33:12 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.31.05
Rootkit Database: v2015.10.28.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: Nancy McNamara

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358253
Time Elapsed: 8 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

STEP 07 - ESET online antivirus scannner - No threats found.

STEP 08 - Farbar Recovery Scan Tool

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-10-

2015
Ran by Nancy McNamara (administrator) on OAHU (31-10-2015 20:47:26)
Running from C:\Documents and Settings\Nancy McNamara\Desktop
Loaded Profiles: Nancy McNamara (Available Profiles: Nancy McNamara &

Martin McNamara & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86)

Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-

farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed.

The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\SYSTEM32\cisvc.exe
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Dell - Advanced Desktop Engineering) C:\WINDOWS\SYSTEM32\DSentry.exe
(Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
(Roxio) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier

\1.2.908.5008\GoogleToolbarNotifier.exe
(Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\CIDAEMON.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be

restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DwlClient] => C:\Program Files\Common Files\Dell\EUSW

\Support.exe [69632 2005-10-14] (Dell)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer

\RealPlay.exe [26112 2003-02-10] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe

[98304 2004-05-24] (Apple Computer, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [MoneyStartUp10.0] => C:\Program Files\Microsoft Money

\System\Activation.exe [241714 2001-07-25] (Microsoft Corporation)
HKLM\...\Run: [greatheartwebslow] => C:\Documents and Settings\All

Users\Application Data\Licensethatgreatheart\meta info.exe [0 2005-10-

13] ()
HKLM\...\Run: [Fragmetaerrorstupid] => C:\Documents and Settings\All

Users\Application Data\For list frag meta\listpile.exe
HKLM\...\Run: [DVDSentry] => C:\WINDOWS\System32\DSentry.exe [28672

2002-08-14] (Dell - Advanced Desktop Engineering)
HKLM\...\Run: [bCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29]

(Broadcom Corporation)
HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS

\AOLDial.exe
HKLM\...\Run: [AdaptecDirectCD] => C:\Program Files\Roxio\Easy CD

Creator 5\DirectCD\DirectCD.exe [679936 2002-04-10] (Roxio)
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [srrstr] =>

C:\WINDOWS\System32\srrstr.exe
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [send Copy]

=> C:\DOCUME~1\NANCYM~1\APPLIC~1\DEFYWM~1\ford tool.exe
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MsnMsgr]

=> "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MSMSGS] =>

C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft

Corporation)
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run:

[MoneyAgent] => C:\Program Files\Microsoft Money\System\Money

Express.exe [184376 2001-07-25] (Microsoft Corporation)
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [swg] =>

C:\Program Files\Google\GoogleToolbarNotifier

\1.2.908.5008\GoogleToolbarNotifier.exe [163576 2006-10-18] (Google

Inc.)
HKU\S-1-5-18\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe

[1694208 2004-10-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

zwebauth.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs

\Startup\Microsoft Office.lnk [2003-02-10]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft

Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs

\Startup\Quicken Scheduled Updates.lnk [2004-01-16]
ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files

\Quicken\bagent.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs

\Startup\Quicken Startup.lnk [2004-01-16]
ShortcutTarget: Quicken Startup.lnk -> C:\Program Files\Quicken

\QWDLLS.EXE (Intuit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it

will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{13F1BC97-E40D-424B-8DC8-92633F7FFE89}:

[DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

hxxp://www.searchportal.info
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page

= hxxp://www.dellnet.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= hxxp://www.dellnet.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =

hxxp://www.dellnet.com/
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft

\Internet Explorer\Main,Start Page = hxxp://hickamairforcebase.com/
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft

\Internet Explorer\Main,Default_Search_URL = hxxp://ie.search.msn.com
HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft

\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 - (No

Name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <=======

ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} ->

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[2001-04-16] ()
BHO: Military.com Toolbar Helper -> {7D5FBE1D-F012-4f2a-8A1C-

42E1037972B7} -> C:\Documents and Settings\All Users\Application Data

\Military.com\Helper.6.dll [2005-02-24] ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->

c:\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program

Files\Microsoft Money\System\mnyviewer.dll [2001-07-25] (Microsoft

Corporation)
Toolbar: HKLM - Military.com Toolbar - {1685C500-A1A8-4b18-91DD-

B79D39A8A532} - C:\Documents and Settings\All Users\Application Data

\Military.com\Toolbar.6.dll [2005-02-24] (Tickle.com Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:

\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.)
Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name

- {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name

- {4982D40A-C53B-4615-B15B-B5B5E98D167C} -  No File
Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> &Google

- {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google

\googletoolbar3.dll [2006-10-12] (Google Inc.)
DPF: {10D8725C-C80B-4790-8C4B-A863D234AEA6}

hxxp://files.searchrover.net/installs/1.0.0.100/10001/Rover_10001.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700}

hxxp://go.microsoft.com/fwlink/?linkid=48835
DPF: {1D0D9077-3798-49BB-9058-393499174D5D} file://c:\counter.cab
DPF: {205FF73B-CA67-11D5-99DD-444553540000}

hxxp://www.spywarestormer.com/files2/Install.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71}

hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-

94901338C922/wmv9VCM.CAB
DPF: {49DB1B20-4E35-4E2E-8C6F-765E238865D6}

hxxp://militaryclient.tickle.com/download/client/Install%20Air%20Force

%20Toolbar.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B}

hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-

us/4,0,0,83/mcinsctl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}

hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?

38058.5802546296
DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466}

hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-

us/1,0,0,20/mcgdmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program

Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22]

(Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the

registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware

\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-05-03] (Intel

Corporation) [File not signed]
S4 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the

registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-

17] (Microsoft Corporation)
S3 ADM8511; C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17]

(ADMtek Incorporated)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2003-02-10]

(Windows ® 2000 DDK provider) [File not signed]
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29]

(Broadcom Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [59440 2003-02-10]

(Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23724 2003-02-

10] (Roxio) [File not signed]
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [236032 2002-04-

10] (Roxio) [File not signed]
S3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [24554 2002-04-10]

(Roxio) [File not signed]
R3 eapihdrv; C:\Documents and Settings\Nancy McNamara\Local Settings

\Temp\ehdrv.sys [135760 2015-10-31] (ESET)
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17]

(3Com Corporation)
S3 glauiad; C:\WINDOWS\System32\DRIVERS\glauiad.sys [29603 2003-04-09]

(GlobespanVirata Inc.)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03]

(Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03]

(Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03]

(Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03]

(Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03]

(Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03]

(Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03]

(Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03]

(Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03]

(Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03]

(Intel® Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-

05] (Malwarebytes)
R3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [29638 2002-04-10]

(Roxio) [File not signed]
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28164 2003-02-10]

(MusicMatch, Inc.) [File not signed]
S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-05-03]

(Intel Corporation) [File not signed]
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2002-07-19] (Dell

Computer Corporation) [File not signed]
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42496 2004-08-03] (Microsoft

Corporation)
R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [117898 2002-04-10]

(Roxio) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03]

(Realtek Semiconductor Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2002-08-29] ()
R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206336

2002-04-10] (Roxio)
R3 USB-100; C:\WINDOWS\System32\DRIVERS\USB100M.SYS [27519 2001-09-13]

(Linksys) [File not signed]
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10]

(America Online, Inc.)
S3 bvrp_pci; no ImagePath
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S3 EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S2 mrtRate; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-

03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the

registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be

moved.)

2015-10-31 20:41 - 2015-10-31 20:41 - 00000000 ____D C:\Documents and

Settings\Nancy McNamara\Desktop\FRST-OlderVersion
2015-10-31 19:30 - 2015-10-31 19:30 - 00000000 ____D C:\WINDOWS

\LastGood
2015-10-31 19:30 - 2001-09-13 18:35 - 00027519 ____R (Linksys) C:

\WINDOWS\system32\Drivers\USB100M.SYS
2015-10-31 17:42 - 2015-10-31 17:38 - 00001987 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\AdwCleaner[C1].txt
2015-10-31 17:33 - 2015-10-31 17:38 - 00000000 ____D C:\AdwCleaner
2015-10-31 17:30 - 2015-10-31 17:30 - 00002967 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\JRT.txt
2015-10-31 17:27 - 2015-10-31 16:54 - 01691648 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\AdwCleaner.exe
2015-10-31 17:27 - 2015-10-31 16:53 - 01801288 _____ (Malwarebytes) C:

\Documents and Settings\Nancy McNamara\Desktop\JRT.exe
2015-10-29 23:54 - 2015-10-29 23:54 - 00000000 ____D C:\WINDOWS\ERDNT
2015-10-29 23:53 - 2015-10-29 23:53 - 00000611 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\NTREGOPT.lnk
2015-10-29 23:53 - 2015-10-29 23:53 - 00000592 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\ERUNT.lnk
2015-10-29 23:53 - 2015-10-29 23:53 - 00000000 ____D C:\Program Files

\ERUNT
2015-10-29 23:53 - 2015-10-29 23:53 - 00000000 ____D C:\Documents and

Settings\All Users\Start Menu\Programs\ERUNT
2015-10-29 23:47 - 2015-10-29 23:48 - 00002204 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\Rkill.txt
2015-10-29 23:14 - 2015-10-31 19:43 - 00001057 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\MBAM.txt
2015-10-29 23:14 - 2015-10-29 23:14 - 00001057 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\MBAM1.txt
2015-10-24 20:37 - 2015-10-24 20:37 - 00021200 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\Addition2.txt
2015-10-24 20:36 - 2015-10-31 20:47 - 00014065 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\FRST.txt
2015-10-24 20:34 - 2015-10-31 20:47 - 00000000 ____D C:\FRST
2015-10-24 20:33 - 2015-10-31 20:41 - 01701888 _____ (Farbar) C:

\Documents and Settings\Nancy McNamara\Desktop\FRST.exe
2015-10-24 08:40 - 2015-10-24 08:40 - 00000000 ____D C:\Documents and

Settings\Administrator\Application Data\Lavasoft
2015-10-24 08:31 - 2015-10-24 08:31 - 00000000 ____D C:\Program Files

\ESET
2015-10-23 22:48 - 2015-10-23 22:48 - 00000777 _____ C:\Documents and

Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-23 22:48 - 2015-10-23 22:48 - 00000000 ____D C:\Program Files

\Malwarebytes Anti-Malware
2015-10-23 22:48 - 2015-10-23 22:48 - 00000000 ____D C:\Documents and

Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-23 22:48 - 2015-10-05 08:50 - 00023256 _____ (Malwarebytes) C:

\WINDOWS\system32\Drivers\mbam.sys
2015-10-23 22:43 - 2015-10-23 22:48 - 00000000 ____D C:\Documents and

Settings\All Users\Application Data\Malwarebytes
2015-10-23 22:42 - 2015-10-31 19:32 - 00170200 _____ (Malwarebytes) C:

\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-23 22:42 - 2015-10-23 22:47 - 00000000 ____D C:\Documents and

Settings\All Users\Application Data\Malwarebytes' Anti-Malware

(portable)
2015-10-23 22:41 - 2015-10-05 08:50 - 00121560 _____ (Malwarebytes) C:

\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-23 22:40 - 2015-10-23 22:40 - 00000000 ___HD C:\WINDOWS\PIF
2015-10-23 22:38 - 2015-10-23 22:38 - 00000000 ____D C:\Documents and

Settings\All Users\Application Data\ESET
2015-10-23 22:25 - 2015-10-23 22:25 - 00000000 ____D C:\Program Files

\FileASSASSIN
2015-10-23 22:25 - 2015-10-23 22:25 - 00000000 ____D C:\Documents and

Settings\All Users\Start Menu\Programs\FileASSASSIN
2015-10-23 20:32 - 2015-10-23 20:32 - 00000000 ___SD C:\Documents and

Settings\Martin McNamara\UserData
2015-10-22 16:00 - 2015-10-22 16:00 - 00000000 ____D C:\Documents and

Settings\Martin McNamara\Application Data\Weather Studio
2015-10-22 16:00 - 2015-10-22 16:00 - 00000000 ____D C:\Documents and

Settings\All Users\Application Data\Weather Studio
2015-10-20 15:58 - 2015-10-20 15:58 - 00002778 _____ C:\WINDOWS

\KB926255.log
2015-10-20 15:57 - 2015-10-20 15:58 - 00003451 _____ C:\WINDOWS

\KB923694.log
2015-10-20 15:56 - 2015-10-20 15:57 - 00002837 _____ C:\WINDOWS

\KB925454.log
2015-10-20 15:41 - 2015-10-20 15:41 - 00000000 ____D C:\Documents and

Settings\Martin McNamara\Local Settings\Application Data\Google
2015-10-20 15:41 - 2015-10-20 15:41 - 00000000 ____D C:\Documents and

Settings\Martin McNamara\Application Data\Google

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be

moved.)

2015-10-31 20:47 - 2003-02-13 20:55 - 00000000 ____D C:\Documents and

Settings\Nancy McNamara\Local Settings\Temp
2015-10-31 20:00 - 2005-10-05 13:00 - 00000286 ____H C:\WINDOWS\Tasks

\CA86E94FF1A99A73.job
2015-10-31 20:00 - 2005-03-24 01:01 - 00000286 ____H C:\WINDOWS\Tasks

\913BFC3BB60077DF.job
2015-10-31 20:00 - 2004-10-09 13:10 - 00000252 ____H C:\WINDOWS\Tasks

\A50429D39187A597.job
2015-10-31 19:31 - 2006-08-09 05:01 - 00125406 _____ C:\WINDOWS

\setupapi.log
2015-10-31 19:31 - 2004-08-14 21:39 - 01137774 _____ C:\WINDOWS

\WindowsUpdate.log
2015-10-31 19:28 - 2003-02-10 12:41 - 00000006 ____H C:\WINDOWS\Tasks

\SA.DAT
2015-10-31 19:28 - 2003-02-10 12:40 - 00001170 _____ C:\WINDOWS

\system32\WPA.DBL
2015-10-31 19:28 - 2002-09-03 06:53 - 00000159 _____ C:\WINDOWS

\WIADEBUG.LOG
2015-10-31 19:28 - 2002-09-03 06:53 - 00000050 _____ C:\WINDOWS

\WIASERVC.LOG
2015-10-31 17:48 - 2003-02-13 20:55 - 00000278 ___SH C:\Documents and

Settings\Nancy McNamara\NTUSER.INI
2015-10-29 22:34 - 2003-01-24 05:19 - 00321848 _____ (Malwarebytes

Corporation) C:\Documents and Settings\Nancy McNamara\Desktop\mbam-

clean-2.1.1.1001.exe
2015-10-29 22:32 - 2003-01-24 05:19 - 00791393 _____ (Lars Hederer )

C:\Documents and Settings\Nancy McNamara\Desktop\erunt-setup.exe
2015-10-29 22:30 - 2003-01-24 05:19 - 02019656 _____ (Bleeping

Computer, LLC) C:\Documents and Settings\Nancy McNamara\Desktop

\rkill.exe
2015-10-24 22:48 - 2002-09-03 07:04 - 00193252 _____ C:\WINDOWS

\SETUPACT.LOG
2015-10-24 08:42 - 2003-01-19 23:01 - 00000178 ___SH C:\Documents and

Settings\Administrator\NTUSER.INI
2015-10-24 08:41 - 2003-01-19 23:01 - 00000000 ____D C:\Documents and

Settings\Administrator\Local Settings\Temp
2015-10-23 23:09 - 2003-02-13 20:54 - 00000178 ___SH C:\Documents and

Settings\Martin McNamara\NTUSER.INI
2015-10-23 23:07 - 2003-02-10 12:27 - 00000000 ____D C:\Program Files

\Common Files\Microsoft Shared
2015-10-23 23:03 - 2003-02-13 20:54 - 00000000 ____D C:\Documents and

Settings\Martin McNamara\Local Settings\Temp
2015-10-23 20:32 - 2003-02-13 20:54 - 00000000 ____D C:\Documents and

Settings\Martin McNamara
2015-10-22 14:55 - 2003-02-10 12:26 - 00000000 ____D C:\WINDOWS

\TWAIN_32
2015-10-22 14:53 - 2004-08-16 03:46 - 00000510 _____ C:\Documents and

Settings\Nancy McNamara\Desktop\AOL Saved Files.lnk
2015-10-22 14:53 - 2004-08-16 03:46 - 00000014 _____ C:\WINDOWS

\msoffice.ini
2015-10-22 14:53 - 2004-08-16 03:46 - 00000000 ____D C:\Documents and

Settings\Nancy McNamara\Desktop\AOL Saved PFC
2015-10-22 14:53 - 2004-02-11 15:29 - 00000000 ____D C:\Documents and

Settings\All Users\Application Data\AOL
2015-10-22 14:53 - 2003-09-13 12:02 - 00000671 _____ C:\WINDOWS\WIN.INI
2015-10-22 14:49 - 2004-08-11 19:46 - 00000000 ____D C:\Documents and

Settings\All Users\Application Data\McAfee
2015-10-22 14:44 - 2004-04-13 17:09 - 00000000 ____D C:\Documents and

Settings\Nancy McNamara\Application Data\AOL
2015-10-22 14:33 - 2004-06-11 23:12 - 00154112 _____ C:\WINDOWS

\system32\Status.MPF
2015-10-20 16:56 - 2006-08-23 09:41 - 00000000 ____D C:\Documents and

Settings\Nancy McNamara\Application Data\Weather Studio
2015-10-20 16:54 - 2003-02-10 12:34 - 00000211 __RSH C:\BOOT.INI
2015-10-20 16:54 - 2002-09-03 06:50 - 00000276 _____ C:\WINDOWS

\SYSTEM.INI
2015-10-20 16:41 - 2004-03-12 10:59 - 00000000 ____D C:\WINDOWS\pss
2015-10-20 16:35 - 2006-09-16 00:42 - 00000000 ____D C:\Documents and

Settings\Nancy McNamara\Application Data\Google
2015-10-20 16:16 - 2006-09-16 00:42 - 00000000 ____D C:\Documents and

Settings\Nancy McNamara\Local Settings\Application Data\Google
2015-10-20 15:58 - 2004-12-15 13:23 - 00000000 ___HD C:\WINDOWS\

$hf_mig$

==================== Files in the root of some directories =======

2004-06-18 16:46 - 2004-06-18 16:49 - 0000000 _____ () C:\Documents and

Settings\Nancy McNamara\Application Data\dm.ini
2003-08-14 17:04 - 2006-05-15 13:31 - 0013312 _____ () C:\Documents and

Settings\Nancy McNamara\Local Settings\Application Data\DCBC2A71-70D8-

4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Martin McNamara\Local Settings\Temp

\A~NSISu_.exe
C:\Documents and Settings\Nancy McNamara\Local Settings\Temp

\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-

10-2015
Ran by Nancy McNamara (2015-10-31 20:48:05)
Running from C:\Documents and Settings\Nancy McNamara\Desktop
Microsoft Windows XP Home Edition Service Pack 2 (X86) (2003-02-14

04:53:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3276103468-1748845545-3590808707-500 -

Administrator - Enabled) => %SystemDrive%\Documents and Settings

\Administrator
Guest (S-1-5-21-3276103468-1748845545-3590808707-501 - Limited -

Disabled)
HelpAssistant (S-1-5-21-3276103468-1748845545-3590808707-1005 - Limited

- Disabled)
Martin McNamara (S-1-5-21-3276103468-1748845545-3590808707-1007 -

Limited - Enabled) => %SystemDrive%\Documents and Settings\Martin

McNamara
Nancy McNamara (S-1-5-21-3276103468-1748845545-3590808707-1006 -

Administrator - Enabled) => %SystemDrive%\Documents and Settings\Nancy

McNamara
SUPPORT_388945a0 (S-1-5-21-3276103468-1748845545-3590808707-1002 -

Limited - Disabled)
SUPPORT_3f151ab9 (S-1-5-21-3276103468-1748845545-3590808707-1004 -

Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the

fixlist to unhide them. The adware programs should be uninstalled

manually.)

Ad-Aware SE Personal (HKLM\...\Ad-Aware SE Personal) (Version:  -

Lavasoft)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe

Systems, Inc.)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: 

- )
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-

4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.)
Adobe Reader 6.0.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A00000000001})

(Version: 006.000.001 - Adobe Systems Incorporated)
Banctec Service Agreement (Version: 1.00.0004 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
CD Ripper (HKLM\...\{F7A42F5B-41EF-43E9-9A49-4FA6ED9B8B60}) (Version: 

- )
Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3})

(Version: 4.16 - BVRP Software)
Dell Modem-On-Hold (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF})

(Version: 1.39 - BVRP Software, Inc)
Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-

B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A})

(Version: 2.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF})

(Version: 1.02.000 - BVRP Software, Inc)
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version:

1.00.0001 - Dell)
Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-

009027ABA5D0}) (Version: 5.2.0.56 - Roxio Inc)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B})

(Version: 3.0.0762 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-

9B18-009027A5CD4F}) (Version:  - )
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: 

- )
Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4})

(Version: 2.00.0020 - Intel)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Macromedia Flash Player 8 (HKLM\...\ShockwaveFlash) (Version: 8 -

Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes

Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET

Framework Full v1.0.3705 (1033)) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB886906) (HKLM\...\M886906)

(Version:  - )
Microsoft Interactive Training (HKLM\...\Microsoft Press Interactive

Training) (Version:  - )
Microsoft Money 2002 (HKLM\...\{E7298FD5-1386-11D5-8D6C-0050DAD32D95})

(Version: 10.0.50 - Microsoft)
Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2-

00AA00A204F1}) (Version: 10.0.80 - Microsoft)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-

0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-

0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM\...\{91190409-6000-11D3-8CFE-

0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Military.com Toolbar (HKLM\...\Military.com Toolbar) (Version:  -

Military Advantage, Inc.)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF})

(Version:  - )
MSN Gaming Zone (HKLM\...\Microsoft Internet Gaming Zone) (Version:  -

)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-

AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MUSICMATCH Jukebox (HKLM\...\MUSICMATCH Jukebox) (Version:  - )
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A})

(Version: 7.05.0000 - Jasc Software Inc)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  -

)
Quicken 2003 Deluxe (HKLM\...\InstallShield_{E1174FD3-6818-4F31-AD74-

F57A62FA845D}) (Version: 12.00.0000 - Intuit)
Quicken 2003 Deluxe (Version: 12.00.0000 - Intuit) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Search Plugin (HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...

\showwindownurb) (Version:  - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify)

(Version: 1.5.0540.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 -

Microsoft Corporation)
Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version:

20050114.005213 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version:

20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version:

20050118.202711 - Microsoft Corporation)
Windows XP Hotfix - KB885295 (HKLM\...\KB885295) (Version:

20040901.162738 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version:

20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version:

20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB885884 (HKLM\...\KB885884) (Version:

20040924.025457 - Microsoft Corporation)
Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version:

20041021.090540 - Microsoft Corporation)
Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version:

20041014.162858 - Microsoft Corporation)
Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version:

20041103.095002 - Microsoft Corporation)
Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version:

20041116.131036 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version:

20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version:

20041221.124506 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version:

20041201.233338 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 -

Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version:

20050110.165439 - Microsoft Corporation)
Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 -

Microsoft Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows XP Service Pack) (Version:

20040803.231319 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted):

==========================

(If an entry is included in the fixlist, it will be removed from the

registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

22-10-2015 14:55:29 Removed Print to Fax
22-10-2015 14:58:46 Removed Samsung YP-35
23-10-2015 22:47:06 Malwarebytes Anti-Rootkit Restore Point
23-10-2015 23:07:43 Removed Windows Defender
31-10-2015 16:36:49 System Checkpoint
31-10-2015 17:28:49 JRT Pre-Junkware Removal
31-10-2015 19:30:52 Unsigned driver install

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset

Hosts.)

2002-08-29 03:00 - 2006-03-06 21:28 - 00000734 ____A C:\WINDOWS

\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be

moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\913BFC3BB60077DF.job => c:

\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe
Task: C:\WINDOWS\Tasks\A50429D39187A597.job => c:

\progra~1\defywm~1\site funk dog.exe
Task: C:\WINDOWS\Tasks\CA86E94FF1A99A73.job => c:

\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the

registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr =>

""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be

restored to default or removed.)

==================== Internet Explorer trusted/restricted

===============

(If an entry is included in the fixlist, it will be removed from the

registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Control Panel

\Desktop\\Wallpaper -> C:\WINDOWS\afs.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss

\Billminder.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital

Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start

Menu^Programs^Startup^Military.com Launcher.lnk => C:\WINDOWS\pss

\Military.com Launcher.lnkCommon Startup
MSCONFIG\startupreg: Spyware Doctor => "C:\Program Files\Spyware

Doctor\spydoctor.exe" /Q

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the

registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2015 07:46:26 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list

sequence number from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus

tedr/en/authrootseq.txt> with error: This operation returned because

the timeout period expired.

Error: (10/22/2015 04:02:51 PM) (Source: Application Error) (EventID:

1000) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.2180,

faulting module unknown, version 0.0.0.0, fault address 0x10021905.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/20/2015 05:35:16 PM) (Source: Application Hang) (EventID:

1002) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.2180,

hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/20/2015 03:46:42 PM) (Source: crypt32) (EventID: 11) (User:

)
Description: Failed extract of third-party root list from auto update

cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus

tedr/en/authrootstl.cab> with error: A required certificate is not

within its validity period when verifying against the current system

clock or the timestamp in the signed file.

Error: (10/20/2015 03:46:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list

sequence number from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus

tedr/en/authrootseq.txt> with error: This operation returned because

the timeout period expired.

Error: (10/20/2015 03:46:22 PM) (Source: crypt32) (EventID: 11) (User:

)
Description: Failed extract of third-party root list from auto update

cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus

tedr/en/authrootstl.cab> with error: A required certificate is not

within its validity period when verifying against the current system

clock or the timestamp in the signed file.

Error: (10/20/2015 03:46:22 PM) (Source: crypt32) (EventID: 11) (User:

)
Description: Failed extract of third-party root list from auto update

cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus

tedr/en/authrootstl.cab> with error: A required certificate is not

within its validity period when verifying against the current system

clock or the timestamp in the signed file.

Error: (10/20/2015 03:41:44 PM) (Source: crypt32) (EventID: 11) (User:

)
Description: Failed extract of third-party root list from auto update

cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus

tedr/en/authrootstl.cab> with error: A required certificate is not

within its validity period when verifying against the current system

clock or the timestamp in the signed file.

Error: (10/20/2015 03:41:44 PM) (Source: crypt32) (EventID: 11) (User:

)
Description: Failed extract of third-party root list from auto update

cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trus

tedr/en/authrootstl.cab> with error: A required certificate is not

within its validity period when verifying against the current system

clock or the timestamp in the signed file.

Error: (01/20/2003 02:17:46 AM) (Source: Application Error) (EventID:

1004) (User: )
Description: Faulting application winlogon.exe, version 0.0.0.0,

faulting module ntdll.dll, version 5.1.2600.2180, fault address

0x00064ed1.
Error in creating result PEAP-TLV in response to received PEAP-TLV

(winlogon.exe!ld!)

System errors:
=============
Error: (10/31/2015 07:28:27 PM) (Source: Service Control Manager)

(EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following

error:
%%2

Error: (01/20/2003 12:01:54 AM) (Source: Service Control Manager)

(EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following

error:
%%2

Error: (10/31/2015 05:49:44 PM) (Source: Service Control Manager)

(EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following

error:
%%2

Error: (10/31/2015 05:39:58 PM) (Source: Service Control Manager)

(EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following

error:
%%2

Error: (10/31/2015 05:38:37 PM) (Source: Service Control Manager)

(EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated

unexpectedly.  It has done this 1 time(s).

Error: (10/31/2015 05:38:37 PM) (Source: Service Control Manager)

(EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated

unexpectedly.  It has done this 1 time(s).

Error: (10/31/2015 05:38:37 PM) (Source: Service Control Manager)

(EventID: 7034) (User: )
Description: The Indexing Service service terminated unexpectedly.  It

has done this 1 time(s).

Error: (10/31/2015 05:38:37 PM) (Source: Service Control Manager)

(EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has

done this 1 time(s).  The following corrective action will be taken in

60000 milliseconds: Restart the service.

Error: (10/31/2015 04:21:14 PM) (Source: Service Control Manager)

(EventID: 7000) (User: )
Description: The mrtRate service failed to start due to the following

error:
%%2

Error: (10/30/2015 12:00:42 AM) (Source: 0) (EventID: 14103) (User: )
Description: {743F44A5-C84A-49D0-91F4-5FF1C8EE281A}

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.66GHz
Percentage of memory in use: 44%
Total physical RAM: 511 MB
Available physical RAM: 285.84 MB
Total Virtual: 864.13 MB
Available Virtual: 691.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.84 GB) (Free:47.27 GB) NTFS ==>[drive

with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

How is the computer running now?

 

Let me have you run the following please.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Some web pages load, some don't (e.g., Google and Wikipedia try to load but just go to 'Page cannot be displayed').

 

I am not having any success running ComboFix either starting Windows normally or in Safe Mode.  In either case, it goes through its normal startup but when it begins scanning for infected files, it just goes to a flashing cursor and stays that way (for as long as 90 minutes I have let it run).  It never gets to any 'Completed stage...".

 

Thank you.

Link to post
Share on other sites

  • Root Admin

Let me have you do the following please.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Next,

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

Then restart the computer 2 times and run FRST again and make sure you place a check mark in the Additions.txt check box. Then use the "More Reply Options" and ATTACH those logs files to your next post please.

Link to post
Share on other sites

  • Root Admin

Please read the following and put MSCONFIG back to NORMAL and reboot.

Please read the following article concerning the use of MSCONFIG

Msconfig Is Not A Startup Manager

Next, please run the following.

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Link to post
Share on other sites

MSCONFIG has been put back to Normal Startup.

 

Please note: I did not know MiniToolBox required an Internet connection until I saw the ping results in the log file. The file below is without an Internet connection.  I've attached a second copy done with a connection.

 

Thank you.

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Nancy McNamara (administrator) on 07-11-2015 at 22:53:56
Running from "C:\Documents and Settings\Nancy McNamara\Desktop"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Model: Dimension 4550 Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection 2 (Media disconnected)
Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) = Local Area Connection 6 (Media disconnected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=dhcp
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : oahu

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection 2:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-07-E9-D0-6B-54

 

Ethernet adapter Local Area Connection 6:

 

        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)

        Physical Address. . . . . . . . . : 00-04-5A-56-66-C4

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 d0 6b 54 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 04 5a 56 66 c4 ...... Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
  255.255.255.255  255.255.255.255  255.255.255.255               2   1
  255.255.255.255  255.255.255.255  255.255.255.255               3   1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/03/2015 02:38:58 AM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [pev.3xe!ws!]

Error: (10/31/2015 07:46:26 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (10/22/2015 04:02:51 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x10021905.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/20/2015 05:35:16 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/20/2015 03:46:42 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 03:46:37 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (10/20/2015 03:46:22 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 03:46:22 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 03:41:44 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 03:41:44 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

System errors:
=============
Error: (11/07/2015 10:43:40 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/07/2015 10:35:15 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/05/2015 11:33:45 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/05/2015 11:31:37 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/05/2015 11:25:23 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/05/2015 11:24:25 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/05/2015 11:21:05 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/05/2015 11:13:47 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/05/2015 10:44:57 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/04/2015 01:11:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (11/03/2015 02:38:58 AM) (Source: Application Error)(User: )
Description: pev.3xe0.0.0.0pev.3xe0.0.0.00008d1c0

Error: (10/31/2015 07:46:26 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/22/2015 04:02:51 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180unknown0.0.0.010021905

Error: (10/20/2015 05:35:16 PM) (Source: Application Hang)(User: )
Description: iexplore.exe6.0.2900.2180hungapp0.0.0.000000000

Error: (10/20/2015 03:46:42 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 03:46:37 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (10/20/2015 03:46:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 03:46:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 03:41:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/20/2015 03:41:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

=========================== Installed Programs ============================

Ad-Aware SE Personal (HKLM\...\Ad-Aware SE Personal) (Version:  - Lavasoft)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version:  - )
Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.)
Adobe Reader 6.0.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated)
Banctec Service Agreement (HKLM\...\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}) (Version: 1.00.0004 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
CD Ripper (HKLM\...\{F7A42F5B-41EF-43E9-9A49-4FA6ED9B8B60}) (Version:  - )
Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software)
Dell Modem-On-Hold (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 1.39 - BVRP Software, Inc)
Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc)
Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc)
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell)
Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.2.0.56 - Roxio Inc)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 3.0.0762 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Help and Support Customization (HKLM\...\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}) (Version: 1.00.0000 - Dell) Hidden
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )
Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Macromedia Flash Player 8 (HKLM\...\ShockwaveFlash) (Version: 8 - Macromedia)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB886906) (HKLM\...\M886906) (Version:  - )
Microsoft Interactive Training (HKLM\...\Microsoft Press Interactive Training) (Version:  - )
Microsoft Money 2002 (HKLM\...\{E7298FD5-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.50 - Microsoft)
Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}) (Version: 10.0.80 - Microsoft)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM\...\{91190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation)
Military.com Toolbar (HKLM\...\Military.com Toolbar) (Version:  - Military Advantage, Inc.)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
MSN Gaming Zone (HKLM\...\Microsoft Internet Gaming Zone) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MUSICMATCH Jukebox (HKLM\...\MUSICMATCH Jukebox) (Version:  - )
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.05.0000 - Jasc Software Inc)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Quicken 2003 Deluxe (HKLM\...\{E1174FD3-6818-4F31-AD74-F57A62FA845D}) (Version: 12.00.0000 - Intuit) Hidden
Quicken 2003 Deluxe (HKLM\...\InstallShield_{E1174FD3-6818-4F31-AD74-F57A62FA845D}) (Version: 12.00.0000 - Intuit)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Search Plugin (HKCU\...\showwindownurb) (Version:  - )
Update for Windows XP (KB894391) (HKLM\...\KB894391) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB900485) (HKLM\...\KB900485) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB910437) (HKLM\...\KB910437) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB911280) (HKLM\...\KB911280) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB916595) (HKLM\...\KB916595) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB920872) (HKLM\...\KB920872) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB922582) (HKLM\...\KB922582) (Version: 1 - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0540.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation)
Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation)
Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation)
Windows XP Hotfix - KB885295 (HKLM\...\KB885295) (Version: 20040901.162738 - Microsoft Corporation)
Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation)
Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation)
Windows XP Hotfix - KB885884 (HKLM\...\KB885884) (Version: 20040924.025457 - Microsoft Corporation)
Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation)
Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation)
Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation)
Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation)
Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation)
Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation)
Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation)
Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation)
Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation)
Windows XP Service Pack 2 (HKLM\...\Windows XP Service Pack) (Version: 20040803.231319 - Microsoft Corporation)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 511 MB
Available physical RAM: 341.03 MB
Total Virtual: 1247.73 MB
Available Virtual: 1123.42 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:55.84 GB) (Free:46.91 GB) NTFS

========================= Users: ========================================

User accounts for \\OAHU

Administrator            Guest                    HelpAssistant           
Martin McNamara          Nancy McNamara           SUPPORT_388945a0        
SUPPORT_3f151ab9        

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini081604-01.dmp

**** End of log ****

 

 

MTB2.txt

Link to post
Share on other sites

Still have very limited to no Internet connectivity.  Rarely will a page load, but usually just goes to, "This page cannot be displayed" (e.g., Google; Wikipedia).

 

ComboFix still will not run.

 

I am aware the system is in dire need of software updates, but without an Internet connection I am stymied.  Plus, I did want to make any changes while we are working here unless directed to do so.

 

Thank you.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Please visit the following links on how to use the SFC tool to check and repair invalid Windows system files.

Using System File Checker (SFC) To Fix Issues
http://blogs.technet.com/askcore/archive/2007/12/18/using-system-file-checker-sfc-to-fix-issues.aspx

How to Repair Windows 7 System Files with System File Checker
 

Link to post
Share on other sites

I have been wanting to try another browser but as I mentioned in an earlier post, I did not want to make any software changes while we're working here unless directed to do so.

 

I installed a couple of different browsers and they both work fine, but ComboFix still won't run.  This concerns me... should it?

 

Thank you.

Link to post
Share on other sites

  • Root Admin

Different hardware can sometimes cause Combofix to not run. Not a big issue at the moment.

 

Please restart the computer one more time and then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs. We'll see if we can find something specific stopping the network.

Link to post
Share on other sites

  • Root Admin

These files are not loading which prevents your network from running.

Error: (11/21/2015 06:13:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

AFD

Fips

intelppm

IPSec

MRxSmb

NetBIOS

NetBT

RasAcd

Rdbss

Tcpip

WS2IFSL

Do you have the Windows installation CD ?

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

I have 'a' Windows installation CD from my XP days, but not 'the' disc for this computer since it is not mine.

 

Thank you.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:29-11-2015
Ran by Nancy McNamara (2015-11-29 22:43:57) Run:1
Running from C:\Documents and Settings\Nancy McNamara\Desktop
Loaded Profiles: Nancy McNamara (Available Profiles: Nancy McNamara & Martin McNamara & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Task: C:\WINDOWS\Tasks\913BFC3BB60077DF.job => c:\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe
Task: C:\WINDOWS\Tasks\A50429D39187A597.job => c:\progra~1\defywm~1\site funk dog.exe
Task: C:\WINDOWS\Tasks\CA86E94FF1A99A73.job => c:\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe
C:\WINDOWS\Tasks\913BFC3BB60077DF.job
C:\WINDOWS\Tasks\A50429D39187A597.job
C:\WINDOWS\Tasks\CA86E94FF1A99A73.job

*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\Tasks\913BFC3BB60077DF.job => moved successfully
C:\WINDOWS\Tasks\A50429D39187A597.job => moved successfully
C:\WINDOWS\Tasks\CA86E94FF1A99A73.job => moved successfully
"C:\WINDOWS\Tasks\913BFC3BB60077DF.job" => not found.
"C:\WINDOWS\Tasks\A50429D39187A597.job" => not found.
"C:\WINDOWS\Tasks\CA86E94FF1A99A73.job" => not found.


The system needed a reboot.

==== End of Fixlog 22:44:02 ====

Link to post
Share on other sites

  • Root Admin

Doesn't matter who's disk. Not using the license. Just using it for repair.
 
Please try the following to see if it can fix some of these problems.
 
 
 
Download Portable Windows Repair (all in one) from one of the following:
 
http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/
 
Unzip the contents into a newly created folder on your desktop.
 
Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"
 
 
tweak1.jpg
 
From the main GUI do the following:
 
 
Select Tab 5 and Create System Restore Point
 
 
tweak4.jpg
 
Select Start Repairs tab => Click the Start
 
 
tweak5.jpg
 
The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...
 
 
tweak6.jpg
 
DON'T use the computer while each scan is in progress.
 
Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log
 
 
tweak7.jpg
 
 
Let me see that log, any improvement?

Link to post
Share on other sites

  • Root Admin

Well things are not looking good here. Let me have you try running the following.
 


Reset Default Permissions:

  • Please download ResetDefaultPerms by AdvancedSetup from here and save it to your desktop
  • Close any open programs and save anything you were working on
  • Double click on restoredefaultperms.exe to run it
  • Once it completes it will restart your computer

 

Then download a new fresh copy of Combofix and see if you can run it now or not and let me know.

 

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.