Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

registry problem, can not download and MBR possible error


  • This topic is locked This topic is locked
132 replies to this topic

#1 jtrv

jtrv

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 May 2014 - 11:55 AM

hi.

windows xp sp3. the computer is not allowing for any successful downloads and my malwarebytes antimalware pro will not update to a current update. I ran a RogueKiller scan and it found items in registry and error reading Error reading LL2 MBR! ([0x1] Incorrect function.) DDS and rougekiller logs below. I also use mozilla firefox (portable) which I do not see in the logs below. thank you.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Int at 12:43:17 on 2014-05-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.745 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Common Files\AOL\1398372110\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Int\Desktop\FirefoxPortable\FirefoxPortable.exe
C:\Documents and Settings\Int\Desktop\FirefoxPortable\App\firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell4me.com/myway
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} -
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [HostManager] c:\program files\common files\aol\1398372110\ee\AOLSoftware.exe
StartupFolder: c:\docume~1\int\startm~1\programs\startup\shortc~1.lnk - c:\program files\common files\aol\acs\AOLDial.exe
StartupFolder: c:\docume~1\int\startm~1\programs\startup\shortc~2.lnk - c:\program files\common files\aol\1398372110\ee\aolsoftware.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1392241640859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: Interfaces\{71FBCC11-D03C-4F96-8781-1644DCA8D69B} : NameServer = 205.188.146.145
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-3-16 857912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-16 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-3-16 107736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-3-16 1809720]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2014-1-17 161888]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-05-10 15:40:42 -------- d-----w- c:\documents and settings\int\local settings\application data\Mozilla
2014-05-10 01:10:19 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2014-04-24 20:41:42 -------- d-----w- c:\program files\common files\aolshare
2014-04-24 20:41:42 -------- d-----w- c:\program files\AOL Desktop 9.7
2014-04-24 20:00:26 -------- d--h--w- C:\TEMP
.
==================== Find3M ====================
.
2014-05-10 15:29:56 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-08 23:35:54 89680 ----a-w- c:\documents and settings\int\MSSSerif120.fon
2014-04-03 13:51:06 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 13:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-10 15:57:20 14664 ----a-w- c:\windows\stinger.sys
2014-03-10 15:56:11 167344 ----a-w- c:\windows\system32\mfevtps.exe.a40e.deleteme
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec
2014-02-21 18:06:39 1409 ----a-w- c:\windows\QTFont.for
.
============= FINISH: 12:43:44.03 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/12/2014 4:22:45 PM
System Uptime: 5/10/2014 11:28:31 AM (1 hours ago)
.
Motherboard: 0U2424
Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 112.66 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1105691D23C04
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1105691D23C04
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/1000 MT Network Connection
Device ID: PCI\VEN_8086&DEV_100E&SUBSYS_01721028&REV_02\4&1C660DD6&0&60F0
Manufacturer: Intel
Name: Intel® PRO/1000 MT Network Connection
PNP Device ID: PCI\VEN_8086&DEV_100E&SUBSYS_01721028&REV_02\4&1C660DD6&0&60F0
Service: E1000
.
==== System Restore Points ===================
.
RP1: 2/12/2014 4:26:25 PM - System Checkpoint
RP2: 2/12/2014 4:32:28 PM - Installed Windows Internet Explorer 8.
RP3: 2/12/2014 5:35:04 PM - Software Distribution Service 3.0
RP4: 2/12/2014 6:03:01 PM - Software Distribution Service 3.0
RP5: 2/12/2014 6:28:31 PM - Software Distribution Service 3.0
RP6: 2/12/2014 9:19:31 PM - Software Distribution Service 3.0
RP7: 2/14/2014 4:01:27 PM - System Checkpoint
RP8: 2/14/2014 5:13:53 PM - Software Distribution Service 3.0
RP9: 2/14/2014 7:09:53 PM - Software Distribution Service 3.0
RP10: 2/15/2014 4:27:04 PM - Software Distribution Service 3.0
RP11: 2/15/2014 7:57:31 PM - Software Distribution Service 3.0
RP12: 2/16/2014 12:56:27 PM - Software Distribution Service 3.0
RP13: 2/16/2014 5:26:35 PM - Software Distribution Service 3.0
RP14: 2/16/2014 6:33:54 PM - Software Distribution Service 3.0
RP15: 2/17/2014 7:00:54 PM - System Checkpoint
RP16: 2/19/2014 3:24:20 PM - System Checkpoint
RP17: 2/21/2014 10:27:11 AM - System Checkpoint
RP18: 2/22/2014 2:08:50 PM - System Checkpoint
RP19: 5/17/2004 1:33:13 AM - System Checkpoint
RP20: 2/23/2014 2:39:15 AM - System Checkpoint
RP21: 2/24/2014 4:07:15 PM - System Checkpoint
RP22: 2/27/2014 1:15:27 PM - System Checkpoint
RP23: 2/28/2014 2:45:40 PM - System Checkpoint
RP24: 3/2/2014 2:20:29 PM - System Checkpoint
RP25: 3/3/2014 6:07:07 PM - System Checkpoint

==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
AOL Uninstaller (Choose which Products to Remove)
Banctec Service Agreement
Cheetah CD Burner
Conexant D850 56K V.9x DFVc Modem
Creative MediaSource
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Digital Line Detect
DVDSentry
EarthLink Setup Files
Help and Support Customization
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel Application Accelerator RAID Edition
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
LibreOffice 4.2.0.4
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Modem Helper
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH® Jukebox
NetWaiting
NVIDIA Windows 2000/XP Display Drivers
PowerDVD
QuickTime
RealPlayer Basic
Sandboxie 4.08 (32-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
5/3/2014 8:16:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
5/3/2014 8:16:06 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
.
==== End Of File ===========================

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Int [Admin rights]
Mode : Remove -- Date : 05/10/2014 11:38:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) WDC WD1600JD-75HBB0 +++++
--- User ---
[MBR] 9ff05d6f79fca7491c825bad1300849d
[BSP] c80f110d2a36ad8b30a0a0d9d23ed92e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 152546 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_D_05102014_113819.txt >>
RKreport[0]_S_05102014_113732.txt

Edited by jtrv, 10 May 2014 - 11:59 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:16 PM

Posted 15 May 2014 - 12:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533892 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 jtrv

jtrv
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 16 May 2014 - 09:18 AM

hello. the HelpBot informed me to reply here since I am still waiting for assistance. thank you.


Edited by jtrv, 16 May 2014 - 09:31 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 18 May 2014 - 09:58 AM

Greetings jtrv and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me. If necessary download the file on a clean computer to a USB device then transfer it to the troubled computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 jtrv

jtrv
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 18 May 2014 - 12:24 PM

hello oh my. thank you for helping me. here is the frst logs and the system info attached. Also note that I use the firefox portable as the web browser which may not be listed below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-05-2014 01
Ran by Int (administrator) on -- on 13-05-2014 11:29:31
Running from C:\Documents and Settings\Int\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
(Intel) C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
() C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Intel) C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1398372110\ee\aolsoftware.exe
(AOL LLC) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
(PortableApps.com) C:\Documents and Settings\Int\Desktop\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Documents and

Settings\Int\Desktop\FirefoxPortable\App\Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PRONoMgr.exe] => C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [86016 2003-03-11]

(Intel® Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

[126976 2004-03-25] (Intel)
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\System32\NvCpl.dll [4800512 2003-11-03] (NVIDIA

Corporation)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14]

(Microsoft Corporation)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1398372110\ee\AOLSoftware.exe

[41800 2010-03-08] (AOL Inc.)
Startup: C:\Documents and Settings\Int\Start Menu\Programs\Startup\Shortcut to AOLDial.exe.lnk
ShortcutTarget: Shortcut to AOLDial.exe.lnk -> C:\Program Files\Common Files\AOL\acs\AOLDial.exe

(America Online)
Startup: C:\Documents and Settings\Int\Start Menu\Programs\Startup\Shortcut to

aolsoftware.exe.lnk
ShortcutTarget: Shortcut to aolsoftware.exe.lnk -> C:\Program Files\Common

Files\AOL\1398372110\ee\aolsoftware.exe (AOL Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -  No File
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} -

C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll

(Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?13922

41640859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft

Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common

Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
Tcpip\..\Interfaces\{71FBCC11-D03C-4F96-8781-1644DCA8D69B}: [NameServer]205.188.146.145

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft

Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience

Technology\npViewpoint.dll ()

========================== Services (Whitelisted) =================

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13]

(Creative Technology Ltd)
R2 IAANTMon; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [73838 2004-03-25]

(Intel)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720

2014-05-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-05]

(Malwarebytes Corporation)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel® Corporation)
R2 NMSAccess; C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe [45056 2005-12-07]

()
S3 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-17] (Sandboxie Holdings, LLC)
S3 SCardDrv; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2004-06-27] (Windows ® 2000 DDK

provider)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [287920 2003-03-27] (Creative Technology

Ltd)
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-02-27] (Sonic Solutions)
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121856 2003-07-11] (Intel Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [823616 2003-03-26] (Creative Technology

Ltd)
R3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [141536 2003-03-26] (Creative Technology

Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-05] (Malwarebytes

Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-13] (Malwarebytes

Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28256 2004-06-27] (MusicMatch, Inc.)
R2 PfModNT; C:\WINDOWS\System32\drivers\PfModNT.sys [15840 2003-03-06] (Creative Technology Ltd.)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-17] (Sandboxie Holdings, LLC)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2004-01-14] (Sonic Solutions)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2004-01-14] (Sonic Solutions)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2004-03-15] (Sonic Solutions)
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2004-03-15] (Sonic Solutions)
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2004-03-15] (Sonic Solutions)
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2004-03-15] (Sonic Solutions)
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [85972 2004-03-15] (Sonic Solutions)
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2004-03-15] (Sonic Solutions)
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2004-03-15] (Sonic Solutions)
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98580 2004-03-15] (Sonic Solutions)
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100597 2004-03-15] (Sonic Solutions)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 bvrp_pci; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-13 11:29 - 2014-05-13 11:29 - 00009083 _____ () C:\Documents and

Settings\Int\Desktop\FRST.txt
2014-05-13 11:22 - 2014-05-13 11:28 - 01056256 _____ (Farbar) C:\Documents and

Settings\Int\Desktop\FRST.exe
2014-05-13 11:04 - 2014-05-13 11:24 - 00030983 _____ () C:\Documents and

Settings\Int\Desktop\CheckResults.txt
2014-05-13 11:01 - 2014-05-13 11:01 - 00000000 ____D () C:\Documents and Settings\Int\Local

Settings\Application Data\Mozilla
2014-05-13 10:56 - 2014-05-13 10:56 - 00000000 ____D () C:\Program Files\Viewpoint
2014-05-13 10:56 - 2014-05-13 10:56 - 00000000 ____D () C:\Documents and Settings\All

Users\Application Data\Viewpoint
2014-05-12 19:21 - 2014-05-13 11:12 - 00110296 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 19:21 - 2014-05-12 19:21 - 00000777 _____ () C:\Documents and Settings\All

Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\Program Files\Malwarebytes

Anti-Malware
2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start

Menu\Programs\Malwarebytes Anti-Malware
2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\Documents and Settings\All

Users\Application Data\Malwarebytes
2014-05-12 19:21 - 2014-05-05 13:23 - 00053208 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 19:21 - 2014-05-05 13:23 - 00023256 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-12 18:19 - 2014-05-12 19:18 - 17291984 _____ (Malwarebytes Corporation ) C:\Documents and

Settings\Int\Desktop\mbam-setup-consumer-2.0.2.1010.exe
2014-05-12 18:05 - 2014-05-12 18:05 - 00000000 ____D () C:\Documents and Settings\Int\My

Documents\ISBC
2014-05-12 18:03 - 2014-05-12 18:04 - 00000000 ____D () C:\Documents and Settings\Int\My

Documents\menus
2014-05-12 12:52 - 2014-05-12 13:02 - 01673896 _____ (Malwarebytes Corporation) C:\Documents and

Settings\Int\Desktop\mbam-check-2.1.0.0002.exe

2014-04-24 16:42 - 2014-04-24 16:42 - 00000668 _____ () C:\Documents and Settings\All Users\Start

Menu\AOL Desktop 9.7.lnk
2014-04-24 16:41 - 2014-04-24 16:45 - 00000000 ____D () C:\Program Files\AOL Desktop 9.7
2014-04-24 16:41 - 2014-04-24 16:42 - 00000000 ____D () C:\Program Files\Common Files\aolshare
2014-04-24 16:41 - 2014-04-24 16:41 - 00000000 ____D () C:\Program Files\AOL


==================== One Month Modified Files and Folders =======

2014-05-13 11:29 - 2014-05-13 11:29 - 00009083 _____ () C:\Documents and

Settings\Int\Desktop\FRST.txt
2014-05-13 11:29 - 2004-05-17 00:34 - 00000000 ____D () C:\FRST
2014-05-13 11:28 - 2014-05-13 11:22 - 01056256 _____ (Farbar) C:\Documents and

Settings\Int\Desktop\FRST.exe
2014-05-13 11:25 - 2014-05-13 11:25 - 00000287 _____ () C:\Documents and

Settings\Int\Desktop\update not working - posts - 5-12-2014.txt
2014-05-13 11:24 - 2014-05-13 11:04 - 00030983 _____ () C:\Documents and

Settings\Int\Desktop\CheckResults.txt
2014-05-13 11:12 - 2014-05-12 19:21 - 00110296 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 11:01 - 2014-05-13 11:01 - 00000000 ____D () C:\Documents and Settings\Int\Local

Settings\Application Data\Mozilla
2014-05-13 11:01 - 2014-04-16 14:37 - 00000000 ____D () C:\Documents and Settings\Int\Application

Data\Mozilla
2014-05-13 10:56 - 2014-05-13 10:56 - 00000000 ____D () C:\Program Files\Viewpoint
2014-05-13 10:56 - 2014-05-13 10:56 - 00000000 ____D () C:\Documents and Settings\All

Users\Application Data\Viewpoint
2014-05-13 10:54 - 2004-06-27 10:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-12 20:54 - 2014-05-10 11:03 - 00005955 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-12 20:54 - 2014-02-11 13:46 - 00000000 __SHD () C:\Documents and Settings\Int\UserData
2014-05-12 20:54 - 2014-02-11 12:47 - 00000178 ___SH () C:\Documents and Settings\Int\NTUSER.INI
2014-05-12 20:54 - 2004-06-27 11:10 - 00001080 _____ () C:\WINDOWS\system32\settingsbkup.sfm
2014-05-12 20:54 - 2004-06-27 11:10 - 00001080 _____ () C:\WINDOWS\system32\settings.sfm
2014-05-12 20:54 - 2004-06-27 11:10 - 00000288 _____ ()

C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2014-05-12 20:54 - 2004-06-27 11:10 - 00000288 _____ ()

C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2014-05-12 20:54 - 2004-06-27 10:57 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-12 20:09 - 2014-04-25 12:11 - 00000000 ____D () C:\Documents and Settings\Int\My

Documents\Job search 2014
2014-05-12 19:21 - 2014-05-12 19:21 - 00000777 _____ () C:\Documents and Settings\All

Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\Program Files\Malwarebytes

Anti-Malware
2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start

Menu\Programs\Malwarebytes Anti-Malware
2014-05-12 19:21 - 2014-05-12 19:21 - 00000000 ____D () C:\Documents and Settings\All

Users\Application Data\Malwarebytes
2014-05-12 19:18 - 2014-05-12 18:19 - 17291984 _____ (Malwarebytes Corporation ) C:\Documents and

Settings\Int\Desktop\mbam-setup-consumer-2.0.2.1010.exe

2014-05-12 13:02 - 2014-05-12 12:52 - 01673896 _____ (Malwarebytes Corporation) C:\Documents and

Settings\Int\Desktop\mbam-check-2.1.0.0002.exe

2014-05-10 20:34 - 2014-02-15 14:14 - 00000000 ____D () C:\Documents and Settings\Int\My

Documents\seen on 2014
2014-05-10 15:48 - 2014-05-10 15:48 - 00000000 ____D () C:\Documents and Settings\Int\My

Documents\ecards text
2014-05-10 15:20 - 2014-05-10 15:19 - 00000000 ____D () C:\Documents and Settings\Int\My

Documents\ty
2014-05-05 13:23 - 2014-05-12 19:21 - 00053208 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-05 13:23 - 2014-05-12 19:21 - 00023256 _____ (Malwarebytes Corporation)

C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-04 20:56 - 2014-05-04 20:56 - 00000099 _____ () C:\Documents and

Settings\Int\Desktop\look at 5-4-2014.txt
2014-05-04 20:53 - 2014-05-04 20:53 - 00000016 _____ () C:\Documents and Settings\Int\My

Documents\rp
2014-04-26 12:09 - 2014-04-26 12:09 - 00000051 _____ () C:\Documents and Settings\Int\My

Documents\Walmart Gift Card AUtomated System - 1-888-537-5503.txt
2014-04-25 14:08 - 2004-06-27 10:38 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-24 16:47 - 2014-02-11 13:30 - 00000000 ____D () C:\Documents and Settings\Int\Application

Data\AOL
2014-04-24 16:45 - 2014-04-24 16:41 - 00000000 ____D () C:\Program Files\AOL Desktop 9.7
2014-04-24 16:43 - 2014-02-11 13:28 - 00061112 _____ () C:\install.log
2014-04-24 16:42 - 2014-04-24 16:42 - 00000756 _____ () C:\Documents and Settings\All

Users\Desktop\AOL Desktop 9.7.lnk
2014-04-24 16:42 - 2014-04-24 16:42 - 00000668 _____ () C:\Documents and Settings\All Users\Start

Menu\AOL Desktop 9.7.lnk
2014-04-24 16:42 - 2014-04-24 16:41 - 00000000 ____D () C:\Program Files\Common Files\aolshare
2014-04-24 16:42 - 2014-02-11 13:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start

Menu\Programs\AOL
2014-04-24 16:42 - 2004-06-27 11:08 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-04-24 16:42 - 2004-06-27 11:08 - 00000000 ____D () C:\Documents and Settings\All

Users\Application Data\AOL
2014-04-24 16:41 - 2014-04-24 16:41 - 00000000 ____D () C:\Program Files\AOL
2014-04-24 16:31 - 2014-02-11 13:29 - 00000000 ____D () C:\Documents and Settings\Int\Local

Settings\Application Data\AOL
2014-04-24 16:31 - 2004-06-27 11:08 - 00000208 _____ () C:\WINDOWS\wininit.ini
2014-04-24 15:46 - 2004-03-20 13:58 - 00000613 _____ () C:\WINDOWS\WIN.INI
2014-04-24 15:46 - 2004-03-20 13:50 - 00000246 _____ () C:\WINDOWS\SYSTEM.INI


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01
Ran by Int at 2014-05-18 11:30:26
Running from C:\Documents and Settings\Int\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.53.64 - Adobe Systems Incorporated)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Banctec Service Agreement (Version: 1.00.00 - Dell) Hidden
Cheetah CD Burner (HKLM\...\{91D7B376-7CE5-48C6-8C0F-BEF5B8A4E8FC}) (Version:  - )
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version:  - )
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
EarthLink Setup Files (HKLM\...\{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}) (Version: 2003.3.84.0 - EarthLink, Inc.)
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
Intel Application Accelerator RAID Edition (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.3 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 2 Runtime Environment, SE v1.4.2 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142000}) (Version: 1.4.2 - Sun Microsystems, Inc.)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
LibreOffice 4.2.0.4 (HKLM\...\{E043231F-34F2-4AF5-9400-0961CC15AAAE}) (Version: 4.2.0.4 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.2.1010 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1010 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2004 (HKLM\...\{04410044-9149-45C6-A806-F2BF9CFCE762}) (Version: 2004 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.25 - BVRP Software)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MUSICMATCH® Jukebox (HKLM\...\{45EBDA59-D33B-433A-956E-B2F236468B56}) (Version:  - )
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.90 - Sonic Solutions)
Sonic MyDVD (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 5.3.0 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.10 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
Sound Blaster Audigy 2 (HKLM\...\{E82BF103-904F-49C0-B77F-6EC110B71E87}) (Version:  - )
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WordPerfect Office 11 (HKLM\...\{54F90B55-BEB3-4F0D-8802-228822FA5921}) (Version: 11.0 - Corel Corporation)

==================== Restore Points  =========================

12-02-2014 21:26:25 System Checkpoint
12-02-2014 21:32:28 Installed Windows Internet Explorer 8.
12-02-2014 22:35:04 Software Distribution Service 3.0
12-02-2014 23:03:01 Software Distribution Service 3.0
12-02-2014 23:28:31 Software Distribution Service 3.0
13-02-2014 02:19:31 Software Distribution Service 3.0
14-02-2014 21:01:27 System Checkpoint
14-02-2014 22:13:53 Software Distribution Service 3.0
15-02-2014 00:09:53 Software Distribution Service 3.0
15-02-2014 21:27:04 Software Distribution Service 3.0
16-02-2014 00:57:31 Software Distribution Service 3.0
16-02-2014 17:56:27 Software Distribution Service 3.0
16-02-2014 22:26:35 Software Distribution Service 3.0
16-02-2014 23:33:54 Software Distribution Service 3.0
18-02-2014 00:00:54 System Checkpoint
19-02-2014 20:24:20 System Checkpoint
21-02-2014 15:27:11 System Checkpoint
22-02-2014 19:08:50 System Checkpoint
17-05-2004 05:33:13 System Checkpoint
23-02-2014 07:39:15 System Checkpoint
24-02-2014 21:07:15 System Checkpoint
27-02-2014 18:15:27 System Checkpoint
28-02-2014 19:45:40 System Checkpoint
02-03-2014 19:20:29 System Checkpoint
03-03-2014 23:07:07 System Checkpoint
10-03-2014 23:19:23 Revo Uninstaller's restore point - McAfee SecurityCenter
10-03-2014 23:20:14 Revo Uninstaller's restore point - McAfee VirusScan
10-03-2014 23:21:25 Revo Uninstaller's restore point - McAfee SecurityCenter
10-03-2014 23:21:57 Revo Uninstaller's restore point - McAfee SecurityCenter
14-03-2014 14:13:43 System Checkpoint
16-03-2014 19:25:16 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
16-03-2014 19:35:06 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.00.0.1000
18-03-2014 18:49:46 System Checkpoint
19-03-2014 18:50:36 System Checkpoint
20-03-2014 20:35:05 System Checkpoint
22-03-2014 17:43:26 System Checkpoint
24-03-2014 21:23:32 Restore
26-03-2014 16:38:01 Installed LibreOffice 4.2.0.4
29-03-2014 20:00:45 System Checkpoint
29-03-2014 00:54:47 System Checkpoint
30-03-2014 21:03:04 System Checkpoint
31-03-2014 22:34:21 System Checkpoint
03-04-2014 17:53:18 System Checkpoint
04-04-2014 17:59:14 System Checkpoint
05-04-2014 19:55:38 System Checkpoint
06-04-2014 20:00:24 System Checkpoint
17-05-2004 04:15:59 System Checkpoint
07-04-2014 16:08:08 System Checkpoint
08-04-2014 17:09:24 System Checkpoint
08-04-2014 19:46:03 Software Distribution Service 3.0
09-04-2014 20:08:15 Installed Windows XP KB2936068.
10-04-2014 22:25:28 System Checkpoint
11-04-2014 22:30:29 System Checkpoint
16-04-2014 21:14:38 System Checkpoint
15-04-2014 15:58:03 System Checkpoint
17-04-2014 23:36:28 System Checkpoint
19-04-2014 00:19:19 Software Distribution Service 3.0
19-04-2014 15:26:16 Software Distribution Service 3.0
19-04-2014 16:04:11 Revo Uninstaller's restore point - Microsoft Compression Client Pack 1.0 for Windows XP
20-04-2014 18:53:39 System Checkpoint
23-04-2014 22:02:35 System Checkpoint
==================== Hosts content: ==========================

2004-03-19 18:37 - 2004-03-19 18:37 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


==================== Loaded Modules (whitelisted) =============

2006-09-15 11:31 - 2005-12-07 10:44 - 00045056 _____ () C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
2012-04-20 18:50 - 2012-04-20 18:50 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7\zlib.dll
2012-04-20 18:50 - 2012-04-20 18:50 - 00094208 _____ () C:\Program Files\AOL Desktop 9.7\Components\Tier2Svc.dll
2012-04-20 18:50 - 2012-04-20 18:50 - 00060928 _____ () C:\Program Files\AOL Desktop 9.7\Components\DataSvcs.dll
2014-05-13 11:01 - 2014-05-13 11:01 - 00029696 _____ () C:\Documents and Settings\Int\Local Settings\Temp\nsg15.tmp\registry.dll
2014-05-13 11:01 - 2014-05-13 11:01 - 00011264 _____ () C:\Documents and Settings\Int\Local Settings\Temp\nsg15.tmp\System.dll
2014-01-28 02:54 - 2014-01-28 02:54 - 03583600 _____ () C:\Documents and Settings\Int\Desktop\FirefoxPortable\App\firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\Int\My Documents\SendtoTR.docx:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Int\My Documents\SendtoTR.docx:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91515019.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91515019.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupreg: AsioReg => REGSVR32.EXE /S CTASIO.DLL
MSCONFIG\startupreg: CCleaner => "C:\Documents and Settings\Int\My Documents\ccleaner edit\CCleaner.exe" /AUTO
MSCONFIG\startupreg: CTDVDDet => C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
MSCONFIG\startupreg: CTHelper => CTHELPER.EXE
MSCONFIG\startupreg: CTSysVol => C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: DVDSentry => C:\WINDOWS\System32\DSentry.exe
MSCONFIG\startupreg: MCAgentExe => C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
MSCONFIG\startupreg: McRegWiz => C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
MSCONFIG\startupreg: MCUpdateExe => C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSCONFIG\startupreg: mmtask => c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MSCONFIG\startupreg: MMTray => C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: UpdateManager => "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
MSCONFIG\startupreg: VSOCheckTask => "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® PRO/1000 MT Network Connection
Description: Intel® PRO/1000 MT Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: E1000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2014 01:05:48 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Faulting application mbamservice.exe, version 2.1.9.0, faulting module mbamservice.exe, version 2.1.9.0, fault address 0x0007d28a.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (04/27/2014 04:50:35 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Hanging application soffice.bin, version 4.2.0.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/26/2014 04:45:57 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Hanging application soffice.bin, version 4.2.0.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (05/13/2014 10:55:07 AM) (Source: Service Control Manager) (User: ) (EventID: 7011)
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/13/2014 10:54:34 AM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (05/12/2014 07:20:31 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (05/12/2014 01:32:54 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/12/2014 01:32:51 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/12/2014 01:07:16 PM) (Source: Service Control Manager) (User: ) (EventID: 7023)
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (05/12/2014 01:06:03 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: The MBAMService service terminated unexpectedly.  It has done this 2 time(s).

Error: (05/11/2014 01:47:41 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/11/2014 00:18:25 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/10/2014 00:16:42 PM) (Source: Service Control Manager) (User: ) (EventID: 7034)
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (05/12/2014 01:05:48 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: mbamservice.exe2.1.9.0mbamservice.exe2.1.9.00007d28a

Error: (04/27/2014 04:50:35 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: soffice.bin4.2.0.4hungapp0.0.0.000000000

Error: (04/26/2014 04:45:57 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: soffice.bin4.2.0.4hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 1535 MB
Available physical RAM: 700.16 MB
Total Pagefile: 3434 MB
Available Pagefile: 2683.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.97 GB) (Free:112.62 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: F52BCF0E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by jtrv, 18 May 2014 - 05:02 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 18 May 2014 - 02:39 PM

Greetings and welcome.

The MBR "error" is not an error.

Please complete the below. In addition, I need you to repeat the System Summary Information steps from my previous post and make sure you save it as an .nfo file, which should be the default file type.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S3 bvrp_pci; No ImagePath
2014-05-13 11:01 - 2014-05-13 11:01 - 00029696 _____ () C:\Documents and Settings\Int\Local Settings\Temp\nsg15.tmp\registry.dll
2014-05-13 11:01 - 2014-05-13 11:01 - 00011264 _____ () C:\Documents and Settings\Int\Local Settings\Temp\nsg15.tmp\System.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary file
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 jtrv

jtrv
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 18 May 2014 - 05:34 PM

hello oh my. here is the fix log and the requested attachment. also note that my malwarebytes anti-malware does not want to update either. thank you.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-05-2014
Ran by Int at 2014-05-18 18:20:02 Run:1
Running from C:\Documents and Settings\Int\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S3 bvrp_pci; No ImagePath
2014-05-13 11:01 - 2014-05-13 11:01 - 00029696 _____ () C:\Documents and Settings\Int\Local Settings\Temp\nsg15.tmp\registry.dll
2014-05-13 11:01 - 2014-05-13 11:01 - 00011264 _____ () C:\Documents and Settings\Int\Local Settings\Temp\nsg15.tmp\System.dll
*****************

bvrp_pci => Service deleted successfully.
"C:\Documents and Settings\Int\Local Settings\Temp\nsg15.tmp\registry.dll" => File/Directory not found.
"C:\Documents and Settings\Int\Local Settings\Temp\nsg15.tmp\System.dll" => File/Directory not found.

==== End of Fixlog ====


Edited by jtrv, 18 May 2014 - 05:38 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 18 May 2014 - 05:47 PM

OK, just to clarify where we are at the moment. As I mentioned, despite what RogueKiller says there is no error with your Master Boot Record. Additionally, the Registry entries you saw do not indicate a problem either. That program reports certain areas of the registry whether or not there is a problem. There was no problem.

Please do this.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 jtrv

jtrv
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 20 May 2014 - 10:45 AM

hello oh my.

Glad to hear there is no error with the MBR, even though rougekiller provided the error results. I ran Combofix the log pasted below and also installed the recovery console.
The malwarebytes does not update and there are time when a download does not want to complete.

thank you.

ComboFix 14-05-19.01 - Int 05/19/2014  15:30:44.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1535.997 [GMT -4:00]
Running from: c:\documents and settings\Int\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Int\Start Menu\Programs\Startup\Shortcut to AOLDial.exe.lnk
c:\documents and settings\Int\Start Menu\Programs\Startup\Shortcut to aolsoftware.exe.lnk
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-19 to 2014-05-19  )))))))))))))))))))))))))))))))
.
.
2014-05-18 19:50 . 2014-05-18 19:50    --------    d-----w-    c:\documents and settings\Int\Local Settings\Application Data\Mozilla
2014-05-18 19:48 . 2003-01-10 21:13    33588    ----a-r-    c:\windows\system32\drivers\wanatw4.sys
2014-05-14 16:08 . 2014-05-16 13:57    --------    d-----w-    c:\program files\AOL Desktop 9.7
2014-05-14 16:08 . 2014-05-14 16:09    --------    d-----w-    c:\program files\Common Files\aolshare
2014-05-13 20:27 . 2014-05-13 20:27    --------    d-----w-    c:\documents and settings\Scott\Application Data\AOL
2014-05-13 14:56 . 2014-05-13 14:56    --------    d-----w-    c:\documents and settings\All Users\Application Data\Viewpoint
2014-05-13 14:56 . 2014-05-13 14:56    --------    d-----w-    c:\program files\Viewpoint
2014-05-12 23:21 . 2004-05-17 04:02    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-12 23:21 . 2014-05-12 23:21    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-12 23:21 . 2014-05-12 23:21    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2014-05-12 23:21 . 2014-05-05 17:23    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 23:21 . 2014-05-05 17:23    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-09 20:44 . 2014-05-09 20:44    --------    d-----w-    c:\program files\Microsoft Silverlight
2014-04-24 20:00 . 2014-04-24 20:00    --------    d-----w-    C:\TEMP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-08 23:35 . 2014-04-04 21:40    89680    ----a-w-    c:\documents and settings\Int\MSSSerif120.fon
2014-03-10 15:57 . 2014-03-10 15:56    14664    ----a-w-    c:\windows\stinger.sys
2014-03-10 15:56 . 2014-03-10 15:56    167344    ----a-w-    c:\windows\system32\mfevtps.exe.a40e.deleteme
2014-03-06 17:59 . 2014-02-12 21:06    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2014-02-12 21:06    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2014-02-12 21:06    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-06 17:59 . 2014-02-12 21:05    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2014-02-12 21:06    385024    ----a-w-    c:\windows\system32\html.iec
2014-02-21 18:06 . 2014-02-21 18:06    1409    ----a-w-    c:\windows\QTFont.for
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2012-10-15 72312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-25 126976]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"HostManager"="c:\program files\Common Files\AOL\1400083716\ee\AOLSoftware.exe" [2010-03-08 41800]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
2003-02-20 21:27    110592    ----a-w-    c:\windows\SYSTEM32\CTASIO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner]
2014-01-21 15:53    4455704    ----a-w-    c:\documents and settings\Int\My Documents\ccleaner edit\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
2002-09-30 06:00    45056    ----a-w-    c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2003-02-20 21:45    28672    ----a-w-    c:\windows\SYSTEM32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2002-10-29 14:18    49152    ----a-w-    c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 06:04    122933    ----a-w-    c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 15:27    28672    ----a-w-    c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 15:05    53248    ----a-w-    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 15:05    118784    ----a-w-    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-06-27 15:09    77824    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-06-27 15:09    26112    ----a-w-    c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01    110592    ----a-w-    c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Int\\Desktop\\FirefoxPortable\\FirefoxPortable.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Malwarebytes Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\AOL\\1400083716\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [5/12/2014 7:21 PM 860472]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [5/12/2014 7:21 PM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\MBAMSwissArmy.sys [5/12/2014 7:21 PM 110296]
S4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [5/12/2014 7:21 PM 1809720]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ATWPKT2
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - ATWPKT2
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: Interfaces\{71FBCC11-D03C-4F96-8781-1644DCA8D69B}: NameServer = 205.188.146.145
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-91515019.sys
MSConfigStartUp-MCAgentExe - c:\progra~1\McAfee.com\Agent\McAgent.exe
MSConfigStartUp-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-19 15:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-13996510-423368018-2708466410-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2014-05-19  15:35:59
ComboFix-quarantined-files.txt  2014-05-19 19:35
.
Pre-Run: 120,962,076,672 bytes free
Post-Run: 120,933,392,384 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7B72CD768D8949872650C5D770C58224
8F558EB6672622401DA993E1E865C861
 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 20 May 2014 - 12:49 PM

Here is our next step please. If necessary please download it from a clean computer onto a USB device then transfer it to the computer desktop.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 jtrv

jtrv
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 20 May 2014 - 03:34 PM

hello oh my. the tdsskiller log is attached as .zip. It shows it found 22 potential items. thank you.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 20 May 2014 - 05:01 PM

All of those items are legitimate.

Please do this.

===================================================

Uninstall McAfee Remnants

--------------------
  • Please download McAfee Consumer Product Removal Tool and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Click Next
  • Select Agree then Next
  • Complete Security Validation and click Next (letters are case sensitive)
  • When prompted click Restart
  • Check your ability to download or update Malwarebytes
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 jtrv

jtrv
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 20 May 2014 - 08:08 PM

hello oh my. I was able to download and run the removal program for the mcafee remnants. I then tried to update malwarebytes antimalware and it is still having difficulty. it seemed to be updating to about 50 percent or so and then stopped and displayed the database out of date message. the internet sites still are also loading slow compared to the usual standard. thank you.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:16 PM

Posted 20 May 2014 - 08:14 PM

Can you download in general but having problems with just Malwarebytes?

Please do this.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS log
  • Result log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 jtrv

jtrv
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 21 May 2014 - 11:57 AM

hello oh my. the unsuccessful downloads happen more often than not. here is the logs you requested. i also point out that this computer is not using a network card because it connect through a dial modem. thank you.

 

Farbar Service Scanner Version: 21-05-2014
Ran by Int (administrator) on 21-05-2014 at 12:27:45
Running from "C:\Documents and Settings\Int\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) Tcpip(3)
0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


MiniToolBox by Farbar  Version: 23-01-2014
Ran by Int (administrator) on 21-05-2014 at 12:29:25
Running from "C:\Documents and Settings\Int\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® PRO/1000 MT Network Connection = Local Area Connection (Disconnected)
1394 Net Adapter = 1394 Connection 3 (Disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : --

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



PPP adapter The Internet (1):



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

        Physical Address. . . . . . . . . : 00-53-45-00-00-00

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : 172.162.30.72

        Subnet Mask . . . . . . . . . . . : 255.255.255.255

        Default Gateway . . . . . . . . . : 172.162.30.72

        DNS Servers . . . . . . . . . . . : 205.188.146.145

        NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  nstot.proxy.aol.com
Address:  205.188.146.145

Name:    google.com
Addresses:  74.125.228.68, 74.125.228.64, 74.125.228.71, 74.125.228.65
      74.125.228.69, 74.125.228.72, 74.125.228.66, 74.125.228.67, 74.125.228.73
      74.125.228.78, 74.125.228.70



Pinging google.com [74.125.228.103] with 32 bytes of data:



Reply from 74.125.228.103: bytes=32 time=279ms TTL=56

Reply from 74.125.228.103: bytes=32 time=296ms TTL=56



Ping statistics for 74.125.228.103:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 279ms, Maximum = 296ms, Average = 287ms

Server:  nstot.proxy.aol.com
Address:  205.188.146.145

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=295ms TTL=50

Reply from 98.139.183.24: bytes=32 time=312ms TTL=50



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 295ms, Maximum = 312ms, Average = 303ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    172.162.30.72   172.162.30.72      1
     66.217.192.6  255.255.255.255    172.162.30.72   172.162.30.72      1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
    172.162.30.72  255.255.255.255        127.0.0.1       127.0.0.1      50
  172.162.255.255  255.255.255.255    172.162.30.72   172.162.30.72      50
        224.0.0.0        240.0.0.0    172.162.30.72   172.162.30.72      1
  255.255.255.255  255.255.255.255    172.162.30.72   172.162.30.72      1
Default Gateway:     172.162.30.72
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/20/2014 07:52:22 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: This operation returned because the timeout period expired.

Error: (05/19/2014 03:34:37 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


System errors:
=============
Error: (05/21/2014 10:43:38 AM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/21/2014 10:32:12 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/21/2014 10:31:41 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/21/2014 10:31:07 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (05/21/2014 10:29:41 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/21/2014 10:29:10 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/21/2014 10:28:38 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (05/20/2014 07:56:57 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (05/20/2014 04:15:47 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service terminated with the following error:
%%1747

Error: (05/20/2014 04:04:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Pcmcia


Microsoft Office Sessions:
=========================
Error: (05/20/2014 07:52:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThis operation returned because the timeout period expired.

Error: (05/19/2014 03:34:37 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
AOL Uninstaller (Choose which Products to Remove)
Banctec Service Agreement (Version: 1.00.00)
Cheetah CD Burner
Conexant D850 56K V.9x DFVc Modem
Creative MediaSource
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center (Version: 1.00.0000)
Digital Line Detect (Version: 1.10)
DVDSentry (Version: 1.00.0000)
EarthLink Setup Files (Version: 2003.3.84.0)
Help and Support Customization (Version: 1.00.0000)
Intel Application Accelerator RAID Edition
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
Internet Explorer Default Page (Version: 1.00.03)
Jasc Paint Shop Photo Album (Version: 4.0.3)
Jasc Paint Shop Pro 8 Dell Edition (Version: 8.10.0000)
Java 2 Runtime Environment, SE v1.4.2 (Version: 1.4.2)
Learn2 Player (Uninstall Only)
LibreOffice 4.2.0.4 (Version: 4.2.0.4)
Malwarebytes Anti-Malware version 2.0.2.1010 (Version: 2.0.2.1010)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Encarta Encyclopedia Standard 2004 (Version: 2004)
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Modem Helper (Version: 2.25)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MUSICMATCH® Jukebox
NetWaiting (Version: 2.5.12)
NVIDIA Windows 2000/XP Display Drivers
PowerDVD
QuickTime
RealPlayer Basic
Sandboxie 4.08 (32-bit) (Version: 4.08)
Shockwave
Sonic DLA (Version: 4.90)
Sonic MyDVD (Version: 5.3.0)
Sonic RecordNow! (Version: 7.10)
Sonic Update Manager (Version: 2.9)
Sound Blaster Audigy 2
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WordPerfect Office 11 (Version: 11.0)

========================= Devices: ================================

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® PRO/1000 MT Network Connection
Description: Intel® PRO/1000 MT Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel
Service: E1000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


**** End of log ****
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users