Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptolocker Infection - Windows XP


  • This topic is locked This topic is locked
111 replies to this topic

#1 buckeye1010

buckeye1010

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 23 April 2015 - 04:27 PM

Hello I am posting this for my Mom, who lives in another city.  She got the Cryptolocker infection in early March.  Her most valuable files had been backed up on an external USB drive, so I was able to get that all back, but she is still infected – she can’t get out on the Internet.  She uses Windows XP because she has older embroidery sewing machines that rely on older software that probably won't run on newer operating systems.  She doesn't want to buy new hardware and learn new software.

 

DETAILS:

She first saw signs of this virus on in early March.  I had her do a System Restore back to December 26th 2014, which was the oldest date I could go back. Then, I recovered her backups from external USB hard drive. We've ran Malwarebytes, Ccleaner and Glary Utilities. That seemed to work okay and all the Malwarebytes scans came back clean.  The Internet was fine.  But then a week later it reared its ugly head again. The data files that I restored work fine with her sewing machines, but she is unable to get on the Internet and she gets a ransom screen that says :

 

**************************

All your documents, photos, databases and other important files have been encrypted with strongest encryption RSA-2048 key, generated for this computer.  Private decryption key is stored on a secret internet server and nobody can decrypt your files until you pay and obtain the private key.  If you see the main encryptor red window, examine it and follow the instructions.  Otherwise it seems you or your antivirus deleted the encryptor program.  Now you have the last chance to deceypt your files.

Open 3kxwjihmkgibht2s.djw813nda20.com or

http://3kxwjihmkgibht2s.9sj47wiuygn21.com,

https://3kxwjihmkgibht2s.s5.tor-gateways.de/ in your browser.

They are public gates to the secret server.  Copy and paste the following Bitcoin address in the input form on server. Avoid misprints.

1523mSp2bvqZdADtGZDd46kt6s7GY97apv.  Follow the instructionson the server.  If you have problems with gates, use direct connection:01. Download TOR Browser from

http://torproject.orgo2.

In the Tor Browser open the http:// 34r6hq2h4jkzj.onion.  Note that this server is available via TOR Browser only.  Retry in 1 hour if site is not reachable.  Copy and paste the following Bitcoin address in the input form on server. Avoid misprints.

1523mSp2bvqZdADtG2Dd46kt6s7GY97apv.   Follow the instructions on the server.

***********************************

 

I had her run all three of those programs in Safe Mode, Malwarebytes doesn't find anything but things are still broken.  I had her redo a system restore to December, 26, 2014 again in Safe Mode. She can't get out on the Internet, and that ransom note shows up when she starts up.

I next had her get the FRST tool.  She ran it once and it locked up - we gave it 12 hours and it wouldn't finish.  I had her delete the output files and then reboot into Safe Mode and run FRST.  Again, it won't finish.  This FRST output is at the bottom of this message.

She does have access to my Dad's computer (Win7 and works fine on the Internet) and she can burn CDs on each machine - that is how we (laboriously) ran FRST and I am able to report the output.  I'm pretty good with computers, but not much experience with solving these sort of problems.  Thanks for any help you can provide!   

 

 

 

 

 
 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by Owner (administrator) on GEORGIA-6EF706D on 21-04-2015 15:18:28
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\KEEBOX\150N Wireless Utility\WlanMon.exe
(Wireless Service) C:\Program Files\KEEBOX\150N Wireless Utility\WZCSLDR2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(MEDIALINK PRODUCTS, LLC ) C:\Program Files\Medialink\MWN-USB54G\Installer\WINXP\MWN-USB54G Wireless Client Utility .exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\KEEBOX\150N Wireless Utility\ANIWConnService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2011-05-28] (Apple Computer, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KEEBOX 150N Wireless Utility] => C:\Program Files\KEEBOX\150N Wireless Utility\WlanMon.exe [835584 2010-07-06] ()
HKLM\...\Run: [WZCSLDR2] => C:\Program Files\KEEBOX\150N Wireless Utility\WZCSLDR2.exe [122880 2010-06-21] (Wireless Service)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2005896 2015-04-06] (APN)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\System32\dimsntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-06-22] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1606980848-1770027372-1177238915-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-23]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk [2011-01-29]
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MWN-USB54G Wireless Client Utility .lnk [2011-01-29]
ShortcutTarget: MWN-USB54G Wireless Client Utility .lnk -> C:\Program Files\Medialink\MWN-USB54G\Installer\WINXP\MWN-USB54G Wireless Client Utility .exe (MEDIALINK PRODUCTS, LLC )
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1606980848-1770027372-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
HKU\S-1-5-21-1606980848-1770027372-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-18] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll [2011-03-24] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-1606980848-1770027372-1177238915-1003 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
DPF: {1E4FF862-57ED-4E5C-9C57-3ECB8DC17827} http://209.251.16.126:50351/ePlusDVR.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295985507375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\46oigh8j.default-1411585812671
FF Homepage: hotmail.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2011-09-23] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-18] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2011-03-17] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2011-03-17] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-05-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-05-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-05-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-05-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-05-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-05-28] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-05-28] (Apple Computer, Inc.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ff [2011-03-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [180632 2015-04-06] (APN LLC.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-09-18] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Nonbrand_WUS-N; C:\Program Files\KEEBOX\150N Wireless Utility\ANIWZCSdS.exe [126976 2010-06-21] (Wireless Service) [File not signed]
R2 Nonbrand_WUS-N_WPS; C:\Program Files\KEEBOX\150N Wireless Utility\ANIWConnService.exe [53248 2010-06-21] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2011-01-29] (Meetinghouse Data Communications) [File not signed]
R2 ANPD; C:\WINDOWS\system32\ANPD.sys [29411 2012-08-07] () [File not signed]
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation) [File not signed]
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-26] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [829792 2010-05-27] (Ralink Technology, Corp.)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [252928 2007-08-02] (Ralink Technology, Corp.)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 15:18 - 2015-04-21 15:18 - 00013504 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2015-04-21 15:18 - 2015-04-21 15:18 - 00000000 ____D () C:\FRST
2015-04-21 15:16 - 2015-04-21 07:41 - 01139200 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2015-04-20 16:44 - 2015-04-20 16:44 - 00002628 _____ () C:\WINDOWS\setupapi.log
2015-04-20 16:44 - 2015-04-20 16:44 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\ImgBurn
2015-04-20 16:43 - 2015-04-20 16:43 - 00001528 _____ () C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
2015-04-20 16:43 - 2015-04-20 16:43 - 00000000 ____D () C:\Program Files\ImgBurn
2015-04-20 16:43 - 2015-04-20 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2015-04-14 18:11 - 2015-04-14 18:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-14 18:10 - 2015-04-14 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2015-04-14 18:10 - 2015-04-14 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-14 18:05 - 2015-04-14 18:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-14 18:05 - 2015-04-14 18:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox(3).bak
2015-04-14 18:04 - 2015-04-14 18:11 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Malwarebytes
2015-04-14 18:04 - 2015-04-14 18:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-04-14 18:04 - 2015-04-14 18:04 - 00000000 ___SD () C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
2015-04-14 18:04 - 2015-04-14 18:04 - 00000000 ____D () C:\Program Files\Coupons
2015-04-14 18:04 - 2015-04-14 18:04 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\AskPartnerNetwork
2015-04-14 18:04 - 2015-04-14 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
2015-04-14 18:04 - 2015-04-14 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-14 18:04 - 2015-04-14 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2015-04-14 18:02 - 2015-04-14 18:02 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
2015-04-14 13:27 - 2015-04-14 18:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork(2)
2015-04-14 11:53 - 2015-04-15 16:18 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-14 11:52 - 2015-04-20 09:36 - 00032168 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-14 11:52 - 2015-04-15 16:18 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-14 11:52 - 2015-04-14 11:52 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-04-14 11:50 - 2015-04-21 11:51 - 00442839 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-13 13:47 - 2015-04-13 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RahevWaqeb
2015-04-12 19:58 - 2015-04-14 17:37 - 02291910 _____ () C:\Documents and Settings\Owner\Desktop\HELP_RESTORE_FILES.bmp
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\My Documents\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\HELP_RESTORE_FILES.txt
2015-04-12 19:21 - 2015-04-14 17:37 - 00001340 _____ () C:\Documents and Settings\Owner\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\My Documents\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\HELP_RESTORE_FILES.txt
2015-04-12 16:54 - 2015-04-12 16:54 - 00002614 _____ () C:\Documents and Settings\All Users\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:53 - 2015-04-14 17:38 - 00000752 _____ () C:\Documents and Settings\Owner\Application Data\key.dat
2015-04-12 16:53 - 2015-04-14 17:37 - 00000232 _____ () C:\Documents and Settings\Owner\My Documents\RECOVERY_KEY.TXT
2015-04-12 16:53 - 2015-04-12 19:58 - 11857282 _____ () C:\Documents and Settings\Owner\Application Data\log.html
2015-04-12 16:01 - 2015-04-14 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Embird Plus
2015-04-12 16:01 - 1994-04-19 12:00 - 00000044 _____ () C:\WINDOWS\WINKOLES.TXT
2015-04-12 16:00 - 2015-04-14 18:02 - 00000000 ____D () C:\EMBIRD32
2015-04-09 18:07 - 2015-04-14 18:03 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\rynid
2015-04-05 10:23 - 2015-04-14 18:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware(2)
2015-04-05 10:23 - 2015-04-14 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware(2)
2015-04-05 10:18 - 2015-04-12 19:21 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\New Folder
2015-04-05 10:06 - 2015-04-14 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.1.1
2015-04-05 10:04 - 2015-04-05 10:05 - 00000000 ____D () C:\Program Files\OpenOffice 4
2015-04-05 09:54 - 2015-04-14 18:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2015-03-28 15:27 - 2015-04-15 16:16 - 00000320 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2015-03-28 15:27 - 2015-04-14 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 5
2015-03-28 15:27 - 2015-03-28 15:27 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\GlarySoft
2015-03-28 15:26 - 2015-04-14 18:04 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2015-03-27 11:55 - 2015-04-14 18:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes(2)
2015-03-24 09:45 - 2015-04-12 16:55 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Macromedia
2015-03-24 09:45 - 2015-04-12 16:55 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe
2015-03-23 23:47 - 2015-04-12 19:21 - 00045940 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 23:47 - 2015-04-12 19:21 - 00004308 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 23:47 - 2015-03-23 23:47 - 00008680 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.HTML
2015-03-23 23:47 - 2015-03-23 23:47 - 00008680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 23:47 - 2015-03-23 23:47 - 00004280 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-03-23 23:47 - 2015-03-23 23:47 - 00000300 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.URL
2015-03-23 23:47 - 2015-03-23 23:47 - 00000300 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00004280 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.TXT
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00004280 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-03-23 14:55 - 2015-04-14 18:05 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{FE93A76E-3CF6-4D5C-96A7-582AA2064F4A}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-21 15:18 - 2011-01-25 15:02 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2015-04-21 14:36 - 2014-12-26 15:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-15 16:16 - 2014-04-06 03:27 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-15 16:16 - 2012-10-26 18:41 - 00000306 _____ () C:\WINDOWS\Tasks\SLZKER.job
2015-04-15 16:16 - 2012-08-07 14:02 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{F75F03FF-9821-4FF1-99FF-3DDBB7DAB239}
2015-04-15 16:16 - 2012-08-07 13:55 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{F75F03FF-9821-4FF1-99FF-3DDBB7DAB239}
2015-04-15 16:16 - 2011-05-28 18:55 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-04-15 16:16 - 2011-01-25 15:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 16:15 - 2011-01-25 15:02 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2015-04-15 13:01 - 2011-01-25 09:18 - 00522814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-14 18:11 - 2011-01-25 15:02 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-14 18:11 - 2011-01-25 15:02 - 00000000 ____D () C:\Documents and Settings\Owner
2015-04-14 18:11 - 2011-01-25 14:58 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-14 18:11 - 2011-01-25 14:52 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-14 18:10 - 2012-06-10 12:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-14 18:10 - 2011-01-25 15:58 - 00000000 __SHD () C:\Documents and Settings\Owner\UserData
2015-04-14 18:09 - 2015-02-20 12:08 - 00000000 ___DC () C:\WINDOWS\$968930Uinstall_KB968930$
2015-04-14 18:07 - 2011-01-30 14:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2015-04-14 18:05 - 2012-09-09 13:57 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\join.me
2015-04-14 18:03 - 2011-01-25 14:50 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-04-14 18:02 - 2011-01-25 21:27 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\deerhake
2015-04-14 17:34 - 2014-09-22 22:11 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-14 17:22 - 2011-05-28 18:55 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-04-14 14:19 - 2011-01-25 17:23 - 00018848 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-04-14 14:15 - 2008-04-14 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-14 14:14 - 2011-01-25 09:16 - 00121336 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-14 13:25 - 2011-01-25 09:18 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-12 19:58 - 2011-01-26 17:21 - 00000000 ____D () C:\Documents and Settings\Owner\WINDOWS
2015-04-12 19:58 - 2011-01-25 15:02 - 00000000 ___RD () C:\Documents and Settings\Owner\Start Menu\Programs\Accessories
2015-04-12 19:21 - 2014-09-24 15:10 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Old Firefox Data
2015-04-12 19:21 - 2011-01-25 21:36 - 00000000 __RSD () C:\Documents and Settings\Owner\Desktop\My Stationery
2015-04-12 16:58 - 2008-04-14 08:00 - 00000523 _____ () C:\WINDOWS\win.ini
2015-04-12 16:56 - 2012-03-16 11:14 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2015-04-12 16:56 - 2011-01-25 14:58 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-04-12 16:55 - 2013-09-18 09:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-04-12 16:55 - 2012-08-07 13:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KEEBOX
2015-04-12 16:55 - 2011-05-29 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\OLYMPUS Master
2015-04-12 16:55 - 2011-05-29 13:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
2015-04-12 16:55 - 2011-05-29 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-04-12 16:55 - 2011-05-28 15:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-04-12 16:55 - 2011-01-30 14:47 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2015-04-12 16:55 - 2011-01-29 17:18 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\HP
2015-04-12 16:55 - 2011-01-29 15:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-04-12 16:55 - 2011-01-29 12:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Medialink
2015-04-12 16:55 - 2011-01-26 17:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PC
2015-04-12 16:55 - 2011-01-26 17:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Buzz Tools
2015-04-12 16:55 - 2011-01-25 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\NetWaiting
2015-04-12 16:55 - 2011-01-25 15:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-04-12 16:55 - 2011-01-25 14:54 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2015-04-12 16:55 - 2011-01-25 14:54 - 00000000 ___RD () C:\Documents and Settings\Default User\Start Menu\Programs\Accessories
2015-04-12 16:55 - 2011-01-25 14:51 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2015-04-12 16:55 - 2011-01-25 09:17 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2015-04-12 16:54 - 2011-01-25 15:45 - 00000000 ____D () C:\dell
2015-04-12 16:53 - 2013-10-17 03:05 - 00000000 ____D () C:\a35d25e37894366d7d98e27a
2015-04-12 16:53 - 2011-05-29 13:26 - 00000000 ____D () C:\Binaries
2015-04-11 14:24 - 2011-01-26 17:22 - 00000000 ____D () C:\Program Files\Buzz Tools
2015-04-11 11:29 - 2015-03-09 16:34 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-04-11 11:29 - 2011-01-25 16:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978601$
2015-04-09 09:41 - 2014-04-06 03:27 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-04-05 14:12 - 2011-01-25 09:10 - 00000000 ____D () C:\WINDOWS\security
2015-04-05 12:27 - 2011-01-29 16:39 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-04-05 10:03 - 2011-03-24 20:40 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2015-04-05 09:00 - 2011-01-29 15:03 - 00025979 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-04-01 11:22 - 2011-01-25 16:43 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-27 16:23 - 2011-01-25 16:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971961$
2015-03-27 15:09 - 2011-02-09 04:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2479628$
2015-03-23 23:47 - 2013-10-03 08:52 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Sun
2015-03-23 23:47 - 2011-02-17 13:40 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
2015-03-23 23:43 - 2011-04-05 08:18 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\HP
2015-03-23 14:57 - 2011-05-29 13:28 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\OLYMPUS
2015-03-23 14:57 - 2011-03-24 21:36 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\OpenOffice.org
2015-03-23 14:57 - 2011-02-22 13:04 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Sun
2015-03-23 14:57 - 2011-02-17 13:40 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Mozilla
2015-03-23 14:57 - 2011-01-29 15:46 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\HP
2015-03-23 14:57 - 2011-01-29 12:34 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Adobe
2015-03-23 14:56 - 2011-01-29 15:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HP

==================== Files in the root of some directories =======

2011-02-01 15:20 - 1997-07-30 10:19 - 0021062 _____ () C:\Program Files\BlankSew.bmp
2011-02-01 15:20 - 2001-01-23 16:51 - 0002987 _____ () C:\Program Files\Buzz-Catalog+.cnt
2011-02-01 15:20 - 2001-01-23 17:11 - 0389193 _____ (Buzz Tools, Inc.) C:\Program Files\Buzz-Catalog+.exe
2011-02-01 15:51 - 2014-03-01 12:50 - 0025237 ____H () C:\Program Files\Buzz-Catalog+.GID
2011-02-01 15:20 - 2001-01-23 16:54 - 0087937 _____ () C:\Program Files\Buzz-Catalog+.hlp
2011-02-01 15:20 - 2000-06-14 18:42 - 0110126 _____ (Buzz Tools, Inc.) C:\Program Files\Buzz-Open+.exe
2011-02-01 15:20 - 2014-12-26 11:17 - 0002534 _____ () C:\Program Files\Buzz-Tools.ini
2011-02-01 15:20 - 1999-03-08 17:04 - 0088200 _____ () C:\Program Files\Buzz.wav
2011-02-01 15:20 - 1999-03-09 14:22 - 0000203 _____ () C:\Program Files\BuzzZip.zip
2011-02-01 15:20 - 1998-02-14 03:22 - 0000766 _____ () C:\Program Files\pec.ico
2011-02-01 15:20 - 1998-02-14 03:22 - 0000766 _____ () C:\Program Files\pel.ico
2011-02-01 15:20 - 1998-02-14 03:22 - 0000766 _____ () C:\Program Files\pem.ico
2011-02-01 15:20 - 1998-02-14 03:22 - 0000766 _____ () C:\Program Files\pes.ico
2011-02-01 15:20 - 1999-02-04 16:12 - 0004254 _____ () C:\Program Files\ReadINI.wbc
2011-02-01 15:20 - 2001-01-22 17:07 - 0015064 _____ () C:\Program Files\Readme.wri
2011-02-01 15:20 - 2011-02-01 15:20 - 0005230 _____ () C:\Program Files\Uninst.isu
2015-03-23 14:57 - 2015-03-23 14:57 - 0008680 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 0045911 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.PNG
2015-03-23 14:57 - 2015-03-23 14:57 - 0004280 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.TXT
2015-03-23 14:57 - 2015-03-23 14:57 - 0000300 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.URL
2015-04-12 16:53 - 2015-04-14 17:38 - 0000752 _____ () C:\Documents and Settings\Owner\Application Data\key.dat
2015-04-12 16:53 - 2015-04-12 19:58 - 11857282 _____ () C:\Documents and Settings\Owner\Application Data\log.html
2011-01-29 14:33 - 2014-07-18 09:14 - 0009728 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-01-29 17:18 - 2011-01-29 17:18 - 0000128 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
2015-03-23 23:47 - 2015-03-23 23:47 - 0008680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 23:47 - 2015-03-23 23:47 - 0045911 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.PNG
2015-03-23 23:47 - 2015-03-23 23:47 - 0004280 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-03-23 23:47 - 2015-03-23 23:47 - 0000300 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.URL
2015-04-12 16:55 - 2015-04-12 16:55 - 0002614 _____ () C:\Documents and Settings\All Users\HELP_RESTORE_FILES.txt

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-6e5b6811.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-de3affd8.exe
C:\Documents and Settings\Owner\Local Settings\Temp\disktool.exe
C:\Documents and Settings\Owner\Local Settings\Temp\sysrestore.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)
 

 



BC AdBot (Login to Remove)

 


#2 buckeye1010

buckeye1010
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 23 April 2015 - 04:53 PM

Oh yeah, I forgot to add, there was no addition.txt file produced.  :(



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:03 PM

Posted 28 April 2015 - 04:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/574208 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 buckeye1010

buckeye1010
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 28 April 2015 - 05:21 PM

The computer hasn't been used, so I don't think the logs would have been changed.  She has Windows XP, I'm pretty sure it's Service Pack 3.    I'm not sure if she has her original Windows CD/DVD - but I think I have an old Win XP install disk around here that isn't been used on any system, if that helps.  Standing by for your instruction!  Thanks!



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:03 PM

Posted 30 April 2015 - 08:34 PM

Greetings Bruce and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I apologize for the extended delay. Please rerun FRST again and make sure to place a check mark in Addition.txt.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 buckeye1010

buckeye1010
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 01 May 2015 - 08:12 AM

Hi Gary

 

Thanks for picking us up!   Okay, Mom is running FRST again.  Like the other two times she ran it (including in Safe Mode - see above log), it seems to freeze up within a half hour - it just sits there with no indication of activity.   How long should she wait?

 

best regards,

 

-Bruce



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:03 PM

Posted 01 May 2015 - 09:27 AM

Hi Bruce,

It shouldn't take that long. Run this program first then have her try to run FRST again.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • Attempt to run FRST
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RKill report
  • FRST logs (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 buckeye1010

buckeye1010
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 02 May 2015 - 09:13 AM

Hello Gary

Rkill must have worked it's magic, because it was the first time ever that FRST was able to run to it's completion.  However, this time, FRST.txt only contained it's End of Log line, nothing before it.  Could it be because she didn't delete the old file, from the last run?  I will post all three logs below.

If at all possible, it would be great if we could get Mom's Internet working as soon as possible.  The way things are working now, she has to go upstairs on Dad's machine, download a program, burn it to CD, take it downstairs (to the infected PC), install/run it, burn the logs to another CD, take them back upstairs to Dad's machine and email them to me.  It would be a heck of alot easier if we could skip the sneaker net   But I realize you may have a particular order in which you want to work things - we'll follow you!

thanks!!

-Bruce 


 

 

FRST.txt

 

==================== End Of Log ============================


 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2015
Ran by Owner at 2015-05-01 15:59:13
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Out of date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Ask Toolbar (HKLM\...\{4F524A2D-5637-006A-76A7-A758B70C1B00}) (Version: 12.27.0.137 - APN, LLC) <==== ATTENTION
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden
Broadcom Management Programs (HKLM\...\InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}) (Version: 4.01.0000 - Broadcom)
Broadcom Management Programs (Version: 4.01.0000 - Broadcom) Hidden
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Buzz Tools (HKLM\...\Buzz Tools) (Version: - )
BuzzEdit (HKLM\...\BuzzEdit) (Version: - )
C4600 (Version: 120.0.235.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Customizer 10000 Plus (HKLM\...\{1A9B5637-F3E2-4539-B42B-F8286A034531}) (Version: - )
D1600 (Version: 140.0.690.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_SF_06_D1600_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6 (HKLM\...\{96178C0A-BAF9-4E49-A2A5-CDE76722105B}) (Version: 14.0 - HP)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{DC245BDC-9974-4fe0-8A9F-6031C26E2DC7}) (Version: 12.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
ImageMixer VCD/DVD2 for OLYMPUS (HKLM\...\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}) (Version: 2.01.050.1 - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
join.me (HKU\S-1-5-21-1606980848-1770027372-1177238915-1003\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)
KEEBOX 150N Wireless Utility (HKLM\...\{5C6B323C-863C-4B17-B8F7-198B5E0C4B50}) (Version: - Nonbrand)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaLink MWN-USB54G Wireless Client Utility (HKLM\...\{4ED2F896-7807-4675-B9AB-08E445B83B91}) (Version: 1.00.00 - Medialink)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
OLYMPUS Master (HKLM\...\InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}) (Version: 1.10.2000 - OLYMPUS IMAGING CORP.)
OLYMPUS Master (Version: 1.10.2000 - OLYMPUS IMAGING CORP.) Hidden
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PS_AIO_05_C4600_Software_Min (Version: 120.0.235.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\QuickTime) (Version: - )
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
ScanSoft PC - EasyScan and EasyLayout (HKLM\...\ScanSoft PC) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

14-09-2014 03:00:19 Software Distribution Service 3.0
15-09-2014 03:34:30 System Checkpoint
16-09-2014 04:34:30 System Checkpoint
17-09-2014 05:34:30 System Checkpoint
18-09-2014 06:34:30 System Checkpoint
19-09-2014 07:34:30 System Checkpoint
20-09-2014 08:35:35 System Checkpoint
21-09-2014 08:47:00 System Checkpoint
22-09-2014 09:34:30 System Checkpoint
23-09-2014 09:34:54 System Checkpoint
24-09-2014 09:46:30 System Checkpoint
25-09-2014 09:59:23 System Checkpoint
28-09-2014 17:57:07 System Checkpoint
30-09-2014 17:00:48 System Checkpoint
01-10-2014 17:20:44 System Checkpoint
02-10-2014 17:32:43 System Checkpoint
03-10-2014 18:27:19 System Checkpoint
04-10-2014 19:20:45 System Checkpoint
05-10-2014 19:38:35 System Checkpoint
06-10-2014 20:32:43 System Checkpoint
07-10-2014 22:32:51 System Checkpoint
09-10-2014 10:31:25 System Checkpoint
16-10-2014 03:01:11 Software Distribution Service 3.0
13-11-2014 15:48:16 System Checkpoint
14-11-2014 04:00:19 Software Distribution Service 3.0
15-11-2014 14:59:34 System Checkpoint
24-11-2014 13:22:13 System Checkpoint
13-12-2014 04:01:22 Software Distribution Service 3.0
26-12-2014 15:34:09 Restore Operation
27-12-2014 04:01:04 Software Distribution Service 3.0
17-01-2015 04:01:20 Software Distribution Service 3.0
13-02-2015 04:01:20 Software Distribution Service 3.0
20-02-2015 12:08:57 Installed %1 %2.
11-03-2015 03:00:41 Software Distribution Service 3.0
20-03-2015 19:35:24 Restore Operation
21-03-2015 03:00:18 Software Distribution Service 3.0
14-04-2015 13:16:36 Restore Operation
14-04-2015 17:34:31 Software Distribution Service 3.0
14-04-2015 17:54:08 Restore Operation
16-04-2015 03:00:18 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 08:00 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SLZKER.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\msoeacctt.dll

==================== Loaded Modules (whitelisted) ==============

2012-08-07 13:52 - 2010-07-06 10:58 - 00835584 _____ () C:\Program Files\KEEBOX\150N Wireless Utility\WlanMon.exe
2012-08-07 13:54 - 2012-08-07 13:54 - 00073728 _____ () C:\WINDOWS\system32\ANPDApi.dll
2012-08-07 13:52 - 2010-07-05 17:41 - 00299008 _____ () C:\Program Files\KEEBOX\150N Wireless Utility\WlanApp.dll
2012-08-07 13:52 - 2010-06-29 16:42 - 00040960 _____ () C:\Program Files\KEEBOX\150N Wireless Utility\WlanMon.dll
2012-08-07 13:52 - 2010-06-21 13:28 - 00094208 _____ () C:\Program Files\KEEBOX\150N Wireless Utility\aIPH.dll
2013-07-12 03:09 - 2013-07-12 03:09 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e3acb040\mscorlib.dll
2013-07-12 03:09 - 2013-07-12 03:09 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f20bd052\system.windows.forms.dll
2013-07-12 03:06 - 2013-07-12 03:07 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0cdab6da\system.dll
2013-07-12 03:09 - 2013-07-12 03:09 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_37ecaff3\system.drawing.dll
2013-07-12 03:09 - 2013-07-12 03:09 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cc245c98\system.xml.dll
2012-08-07 13:53 - 2010-06-21 13:28 - 00053248 _____ () C:\Program Files\KEEBOX\150N Wireless Utility\ANIWConnService.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1606980848-1770027372-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup

==================== Accounts: =============================

Administrator (S-1-5-21-1606980848-1770027372-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1606980848-1770027372-1177238915-1004 - Limited - Enabled)
Guest (S-1-5-21-1606980848-1770027372-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1606980848-1770027372-1177238915-1000 - Limited - Disabled)
Owner (S-1-5-21-1606980848-1770027372-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1606980848-1770027372-1177238915-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2015 01:35:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 20.4.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/22/2015 02:57:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (04/22/2015 02:57:02 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (04/22/2015 02:56:59 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (04/22/2015 02:56:59 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (04/22/2015 02:23:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 20.4.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2015 08:27:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mq4dem.exe, version 7.2.0.5, faulting module mq4dem.exe, version 7.2.0.5, fault address 0x000012a8.
Processing media-specific event for [mq4dem.exe!ws!]

Error: (04/13/2015 04:05:23 PM) (Source: crypt32) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: The specified server cannot perform the requested operation.

Error: (04/13/2015 04:05:23 PM) (Source: crypt32) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: This operation returned because the timeout period expired.

Error: (03/28/2015 07:08:13 PM) (Source: crypt32) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crt> with error: The specified server cannot perform the requested operation.


System errors:
=============
Error: (05/01/2015 00:32:17 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 960 minutes.
NtpClient has no source of accurate time.

Error: (05/01/2015 00:32:17 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 960
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (04/30/2015 04:32:17 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 479 minutes.
NtpClient has no source of accurate time.

Error: (04/30/2015 04:32:17 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (04/30/2015 00:32:17 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Error: (04/30/2015 00:32:17 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (04/30/2015 10:32:17 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (04/30/2015 10:32:17 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (04/30/2015 09:32:17 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (04/30/2015 09:32:17 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)


Microsoft Office Sessions:
=========================
Error: (05/01/2015 01:35:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe20.4.2015.0hungapp0.0.0.000000000

Error: (04/22/2015 02:57:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (04/22/2015 02:57:02 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (04/22/2015 02:56:59 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (04/22/2015 02:56:59 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (04/22/2015 02:23:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe20.4.2015.0hungapp0.0.0.000000000

Error: (04/14/2015 08:27:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mq4dem.exe7.2.0.5mq4dem.exe7.2.0.5000012a8

Error: (04/13/2015 04:05:23 PM) (Source: crypt32) (EventID: 5) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crtThe specified server cannot perform the requested operation.

Error: (04/13/2015 04:05:23 PM) (Source: crypt32) (EventID: 5) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crtThis operation returned because the timeout period expired.

Error: (03/28/2015 07:08:13 PM) (Source: crypt32) (EventID: 5) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/F18B538D1BE903B6A6F056435B171589CAF36BF2.crtThe specified server cannot perform the requested operation.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 2.60GHz
Percentage of memory in use: 29%
Total physical RAM: 1533.9 MB
Available physical RAM: 1078.43 MB
Total Pagefile: 3433.41 MB
Available Pagefile: 3058.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:117.73 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: B8AEB8AE)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/01/2015 04:46:31 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:

Edited by buckeye1010, 02 May 2015 - 09:15 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:03 PM

Posted 02 May 2015 - 09:29 AM

Hi Bruce.

I am away from my computer for the next 3-4 hours but if you are available upon my return we will hit it hard.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:03 PM

Posted 02 May 2015 - 01:33 PM

Hi Bruce,

We will work with the older FRST report. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-1606980848-1770027372-1177238915-1003 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
U1 WS2IFSL; No ImagePath
2015-04-13 13:47 - 2015-04-13 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RahevWaqeb
2015-04-12 19:58 - 2015-04-14 17:37 - 02291910 _____ () C:\Documents and Settings\Owner\Desktop\HELP_RESTORE_FILES.bmp
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\My Documents\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\HELP_RESTORE_FILES.txt
2015-04-12 19:21 - 2015-04-14 17:37 - 00001340 _____ () C:\Documents and Settings\Owner\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\My Documents\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\HELP_RESTORE_FILES.txt
2015-04-12 16:54 - 2015-04-12 16:54 - 00002614 _____ () C:\Documents and Settings\All Users\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:53 - 2015-04-14 17:38 - 00000752 _____ () C:\Documents and Settings\Owner\Application Data\key.dat
2015-04-12 16:53 - 2015-04-14 17:37 - 00000232 _____ () C:\Documents and Settings\Owner\My Documents\RECOVERY_KEY.TXT
2015-04-12 16:53 - 2015-04-12 19:58 - 11857282 _____ () C:\Documents and Settings\Owner\Application Data\log.html
2015-04-09 18:07 - 2015-04-14 18:03 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\rynid
2015-03-23 23:47 - 2015-04-12 19:21 - 00045940 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 23:47 - 2015-04-12 19:21 - 00004308 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 23:47 - 2015-03-23 23:47 - 00008680 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.HTML
2015-03-23 23:47 - 2015-03-23 23:47 - 00008680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 23:47 - 2015-03-23 23:47 - 00004280 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-03-23 23:47 - 2015-03-23 23:47 - 00000300 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.URL
2015-03-23 23:47 - 2015-03-23 23:47 - 00000300 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00004280 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.TXT
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00004280 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-03-23 14:55 - 2015-04-14 18:05 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{FE93A76E-3CF6-4D5C-96A7-582AA2064F4A}
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-6e5b6811.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-de3affd8.exe
C:\Documents and Settings\Owner\Local Settings\Temp\disktool.exe
C:\Documents and Settings\Owner\Local Settings\Temp\sysrestore.exe
cmd: ipconfig /flushdns
cmd: ipconfig /renew
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your internet
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Do you have internet?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 buckeye1010

buckeye1010
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 02 May 2015 - 03:40 PM

No Internet :(  She has a wireless USB dongle thing.  Here is the fixlog.  Best regards, Bruce

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2015
Ran by Owner at 2015-05-02 16:23:11 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-1606980848-1770027372-1177238915-1003 -> No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
U1 WS2IFSL; No ImagePath
2015-04-13 13:47 - 2015-04-13 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RahevWaqeb
2015-04-12 19:58 - 2015-04-14 17:37 - 02291910 _____ () C:\Documents and Settings\Owner\Desktop\HELP_RESTORE_FILES.bmp
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\My Documents\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\Owner\HELP_RESTORE_FILES.txt
2015-04-12 19:58 - 2015-04-12 19:58 - 00002614 _____ () C:\Documents and Settings\HELP_RESTORE_FILES.txt
2015-04-12 19:21 - 2015-04-14 17:37 - 00001340 _____ () C:\Documents and Settings\Owner\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:56 - 2015-04-12 16:56 - 00002614 _____ () C:\Documents and Settings\NetworkService\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\LocalService\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\My Documents\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\Default User\Application Data\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\Start Menu\HELP_RESTORE_FILES.txt
2015-04-12 16:55 - 2015-04-12 16:55 - 00002614 _____ () C:\Documents and Settings\All Users\HELP_RESTORE_FILES.txt
2015-04-12 16:54 - 2015-04-12 16:54 - 00002614 _____ () C:\Documents and Settings\All Users\Desktop\HELP_RESTORE_FILES.txt
2015-04-12 16:53 - 2015-04-14 17:38 - 00000752 _____ () C:\Documents and Settings\Owner\Application Data\key.dat
2015-04-12 16:53 - 2015-04-14 17:37 - 00000232 _____ () C:\Documents and Settings\Owner\My Documents\RECOVERY_KEY.TXT
2015-04-12 16:53 - 2015-04-12 19:58 - 11857282 _____ () C:\Documents and Settings\Owner\Application Data\log.html
2015-04-09 18:07 - 2015-04-14 18:03 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\rynid
2015-03-23 23:47 - 2015-04-12 19:21 - 00045940 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 23:47 - 2015-04-12 19:21 - 00004308 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 23:47 - 2015-03-23 23:47 - 00008680 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.HTML
2015-03-23 23:47 - 2015-03-23 23:47 - 00008680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 23:47 - 2015-03-23 23:47 - 00004280 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.TXT
2015-03-23 23:47 - 2015-03-23 23:47 - 00000300 _____ () C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.URL
2015-03-23 23:47 - 2015-03-23 23:47 - 00000300 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00045940 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.PNG.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-04-12 16:56 - 00004308 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.TXT.ecc
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00008680 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.HTML
2015-03-23 14:57 - 2015-03-23 14:57 - 00004280 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.TXT
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:57 - 2015-03-23 14:57 - 00000300 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00045940 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.PNG.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-04-12 16:55 - 00004308 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT.ecc
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00008680 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML
2015-03-23 14:56 - 2015-03-23 14:56 - 00004280 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\LocalService\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL
2015-03-23 14:56 - 2015-03-23 14:56 - 00000300 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL
2015-03-23 14:55 - 2015-04-14 18:05 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{FE93A76E-3CF6-4D5C-96A7-582AA2064F4A}
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-6e5b6811.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-de3affd8.exe
C:\Documents and Settings\Owner\Local Settings\Temp\disktool.exe
C:\Documents and Settings\Owner\Local Settings\Temp\sysrestore.exe
cmd: ipconfig /flushdns
cmd: ipconfig /renew
*****************
 
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()" => File/Directory not found.
"C:\Documents and Settings\Default User\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()" => File/Directory not found.
"C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HELP_RESTORE_FILES.txt [2015-04-12] ()" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
HKU\S-1-5-21-1606980848-1770027372-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => value deleted successfully.
HKCR\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455} => Key not found. 
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\RahevWaqeb => Moved successfully.
"C:\Documents and Settings\Owner\Desktop\HELP_RESTORE_FILES.bmp" => File/Directory not found.
C:\Documents and Settings\Owner\Start Menu\Programs\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Owner\Start Menu\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Owner\My Documents\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Owner\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Owner\Desktop\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\NetworkService\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\NetworkService\Application Data\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\LocalService\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\LocalService\Application Data\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Default User\Start Menu\Programs\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Default User\Start Menu\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Default User\My Documents\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Default User\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Default User\Desktop\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\Default User\Application Data\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\HELP_RESTORE_FILES.txt => Moved successfully.
C:\Documents and Settings\All Users\HELP_RESTORE_FILES.txt => Moved successfully.
"C:\Documents and Settings\All Users\Desktop\HELP_RESTORE_FILES.txt" => File/Directory not found.
C:\Documents and Settings\Owner\Application Data\key.dat => Moved successfully.
C:\Documents and Settings\Owner\My Documents\RECOVERY_KEY.TXT => Moved successfully.
C:\Documents and Settings\Owner\Application Data\log.html => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\rynid => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.TXT => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\NetworkService\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\NetworkService\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\NetworkService\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.TXT => Moved successfully.
C:\Documents and Settings\Owner\Application Data\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\NetworkService\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\LocalService\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\Default User\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.PNG.ecc => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\LocalService\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\Default User\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.TXT.ecc => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\LocalService\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\Default User\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.TXT => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\LocalService\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Default User\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\Default User\Application Data\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL => Moved successfully.
C:\Documents and Settings\All Users\Application Data\{FE93A76E-3CF6-4D5C-96A7-582AA2064F4A} => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-6e5b6811.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-de3affd8.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\disktool.exe => Moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\sysrestore.exe => Moved successfully.
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
 
Windows IP Configuration
 
 
 
No operation can be performed on Local Area Connection while it has its media disconnected.
 
An error occurred while renewing interface Wireless Network Connection 5 : unable to contact your DHCP server. Request has timed out.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog 16:24:26 ====


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:03 PM

Posted 02 May 2015 - 06:07 PM

Thanks Bruce.

When did the internet stop working?

Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List devices >>(Problem only)<<

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result.txt
  • FSS.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 buckeye1010

buckeye1010
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 02 May 2015 - 06:39 PM

Thanks Gary.  Strangely enough, the loss of the Internet wasn't till towards the end of things.  Like my original post said, I had her important files restored from a backup, and I thought malwarebytes had cleaned things up.  Things seemed to be working just fine.  But then a week later, she started getting the cryptolocker ransom pop up again and the Internet stopped working.  She says that the signal strength shows real good.  They do occasionally have problems with their tablets connecting to wireless.  I have them power cycle the modem, then turn off the tablets for a few and start them up.  Should she try that with the PC?

 

Anyhow, we will attempt your next instructions on Sunday.

 

We very much appreciate the help!

 

-Bruce


Edited by buckeye1010, 02 May 2015 - 06:39 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:03 PM

Posted 02 May 2015 - 06:52 PM

Yes she should try that. That is one of the potential repair steps taken down the line but if you have had similar issues with this before then we should do that here.

Although I usually like to see what is going on before throwing tools at a problem since we have the inconvenience factor what I might suggest is to do the power cycle on the modem and if that doesn't work then do this before producing the reports.

===================================================

Complete Internet Repair

--------------------
  • Please download comintrep.zip and save it to your desktop
  • Double click the icon and select Run
  • Click Extract
  • Double click the Complete Internet Repair folder on your desktop
  • Double click the CIntRep.exe icon
  • Place a checkmark next to the following entries:

Reset Internet Protocol (TCP/IP)
Repair Winsock (Reset Catalog)
Renew Internet Connections
Flush DNS Resolver Cache

Repair Internet Explorer 6.0.2900
Clear Windows Update History
Repair Windows / Automatic Updates
Repair SSL / HTTPS / Cryptography
Reset Windows Firewall Configuration
Restore the default hosts file
Repair Workgroup Computers view

  • Click Go!
  • Ignore any error messages for now
  • Click OK to reboot your computer
  • Check your internet access
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Complete Internet Repair report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 buckeye1010

buckeye1010
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 03 May 2015 - 12:23 PM

Gary,

 

Power cycle router and rebooting PC did not work. :(

 

My Mom says that running cominrep says its for windows 7, not XP?  

 

We are going to the previous step now - MiniToolbox and FSS.  We will report back.

 

regards,

 

Bruce

 

EDIT:  Mom was downloding cominrep from Dad's Win7 machine.  She said when she went to download it, it said it was a version for "Win7" - maybe it was forcing her to get a version for Win7 only - she needs XP.  Not sure if it matters?  Hope that makes sense?


Edited by buckeye1010, 03 May 2015 - 12:59 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users