Jump to content

Recommended Posts

Posted

Hey Pete, could use your help here please. This machine is not going to the net either wired or wireless and shows nothing wrong with any of the net drivers. When I first tried to run MBAM, it would not install so I ran rkill then MBAM installed but did not find anything, neither did SAS and Adwarecleaner and JRT, please see logs for mbam and frst, thanks:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 6/15/2015

Scan Time: 11:12:42 AM

Logfile: mbam log.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.03.09.05

Rootkit Database: v2015.02.25.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Administrator

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 316755

Time Elapsed: 16 min, 32 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Posted

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015

Ran by Administrator (administrator) on OWNER-35308C001 on 15-06-2015 11:38:57

Running from E:\AV Softwares

Loaded Profiles: Administrator & (Available Profiles: Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 7 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

() C:\WINDOWS\system32\WLTRYSVC.EXE

(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE

(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

() C:\Program Files\Dell P513w\dlebmon.exe

() C:\Program Files\Dell P513w\ezprint.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Ask) C:\Program Files\Ask.com\Updater\Updater.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Corel, Inc.) C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe

(Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe

(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\WINDOWS\system32\spool\drivers\w32x86\3\dlebserv.exe

( ) C:\WINDOWS\system32\dlebcoms.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe

() C:\WINDOWS\system32\PSIService.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)

HKLM\...\Run: [sigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [dlebmon.exe] => C:\Program Files\Dell P513w\dlebmon.exe [766632 2009-07-10] ()

HKLM\...\Run: [EzPrint] => C:\Program Files\Dell P513w\ezprint.exe [139944 2009-07-10] ()

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)

HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)

HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2007-03-21] (Corel, Inc.)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23] (ATI Technologies Inc.)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware)

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.)

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.)

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware)

Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk [2012-03-05]

ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk [2010-07-20]

ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File

ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File

ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File

ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77c09f4f&ptnrs=zxxdm0028gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a

HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77c09f4f&ptnrs=zxxdm0028gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30] (Adobe Systems Incorporated)

BHO: HP Smart Print BHO -> {1658D3A1-9E13-4196-A82A-D70D70880F36} -> C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2011-05-13] (Hewlett-Packard)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File

BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL No File

BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-26] (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-15] (Google Inc.)

BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)

BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-26] (Oracle Corporation)

Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)

Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.)

Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.)

Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.)

Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()

FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File

FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-26] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-06]

FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST

FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-03-05]

FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-03-05]

FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-06-16]

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-03-18]

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [Not Found]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)

R2 dlebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dlebserv.exe [98984 2009-07-01] ()

R2 dleb_device; C:\WINDOWS\system32\dlebcoms.exe [602792 2009-07-01] ( )

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-02-26] (Oracle Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]

S2 N360; C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)

R2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)

R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]

R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-13] (Broadcom Corporation)

R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-06-06] (Symantec Corporation)

R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1503000.00C\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)

R1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)

S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]

R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-04-25] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-04-25] (Symantec Corporation)

R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)

R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)

R3 IDSxpx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140608.001\IDSxpx86.sys [383120 2014-06-08] (Symantec Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-15] (Malwarebytes Corporation)

S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]

R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)

S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140610.001\NAVENG.SYS [93272 2014-06-10] (Symantec Corporation)

S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140610.001\NAVEX15.SYS [1612376 2014-06-10] (Symantec Corporation)

R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-08-30] (Sonic Solutions) [File not signed]

R1 RapportCerberus_34302; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys [228208 2012-04-26] ()

S3 RapportIaso; c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-06-11] (Trusteer Ltd.)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1503000.00C\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)

R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1503000.00C\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)

R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)

R0 SymDS; C:\WINDOWS\System32\drivers\N360\1503000.00C\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-03-18] (Symantec Corporation)

R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1503000.00C\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)

R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1503000.00C\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)

S4 IntelIde; No ImagePath

S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S3 UIUSys; system32\drivers\UIUSys.sys [X]

U1 WS2IFSL; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

Posted

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015

Ran by Administrator at 2015-06-15 11:38:30

Running from E:\AV Softwares

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1454471165-688789844-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

ASPNET (S-1-5-21-1454471165-688789844-839522115-1003 - Limited - Enabled)

Guest (S-1-5-21-1454471165-688789844-839522115-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-1454471165-688789844-839522115-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-1454471165-688789844-839522115-1002 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton 360 Premier Edition (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 Premier Edition (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.2.152.26 - Adobe Systems Incorporated)

Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)

Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION

Ask Toolbar Updater (HKU\S-1-5-21-1454471165-688789844-839522115-500\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION

Ask Toolbar Updater (HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION

ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )

ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.261-060523a1-033841C-Dell - )

Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)

Bing Bar Platform (Version: 6.3.2291.0 - Microsoft Corporation) Hidden

Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom 440x 10/100 Integrated Controller (HKLM\...\{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}) (Version: 8.06.11 - Broadcom Corporation)

Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )

Corel Snapfire muvee autoProducer add-on (HKLM\...\{72470D12-2CCA-4324-AFF9-F1396A2168EA}) (Version: 1.00.0000 - Corel Corporation)

Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.30.0000 - Corel Corporation)

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)

Coupons.com Toolbar (HKLM\...\Coupons.com Toolbar) (Version: 6.8.5.1 - Coupons.com)

Dell P513w (HKLM\...\Dell P513w) (Version: - Dell, Inc.)

Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)

Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)

HP Photosmart 5510 series Basic Device Software (HKLM\...\{CDB1080E-BF0A-4A61-9E77-D1BBA68582C7}) (Version: 25.0.621.0 - Hewlett-Packard Co.)

HP Photosmart 5510 series Help (HKLM\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)

HP Photosmart 5510 series Product Improvement Study (HKLM\...\{C2F3460B-0C14-4A85-A330-5D1D5028C496}) (Version: 25.0.621.0 - Hewlett-Packard Co.)

HP Photosmart 6520 series Basic Device Software (HKLM\...\{D9B4150C-9EF6-4861-902F-5F5CB760D7ED}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photosmart 6520 series Help (HKLM\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)

HP Photosmart 6520 series Product Improvement Study (HKLM\...\{DF711F5A-C9E4-4241-9A83-58532C99DB28}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Smart Print 1.0.5.0 (HKLM\...\{4E5FDDEE-30DF-4E4F-BF77-4D7DB4B51B9E}) (Version: 1.0.5.0 - Hewlett-Packard)

HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)

Java 7 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)

Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version: - )

MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)

muvee autoProducer 5.0 (HKLM\...\{64367D02-ADA8-4FA0-B348-27F25C60BC7B}) (Version: 5.00.050 - muvee Technologies)

Norton 360 (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)

Norton Safe Web Lite (HKLM\...\NST) (Version: 2.0.0.16 - Symantec Corporation)

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Rapport (HKLM\...\Rapport_msi) (Version: 3.5.1201.84 - Trusteer)

Rapport (Version: 3.5.1201.84 - Trusteer) Hidden

Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)

SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)

Sonic CinePlayer DVD Pack (HKLM\...\{D4576E0D-2295-4B8E-B663-B68086B00EE5}) (Version: 2.3.1 - Sonic Solutions)

Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)

Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version: - )

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)

Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)

Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MUVEEA~1.EXE No File

CustomCLSID: HKU\S-1-5-21-1454471165-688789844-839522115-500_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MUVEEA~1.EXE No File

 

==================== Restore Points =========================

 

12-04-2015 02:56:49 Removed HP Update.

12-04-2015 02:57:01 Installed HP Update.

13-06-2015 08:46:45 System Checkpoint

14-06-2015 00:18:28 Software Distribution Service 3.0

15-06-2015 11:00:13 System Checkpoint

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe/UA 9.5 /DDV 0x1000SYSTEMCreated by NetScheduleJobAdd.0Üÿÿÿ�ÿ5�H!Œ©Ë¼2ÊÁ̃صøÚ yý5j¶áS“¡nc÷Ô.qZ

Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At5.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At6.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At7.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At8.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HP Photo Creations Messager.job => C:\Documents and Settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 20c0a1cd-4c5a-4e94-99d9-f96f7a34726a.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b21ca5fd-2366-45e6-acf4-a818aefb29bd.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2010-03-27 18:52 - 2006-11-01 21:48 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE

2010-03-27 18:52 - 2006-11-01 21:48 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll

2011-04-02 22:36 - 2009-06-19 04:58 - 00157696 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlebdrpp.dll

2011-04-02 22:34 - 2009-07-10 11:50 - 00766632 _____ () C:\Program Files\Dell P513w\dlebmon.exe

2011-04-02 22:33 - 2009-05-26 16:17 - 00086121 _____ () C:\Program Files\Dell P513w\dlebcfg.dll

2011-04-02 22:34 - 2009-05-29 10:08 - 00389120 _____ () C:\Program Files\Dell P513w\dlebscw.dll

2011-04-02 22:36 - 2009-05-27 08:16 - 00192512 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\dlebdatr.dll

2011-04-02 22:34 - 2009-05-29 10:09 - 01159168 _____ () C:\Program Files\Dell P513w\dlebDRS.dll

2011-04-02 22:34 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Dell P513w\dlebcaps.dll

2011-04-02 22:34 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files\Dell P513w\dlebcnv4.dll

2011-04-02 22:32 - 2009-02-12 07:33 - 00299008 _____ () C:\WINDOWS\system32\dlebsm.dll

2011-04-02 22:32 - 2009-02-12 07:33 - 00028672 _____ () C:\WINDOWS\system32\dlebsmr.dll

2011-04-02 22:34 - 2009-07-10 11:50 - 00139944 _____ () C:\Program Files\Dell P513w\ezprint.exe

2011-04-02 22:34 - 2009-03-30 08:40 - 00708608 _____ () C:\Program Files\Dell P513w\Epwizard.DLL

2011-04-02 22:34 - 2009-03-30 08:38 - 00159744 _____ () C:\Program Files\Dell P513w\customui.dll

2011-04-02 22:34 - 2009-03-30 08:38 - 00114688 _____ () C:\Program Files\Dell P513w\Eputil.DLL

2011-04-02 22:34 - 2009-03-30 08:37 - 00139264 _____ () C:\Program Files\Dell P513w\Imagutil.DLL

2011-04-02 22:34 - 2009-03-30 08:38 - 00061440 _____ () C:\Program Files\Dell P513w\Epfunct.DLL

2011-04-02 22:34 - 2009-03-30 08:40 - 02203648 _____ () C:\Program Files\Dell P513w\EPWizRes.dll

2011-04-02 22:34 - 2009-03-30 08:40 - 00045056 _____ () C:\Program Files\Dell P513w\epstring.dll

2011-04-02 22:34 - 2009-03-30 08:40 - 00196608 _____ () C:\Program Files\Dell P513w\EPOEMDll.dll

2011-04-02 22:34 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Dell P513w\iptk.dll

2011-04-02 22:34 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files\Dell P513w\dlebptp.dll

2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-04-02 22:36 - 2009-07-01 09:07 - 00098984 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlebserv.exe

2004-08-10 07:00 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll

2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

2004-08-10 07:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2004-08-10 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2006-11-02 21:40 - 2006-11-02 21:40 - 00174656 _____ () C:\WINDOWS\system32\PSIService.exe

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)

HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)

HKU\S-1-5-21-1454471165-688789844-839522115-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

DNS Servers: 192.168.1.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dldfcoms.exe] => Enabled:Dell Communications System

StandardProfile\AuthorizedApplications: [C:\Program Files\Dell AIO Printer 948\dldfmon.exe] => Enabled:Printer Device Monitor

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Local Settings\Temp\dldf\wireless\ENGLISH\dldfwpss.exe] => Enabled:

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dlebcoms.exe] => Enabled:P513w Server

StandardProfile\AuthorizedApplications: [C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe] => Enabled:ABBYY FineReader

StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service

StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Photosmart 5510 series)

StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 5510 series)

StandardProfile\AuthorizedApplications: [C:\Program Files\FrostWire 5\FrostWire.exe] => Enabled:FrostWire

StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Photosmart 6520 series)

StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 6520 series)

StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Photosmart 6520 series)

StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes

StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007

StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/15/2015 11:20:11 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

 

Error: (06/15/2015 11:20:11 AM) (Source: crypt32) (EventID: 11) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (06/15/2015 11:19:55 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

 

Error: (06/15/2015 11:19:55 AM) (Source: crypt32) (EventID: 11) (User: )

Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

 

System errors:

=============

Error: (06/15/2015 10:29:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

 

Error: (06/15/2015 10:29:15 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SASDIFSV

SASKUTIL

 

Error: (06/15/2015 10:29:01 AM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

 

Error: (06/15/2015 10:29:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SAS Core Service service failed to start due to the following error:

%%3

 

Error: (06/15/2015 10:28:49 AM) (Source: 0) (EventID: 1) (User: )

Description: 0xC0000001HarddiskVolume1

 

Error: (06/15/2015 10:07:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

SASDIFSV

SASKUTIL

 

Error: (06/15/2015 10:07:34 AM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

 

Error: (06/15/2015 10:07:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:

%%2

 

Error: (06/15/2015 10:07:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMScheduler service failed to start due to the following error:

%%2

 

Error: (06/15/2015 10:07:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The SAS Core Service service failed to start due to the following error:

%%3

 

 

Microsoft Office:

=========================

Error: (06/15/2015 11:20:11 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

 

Error: (06/15/2015 11:20:11 AM) (Source: crypt32) (EventID: 11) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

 

Error: (06/15/2015 11:20:10 AM) (Source: crypt32) (EventID: 11) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

Error: (06/15/2015 11:19:55 AM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

 

Error: (06/15/2015 11:19:55 AM) (Source: crypt32) (EventID: 11) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core2 CPU T5500 @ 1.66GHz

Percentage of memory in use: 53%

Total physical RAM: 2046.37 MB

Available physical RAM: 943.82 MB

Total Pagefile: 3937.85 MB

Available Pagefile: 3068.04 MB

Total Virtual: 2047.88 MB

Available Virtual: 1940.34 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:142.03 GB) (Free:94.11 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive e: (2G-3) (Removable) (Total:1.91 GB) (Free:1.79 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: E686F016)

Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=2 GB) - (Type=OF Extended)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=1.9 GB) - (Type=06)

 

==================== End of log ============================

Posted

Hi Mike,

 

I do have a couple of ideas but.................

Unfortunately the main FRST.txt seems to have been cut off after the NetSvcs section.

Please repost the main FRST.txt so I can finish off a fix.

 

You say that AdwCleaner and JRT found nothing..... that's odd as the FRST report is showing standard adware entries that both should have removed.

I'll add these to the fix when I get the whole FRST main.txt

 

Just one other thing:

Have you tried Safe Mode with Networking to see if you get a connection.

76c90dd0e79a714317a8daeecc1584d2.png

Posted

For some reason frst had run 3 times in succession, I had to use task manager to end the processes. I just ran it again and here's the log and yes, net works in safe mode:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015

Ran by Administrator (administrator) on OWNER-35308C001 on 15-06-2015 15:45:27

Running from E:\AV Softwares

Loaded Profiles: Administrator (Available Profiles: Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 7 (Default browser: IE)

Boot Mode: Safe Mode (with Networking)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2006-11-01] (Dell Inc.)

HKLM\...\Run: [sigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)

HKLM\...\Run: [dlebmon.exe] => C:\Program Files\Dell P513w\dlebmon.exe [766632 2009-07-10] ()

HKLM\...\Run: [EzPrint] => C:\Program Files\Dell P513w\ezprint.exe [139944 2009-07-10] ()

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)

HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)

HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2007-03-21] (Corel, Inc.)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23] (ATI Technologies Inc.)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1804648 2011-09-16] (Hewlett-Packard Co.)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1454471165-688789844-839522115-500\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-15] (SUPERAntiSpyware)

Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk [2012-03-05]

ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk [2010-07-20]

ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File

ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File

ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File

ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.2.0.38\buShell.dll No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77c09f4f&ptnrs=zxxdm0028gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a

HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm0028Gus&ptnrS=ZXxdm0028Gus&ptb=63EC8717-A2E6-4C78-82DA-DCADF586A90A&ind=2011051203&n=77de34c3&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=sb&qsrc=2869

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30] (Adobe Systems Incorporated)

BHO: HP Smart Print BHO -> {1658D3A1-9E13-4196-A82A-D70D70880F36} -> C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2011-05-13] (Hewlett-Packard)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File

BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL No File

BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-26] (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-15] (Google Inc.)

BHO: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)

BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-26] (Oracle Corporation)

Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24] (Microsoft Corporation)

Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.)

Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-26] (Google Inc.)

Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()

FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File

FF Plugin: @java.com/DTPlugin,version=10.15.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-02-26] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.15.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-26] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-29] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-06]

FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST

FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension

FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-03-05]

FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension

FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2012-03-05]

FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-06-16]

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF

FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-03-18]

 

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [Not Found]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)

S2 dlebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dlebserv.exe [98984 2009-07-01] ()

S2 dleb_device; C:\WINDOWS\system32\dlebcoms.exe [602792 2009-07-01] ( )

S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-02-26] (Oracle Corporation)

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]

S2 N360; C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)

S2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)

S2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] () [File not signed]

S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-11-01] (Dell Inc.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-10-13] (Broadcom Corporation)

S1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-06-06] (Symantec Corporation)

S1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1503000.00C\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)

S1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys [132744 2011-08-08] (Symantec Corporation)

S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]

S3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)

S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-04-25] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-04-25] (Symantec Corporation)

S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)

S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)

S3 IDSxpx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140608.001\IDSxpx86.sys [383120 2014-06-08] (Symantec Corporation)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-15] (Malwarebytes Corporation)

S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]

S3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)

S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140610.001\NAVENG.SYS [93272 2014-06-10] (Symantec Corporation)

S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140610.001\NAVEX15.SYS [1612376 2014-06-10] (Symantec Corporation)

R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-08-30] (Sonic Solutions) [File not signed]

S1 RapportCerberus_34302; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys [228208 2012-04-26] ()

S3 RapportIaso; c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [21520 2012-06-11] (Trusteer Ltd.)

S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1503000.00C\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)

S1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1503000.00C\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)

S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)

R0 SymDS; C:\WINDOWS\System32\drivers\N360\1503000.00C\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)

S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-03-18] (Symantec Corporation)

S1 SymIRON; C:\WINDOWS\system32\drivers\N360\1503000.00C\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)

S1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1503000.00C\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)

S4 IntelIde; No ImagePath

S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S3 UIUSys; system32\drivers\UIUSys.sys [X]

U1 WS2IFSL; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-15 15:42 - 2015-06-15 15:42 - 00000000 ____D C:\WINDOWS\CSC

2015-06-15 11:32 - 2015-06-15 15:45 - 00000000 ____D C:\FRST

2015-06-15 11:09 - 2015-06-15 11:09 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

2015-06-15 11:09 - 2015-06-15 11:09 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b21ca5fd-2366-45e6-acf4-a818aefb29bd.job

2015-06-15 11:09 - 2015-06-15 11:09 - 00000526 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 20c0a1cd-4c5a-4e94-99d9-f96f7a34726a.job

2015-06-15 11:09 - 2015-06-15 11:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2015-06-15 11:09 - 2015-06-15 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

2015-06-15 11:09 - 2015-06-15 11:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2015-06-15 11:09 - 2015-06-15 11:09 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2015-06-15 10:31 - 2015-06-15 10:32 - 00000000 ____D C:\AdwCleaner

2015-06-15 10:11 - 2015-06-15 10:29 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-06-15 10:11 - 2015-06-15 10:11 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2015-06-15 10:11 - 2015-06-15 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-15 10:11 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-06-15 10:11 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-06-15 08:34 - 2015-06-15 08:35 - 00003954 _____ C:\Documents and Settings\Administrator\Desktop\Rkill.txt

2015-06-15 08:30 - 2015-06-15 10:11 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-06-15 08:30 - 2015-06-15 08:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes

2015-06-14 00:18 - 2015-06-14 00:18 - 00000000 ____D C:\521519963b55f54fc969de

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-15 15:45 - 2010-03-27 18:18 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp

2015-06-15 11:44 - 2010-03-27 18:18 - 00032602 _____ C:\WINDOWS\SchedLgU.Txt

2015-06-15 11:44 - 2010-03-27 18:18 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini

2015-06-15 11:44 - 2010-03-27 18:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-06-15 11:44 - 2010-03-27 18:10 - 01085084 _____ C:\WINDOWS\WindowsUpdate.log

2015-06-15 11:44 - 2010-03-27 09:57 - 00000275 _____ C:\WINDOWS\wiadebug.log

2015-06-15 11:44 - 2010-03-27 09:57 - 00000049 _____ C:\WINDOWS\wiaservc.log

2015-06-15 11:41 - 2011-03-05 20:24 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-15 11:40 - 2012-10-17 11:10 - 00000250 _____ C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

2015-06-15 11:01 - 2012-03-05 06:16 - 00000348 _____ C:\WINDOWS\Tasks\HP Photo Creations Messager.job

2015-06-15 10:29 - 2010-03-27 18:07 - 00000000 ____D C:\WINDOWS\Registration

2015-06-15 10:28 - 2014-07-19 14:50 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job

2015-06-15 10:28 - 2011-04-02 22:37 - 00112417 _____ C:\Documents and Settings\All Users\dlebscan.log

2015-06-15 10:28 - 2011-03-05 20:24 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-15 10:28 - 2010-08-05 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979559_0$

2015-06-15 10:26 - 2012-02-01 14:39 - 00000000 ____D C:\Program Files\Coupons.com

2015-06-15 10:26 - 2012-02-01 14:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Coupons.com

2015-06-15 10:11 - 2014-03-18 19:11 - 00000462 _____ C:\WINDOWS\Tasks\At5.job

2015-06-15 10:10 - 2012-03-05 06:15 - 00000460 _____ C:\WINDOWS\Tasks\At1.job

2015-06-15 09:34 - 2011-04-02 22:54 - 00667449 _____ C:\Documents and Settings\All Users\dleb.log

2015-06-15 08:50 - 2010-09-10 14:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973687$

2015-06-15 08:08 - 2011-09-24 12:50 - 00544377 _____ C:\WINDOWS\setupapi.log

2015-06-15 07:54 - 2004-08-10 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2015-06-13 20:40 - 2014-03-18 19:11 - 00000462 _____ C:\WINDOWS\Tasks\At6.job

2015-06-13 20:40 - 2012-03-05 06:15 - 00000460 _____ C:\WINDOWS\Tasks\At2.job

2015-06-13 19:11 - 2014-03-18 19:11 - 00000462 _____ C:\WINDOWS\Tasks\At7.job

2015-06-13 14:00 - 2014-03-18 19:11 - 00000462 _____ C:\WINDOWS\Tasks\At8.job

2015-06-13 14:00 - 2012-03-05 06:15 - 00000460 _____ C:\WINDOWS\Tasks\At4.job

 

==================== Files in the root of some directories =======

 

2010-11-28 20:06 - 2010-11-28 20:06 - 0003584 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2010-03-27 18:23 - 2010-03-27 18:23 - 0000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

2011-05-20 08:37 - 2012-02-15 09:08 - 0001940 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

2011-04-02 22:54 - 2015-06-15 09:34 - 0667449 _____ () C:\Documents and Settings\All Users\dleb.log

2011-04-02 22:55 - 2012-03-02 11:08 - 0052292 _____ () C:\Documents and Settings\All Users\dlebJSW.log

2011-04-02 22:37 - 2015-06-15 10:28 - 0112417 _____ () C:\Documents and Settings\All Users\dlebscan.log

2011-06-02 07:56 - 2011-06-02 07:56 - 0000000 _____ () C:\Documents and Settings\All Users\LxWbGwLog.log

2011-04-02 22:32 - 2011-04-02 22:32 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt

 

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

C:\Windows\Tasks\At5.job

C:\Windows\Tasks\At6.job

C:\Windows\Tasks\At7.job

C:\Windows\Tasks\At8.job

 

 

Some files in TEMP:

====================

C:\Documents and Settings\Administrator\Local Settings\Temp\AdobeUpdater12345.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End of log ============================

Posted

Hi Mike,

 

yes, net works in safe mode:

Ok thanks... at least that's something.

 

Step 1

Please download the attached fixlist.txt file (bottom of this post) and save it to E:\AV Softwares.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

0df4bc680758f78740215d6a95eed89e.png

 

The tool will make a log in the AV Softwares folder (Fixlog.txt). Please post this in your next reply.

 

 

Step 2

There seems to be problems with Norton 360.

Still installed, but a lot of files are missing.

You might want to think about either removing it or running a reinstall.

Depends on the owner.

 

Step 3

If you are still having internet connection problems after running the FRST fix...............

 

Download NetAdapter Repair to your Desktop.

  • Close all open programs and internet browsers.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool may take awhile before the main screen opens.. this is because it will scan your system and record certain settings.
    The NetAdapter.txt list can be found in the same directory as the main program was run from.
  • When the main screen opens, click on Advanced Repair.
     
    e6b02f63ac4ac40c697f4d9d4f1f324c.png
     
  • At the next screen click OK.
     
    979313743f2d001ffff27eec2fdfa510.png
     
  • Reboot the system when finished.

 

 

In your next reply, please submit:

Fixlog.txt

 

and give me an update on the connection problem..... we'll then take it from there.

 

 

Thanks.

fixlist.txt

76c90dd0e79a714317a8daeecc1584d2.png

Posted

Net problem still there, I am going into safe mode now to try the Netadapter. BTW, on startup there is always this prompt below which I have to click ok to close, any way to prevent that prompt please?

 

Windows- registry recovery

One of the files containing the system's registry data had to be recovered bu use of a log or alternate copy. The recovery was successful.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015

Ran by Administrator at 2015-06-15 16:51:36 Run:1

Running from E:\AV Softwares

Loaded Profiles: Administrator (Available Profiles: Administrator)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

(Ask) C:\Program Files\Ask.com\Updater\Updater.exe

HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)

HKLM\...\Run: [] => [X]

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File

HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...8gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...8gus&ptb=63ec8717-a2e6-4c78-82da-dcadf586a90a

SearchScopes: HKLM -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/myweb...n=77de34c3&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/myweb...n=77de34c3&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebsearch.com/myweb...n=77de34c3&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

BHO: FrostWire Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

Toolbar: HKLM - FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll No File

Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06] (Ask)

FF Plugin: @ei.CouponAlert_2p.com/Plugin -> C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File

CHR HKLM\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [Not Found]

S4 IntelIde; No ImagePath

S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X]

S3 UIUSys; system32\drivers\UIUSys.sys [X]

U1 WS2IFSL; No ImagePath

CustomCLSID: HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MUVEEA~1.EXE No File

CustomCLSID: HKU\S-1-5-21-1454471165-688789844-839522115-500_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}\localserver32 -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MUVEEA~1.EXE No File

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe/UA 9.5 /DDV 0x1000SYSTEMCreated by NetScheduleJobAdd.0Üÿÿÿ�ÿ5�H!Œ©Ë¼2ÊÁ̃صøÚ yý5j¶áS“¡nc÷Ô.qZ

Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At5.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At6.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At7.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At8.job => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe

StandardProfile\AuthorizedApplications: [C:\Program Files\FrostWire 5\FrostWire.exe] => Enabled:FrostWire

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

C:\Windows\Tasks\At5.job

C:\Windows\Tasks\At6.job

C:\Windows\Tasks\At7.job

C:\Windows\Tasks\At8.job

C:\WINDOWS\Tasks\At*.job

C:\Documents and Settings\Administrator\Local Settings\Temp\AdobeUpdater12345.exe

C:\Program Files\Ask.com

C:\Program Files\FrostWire 5

CMD: ipconfig /flushdns

EmptyTemp:

Hosts:

*****************

 

C:\Program Files\Ask.com\Updater\Updater.exe => No running process found

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => value removed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WPDShServiceObj => value removed successfully.

HKLM\Software\Classes\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5} => key not found.

HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => key removed successfully.

HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => key not found.

"HKU\S-1-5-21-1454471165-688789844-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => key removed successfully.

HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => key not found.

"HKU\S-1-5-21-1454471165-688789844-839522115-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully.

HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => key not found.

HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => key not found.

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.

HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully.

"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully.

HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.

"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully.

HKU\S-1-5-21-1454471165-688789844-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully.

HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{{D4027C7F-154A-4066-A1AD-4243D8127440} => value not found.

HKCR\CLSID\Toolbar: HKU\S-1-5-21-1454471165-688789844-839522115-500-{{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.

"HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin" => key removed successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb" => key removed successfully.

"HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk" => key removed successfully.

IntelIde => Service removed successfully.

OMCI => Service removed successfully.

UIUSys => Service removed successfully.

WS2IFSL => Service removed successfully.

HKU\S-1-5-21-1454471165-688789844-839522115-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} => key not found.

"HKU\S-1-5-21-1454471165-688789844-839522115-500_Classes\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}" => key removed successfully.

C:\WINDOWS\Tasks\At1.job => moved successfully.

C:\WINDOWS\Tasks\At2.job => moved successfully.

C:\WINDOWS\Tasks\At3.job => moved successfully.

C:\WINDOWS\Tasks\At4.job => moved successfully.

C:\WINDOWS\Tasks\At5.job => moved successfully.

C:\WINDOWS\Tasks\At6.job => moved successfully.

C:\WINDOWS\Tasks\At7.job => moved successfully.

C:\WINDOWS\Tasks\At8.job => moved successfully.

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => moved successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire 5\FrostWire.exe => value removed successfully.

"C:\Windows\Tasks\At1.job" => File/Folder not found.

"C:\Windows\Tasks\At2.job" => File/Folder not found.

"C:\Windows\Tasks\At3.job" => File/Folder not found.

"C:\Windows\Tasks\At4.job" => File/Folder not found.

"C:\Windows\Tasks\At5.job" => File/Folder not found.

"C:\Windows\Tasks\At6.job" => File/Folder not found.

"C:\Windows\Tasks\At7.job" => File/Folder not found.

"C:\Windows\Tasks\At8.job" => File/Folder not found.

"C:\WINDOWS\Tasks\At*.job" => File/Folder not found.

C:\Documents and Settings\Administrator\Local Settings\Temp\AdobeUpdater12345.exe => moved successfully.

C:\Program Files\Ask.com => moved successfully.

"C:\Program Files\FrostWire 5" => File/Folder not found.

 

========= ipconfig /flushdns =========

 

 

 

Windows IP Configuration

 

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

C:\Windows\System32\Drivers\etc\hosts => moved successfully.

Hosts restored successfully.

EmptyTemp: => 614.9 MB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 16:55:57 ====

Posted
BTW, on startup there is always this prompt below which I have to click ok to close, any way to prevent that prompt please?

 

Windows- registry recovery

One of the files containing the system's registry data had to be recovered bu use of a log or alternate copy. The recovery was successful.

I'm not sure why this is being displayed.

There's nothing relating to it in the reports.

 

Let's try a Clean Boot and see if the error message and the Internet connection problems still happen.

If there are no problems in a Clean Boot, then the problems are down to a third party program.

It'll then be a process of elimination to find the program.

You can re-enable each entry (one at a time with a reboot after each) until you find the culprit.

 

Hold down the Windows key on your keyboard and press the R key.

With the Run dialogue window open, type in msconfig and click the OK button.

 

You should now be looking at the System Configuration window. Click on the Services tab.

 

On the Services tab, youll notice a long list of services available on your PC

First, check the box labeled Hide All Microsoft Services. <<<<<<<<<<< Important

Next, click the Disable All button

 

By performing these two steps, you have effectively turned off all services from third-party software developers. All Microsoft services remain intact and will be ready to load when you reboot Windows.

 

Finally, click the OK button and reboot the system

 

When you reboot, you may get messages that certain hardware and software are not unavailable. This is normal.

 

Just be sure to hide all Microsoft services before you use the Disable All button. Otherwise, you may encounter boot up errors when you reboot your PC.

 

Remember, running Windows like this is just temporary.

 

 

 

To restore Windows to a normal start up functionality:

  • Start the System Configuration Utility again (MSCONFIG)
  • On the "General" tab:
  • Click to select "Normal Startup"
  • Click "OK"
  • Choose the "Exit with Restart" option to restart your computer.

76c90dd0e79a714317a8daeecc1584d2.png

Posted
2 problems after doing the above, that prompt still comes up and in order to run the net repair adapter, I need to first install netframework 4.0 but that won't run because "does not apply or is being blocked by another condition on your computer"?
Posted
I need to first install netframework 4.0 but that won't run because "does not apply or is being blocked by another condition on your computer"?

Let's see if anything installed is trying to block you.

 

Make sure everything is enabled again...............

 

Download RogueKiller and save it to your desktop.

  • Close all the running processes
  • Double click RogueKiller icon to run the program
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Now click the Scan button.
  • Please copy and paste the report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

 

Note:

If RogueKiller is blocked, do not hesitate to try running it again.

If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

 

If you have problems installing Rogue Killer, try running RKill again and then try installing Rogue Killer again before you reboot the system.

You probably already know that anything RKill stops, will restart on a reboot

76c90dd0e79a714317a8daeecc1584d2.png

Posted

BTW:

RKill will produce a log when it is run.

It's saved in the same location that the program is run from.

Would be interesting to see the report as you stated at the beginning:

When I first tried to run MBAM, it would not install so I ran rkill then MBAM installed

 

It's midnight here so will have to sign off now until after work tomorrow.

76c90dd0e79a714317a8daeecc1584d2.png

Posted

Ok, thanks, have a good night. Here's the reports,

 

Rkill 2.6.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2015 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 06/15/2015 08:34:03 AM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

 

Checking for Windows services to stop:

 

* No malware services found to stop.

 

Checking for processes to terminate:

 

* C:\WINDOWS\System32\WLTRYSVC.EXE (PID: 1560) [WD-HEUR]

* C:\WINDOWS\System32\bcmwltry.exe (PID: 1580) [WD-HEUR]

* C:\WINDOWS\system32\PSIService.exe (PID: 1484) [WD-HEUR]

* C:\WINDOWS\system32\WLTRAY.exe (PID: 1960) [WD-HEUR]

* C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-7U6EJ.tmp\mbam-setup-2.0.2.1012.tmp (PID: 5376) [sUP-HEUR]

 

5 proccesses terminated!

 

Checking Registry for malware related settings:

 

* No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

* No issues found.

 

Checking Windows Service Integrity:

 

* No issues found.

 

Searching for Missing Digital Signatures:

 

* C:\WINDOWS\System32\drivers\mqac.sys : 91,776 : 06/22/2009 07:48 AM : eee50bf24caeedb515a8f3b22756d3bb [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 07:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/10/2004 07:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]

+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 07:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

 

Checking HOSTS File:

 

* HOSTS file entries found:

 

127.0.0.1 localhost

 

Program finished at: 06/15/2015 08:35:28 AM

Execution time: 0 hours(s), 1 minute(s), and 24 seconds(s)

Posted

RK did not auto open and save a report on the first run so I ran it again and this is that log;

 

RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Administrator]

Started from : C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe

Mode : Scan -- Date : 06/15/2015 19:11:45

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 0 ¤¤¤

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541616J9SA00 +++++

--- User ---

[MBR] 9213bfc24bea0f80cceed66db9d79567

[bSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 145439 MB [Windows XP Bootstrap | Windows XP Bootloader]

1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 297861165 | Size: 2047 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: SMI USB DISK USB Device +++++

--- User ---

[MBR] 41b27a057e712e68a6461a1fe5230277

[bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 496 | Size: 1959 MB

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

============================================

RKreport_SCN_06152015_190419.log

Posted

Hi Mike,

 

Nothing out of the ordinary there.

I'm pretty sure the problem is due to a conflict.... Norton is my guess as the culprit.

The Norton 360 seems to be messed up anyway.... according to the reports.

I've been doing a lot of searching on this problem and Norton seems to be the cause in nearly all of the threads.

 

The only way we'll be sure is to remove it.

 

Run the uninstaller and then to fully remove Norton Products:

Download: Norton Removal Tool

 

Download it to your 'Desktop'.

Then click on the desktop icon to run the removal tool.

 

After a reboot, see how the internet connection is............ hopefully working now.

If you need a free AV replacement ....for the time being I'd use one of these:

 

As the system is WinXP, I wouldn't really recommend MSSE as it has been known to slow XP down quite a bit.

or for a paid for AV, I'd recommend:

Eset Nod32

or

Emsisoft AntiMalware

76c90dd0e79a714317a8daeecc1584d2.png

Posted
That worked Pete, thanks! However, I am having 2 issues, same registry prompt and now the "Found New Hardware" wizard shows on startup and I have to click 2 times to close it, if these 2 issues are not malware related should I post in the XP forum?
Posted
That worked

Norton is bad enough when it's working..... when it gets messed up it's downright awful.

 

I am having 2 issues, same registry prompt and now the "Found New Hardware" wizard shows on startup and I have to click 2 times to close it, if these 2 issues are not malware related should I post in the XP forum?

can you take a screenshot of the registry prompt, it may be easier if I can actually see it.

I doubt that it's malware related though, same as the 'Found New Hardware' wizard.

Some altered setting has probably set these off.

76c90dd0e79a714317a8daeecc1584d2.png

Posted

One thing before I forget.....

That system has Java 7 Update 15 installed.

The last fully compatible version of Java for WinXP was Java 7 Update 65.

 

Whether you stick with what is installed or download v7 u65... it'll still be out of date!

If needed you can download Java 7 Update 65 from Here

76c90dd0e79a714317a8daeecc1584d2.png

Posted

Hi Mike,

 

Seems that both of these are fairly common XP problems.

2 things that seem to work for the Windows Registry Recovery message:

 

(a) Boot into Safe Mode and then select Last know Good Configuration.

that works for some.

 

(b) **Note: You must enable hidden files and folders under tools folder options**

  • Create a new user account with administrative rights on the affected machine. Navigate to the affected user's profile directory and copy ntuser.dat to a folder named backup on your C: drive.
     
    (example for a user named dave: copy c:\Documents and Settings\dave\ntuser.dat to c:\backup)
     
  • Once you have backed up the ntuser.dat file, overwrite it with the one located in c:\windows\repair\
     
    (example for a user named dave: copy c:\windows\repair\ntuser.dat to c:\Documents and Settings\dave\ )
     
  • Log off the temporary account you have created and login to the affected user account and let windows fully load up. This will create a new ntuser.dat file under the user's profile.
  • Once windows has fully loaded up, log back out of the affected user's account and log back into the temporary account you made earlier.
  • Copy the ntuser.dat file you backed up earlier to the user's profile directory overwriting the new file that was created.
     
    (example for a user named dave: copy c:\backup\ntuser.dat to c:\Documents and Settings\dave\ )
     
  • Log out of the temporary account and log back into the computer under the affected account and see if the problem is fixed.

 

There is also a M$ help page about copying over the data:

https://support.microsoft.com/en-us/kb/811151

--------------------

 

For the New Hardware Wizard problem...... best thing seems to be, just follow the instructions and let it complete.

There is also a M$ explanation page that may help:

https://support.microsoft.com/en-us/kb/298370

76c90dd0e79a714317a8daeecc1584d2.png

Posted

Hi Mike,

 

If you run a Google search for:

Windows Registry Recovery message

you'll find loads.

Best to take a look and see what works for you. ( not all the fixes work for everyone)

76c90dd0e79a714317a8daeecc1584d2.png

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...