Jump to content


Photo

PC essentially useless: Blue Screen over and over randomly


  • This topic is locked This topic is locked
18 replies to this topic

#1 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 17 July 2014 - 07:24 PM

This is a post of another computer i am having problems with. Very erratically, sometimes as soon as I reboot, sometimes within a few minutes, the PC shuts down w/blue screen and a message which gives the following errors (not the whole thing; tell me if you want the whole stuff):

0x0000024

0x00190203

0x84949EF0

0xC0000102

0x00000000

 

I went on Safe Mode Networking to get online but keeps crashing. HJT log, ran twice to get the log out of PC and post. Here it is. If you need other logs, pls let me which ones but it may be a while due to the erratic nature of the problem.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:56 PM, on 7/17/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O9 - Extra button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\PROGRA~1\Discover\SOAN\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\plugins\Npcdp32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} - http://client2.tvton...3.0/install.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8236 bytes
 



#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,207 posts

Posted 18 July 2014 - 06:59 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

If the error is this "NTFS_FILE_SYSTEM" or "Stop 0×00000024″.
Run the the following command as suggested on this article.
"chkdsk C:/f" (include the double quotes)

http://ezinearticles...r-PC&id=5843639

===

How is it now?
===


Do you have the XP installation disk?

As you are probably aware Microsoft has ended the support on XP.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 18 July 2014 - 03:57 PM

Hi nasdaq, took longer than I anticipated.  After many trials, on one occasion when I rebooted the PC it started to do a chkdsk by itself. There was one error reported when it was checking the File data (step 4 of 5):  “Replaced bad clusters in file 34834 of name \WINDOWS\ie7\msls31.dll”

 

Since I couldn’t get chkdsk to work from Start, then Run, at one point I tried chkdsk C:/f but from DOS [Safe Mode w/ Command Prompt]. I then rebooted with “shutdown –r” but the blue screen came back with same 0x000000024 error plus others. I took pictures through the process just in case.

 

However the computer kept acting with blue screen shows more likely than not. I almost gave up on this PC. I will look for the XP CD; don’t know if I do have. Yeap, I am aware XP is not supported anymore... talk about timing!



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,207 posts

Posted 19 July 2014 - 05:24 AM

Try to run these tools with Safe mode with internet service.

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingc...opic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 19 July 2014 - 09:45 PM

I am sure other cases may be worse than this one. The PC was very unstable but eventually was able to load Combofix and FRST. The logs are pasted below; one attached as requested. 

 

ComboFix 14-07-19.01 - JS3 07/19/2014  23:14:05.20.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2302.1779 [GMT -4:00]
Running from: c:\documents and settings\JS3\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-20 to 2014-07-20  )))))))))))))))))))))))))))))))
.
.
2014-07-20 01:04 . 2014-07-20 01:04 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Local Settings\Application Data\BVRP Software
2014-07-19 23:41 . 2014-07-19 23:41 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Application Data\AVAST Software
2014-07-08 07:00 . 2014-07-08 07:00 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Application Data\NCH Swift Sound
2014-07-08 05:57 . 2014-07-08 05:57 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Local Settings\Application Data\Adobe
2014-07-08 05:42 . 2014-07-08 05:42 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Local Settings\Application Data\Mozilla
2014-07-06 01:16 . 2014-07-06 01:16 -------- dc----w- c:\windows\system32\wbem\Repository
2014-07-06 00:58 . 2014-07-06 00:58 -------- dc----w- c:\program files\File Type Assistant
2014-07-06 00:58 . 2014-07-06 00:58 -------- dc----w- c:\documents and settings\JS3\Local Settings\Application Data\DefineExt
2014-07-06 00:58 . 2014-07-06 00:58 -------- dc----w- c:\documents and settings\JS3\Application Data\ZoomBrowser EX
2014-07-06 00:57 . 2014-07-06 00:58 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2014-07-06 00:20 . 2014-07-06 00:20 -------- dc----w- c:\documents and settings\JS3\Local Settings\Application Data\Adobe
2014-06-26 17:29 . 2014-06-26 17:29 -------- dc----w- c:\program files\Citrix
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-14 01:31 . 2012-11-03 07:46 699056 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-14 01:31 . 2011-09-04 02:21 71344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-08 17:31 . 2014-06-04 01:26 90112 -c--a-w- c:\windows\DUMP786c.tmp
2014-06-02 21:40 . 2010-08-03 23:36 90112 -c--a-w- c:\windows\DUMP6dae.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-01 20:11 259464 -c--a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2011-09-30 121648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-30 339968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-04-02 3774312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^JS3^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 14:54 282624 -c--a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 -c--a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 -c--a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WZCSVC"=2 (0x2)
"CCALib8"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\JS3\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/27/2013 2:04 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/27/2013 2:04 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/5/2011 5:48 AM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/31/2010 5:05 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [8/27/2013 2:04 PM 67824]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [6/19/2012 4:21 PM 1646608]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [5/9/2005 8:22 PM 71336]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/26/2009 5:21 PM 2069504]
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 01:31]
.
2014-07-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-27 20:11]
.
2014-07-20 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-12-19 20:24]
.
2007-01-08 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4167510639.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-30 03:32]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-30 03:32]
.
2014-07-20 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2014-07-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2014-07-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com...rch/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\documents and settings\JS3\Application Data\Mozilla\Firefox\Profiles\bt9ykm97.default-1377636682412\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-19 23:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123337207-482375026-1231146964-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2014-07-19  23:32:51
ComboFix-quarantined-files.txt  2014-07-20 03:32
ComboFix2.txt  2013-08-27 17:54
ComboFix3.txt  2011-12-18 21:52
ComboFix4.txt  2010-11-02 01:00
.
Pre-Run: 29,865,283,584 bytes free
Post-Run: 30,219,026,432 bytes free
.
- - End Of File - - EF982042C7482EABC524CAE9FD8A1385
B16A2359F4962B0C622D81A1C1F4B703

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by JS3 (administrator) on DC1PW881 on 19-07-2014 23:34:06
Running from C:\Documents and Settings\JS3\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(SigmaTel, Inc.) C:\WINDOWS\STSYSTRA.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
() C:\Program Files\WizMouse\WizMouse.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKU\S-1-5-21-1123337207-482375026-1231146964-1006\...\Run: [WizMouse] => C:\Program Files\WizMouse\WizMouse.exe [121648 2011-09-30] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
ShortcutTarget: hp psc 2000 Series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - DefaultScope {13B62582-004A-4F0C-9597-5B331FFDF2E0} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {DB154946-45C2-49F1-B2E3-34DBE5806DA8}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {13B62582-004A-4F0C-9597-5B331FFDF2E0} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKCU - {2ADAA309-ED43-1B2E-122F-2C376E7FC415} URL = http://search.yahoo....ei=utf-8&fr=ie8
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DeskshopBrowserHelper Class -> {8DB3D69D-DA5E-4165-B781-72A761790672} -> C:\WINDOWS\system32\BhoDshop.dll (Orbiscom Ltd. All rights reserved.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204
DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} http://client2.tvton...3.0/install.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JS3\Application Data\Mozilla\Firefox\Profiles\bt9ykm97.default-1377636682412
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\JS3\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: RivalGaming - C:\Documents and Settings\JS3\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2013-07-04]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\gystqfr@ylgga.com [2014-07-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-08-05]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo....&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (YouTube) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]

========================== Services (Whitelisted) =================

S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [1135728 2004-04-07] (America Online, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-03-01] (AVAST Software)
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-12-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-03-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-03-01] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-11] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)
S3 JL2005; C:\WINDOWS\System32\Drivers\toywdm.sys [71336 2005-05-09] (Windows ® 2000 DDK provider) [File not signed]
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-11-02] (Intel Corporation ) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180096 2005-03-31] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S3 VX6000; C:\WINDOWS\System32\DRIVERS\VX6000Xp.sys [2069504 2009-06-26] (Microsoft Corporation
)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [X]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 bvrp_pci; No ImagePath
R3 catchme; \??\C:\DOCUME~1\JS3\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-19 23:34 - 2014-07-19 23:35 - 00015940 ____C () C:\Documents and Settings\JS3\Desktop\FRST.txt
2014-07-19 23:33 - 2014-07-19 23:34 - 00000000 ___DC () C:\FRST
2014-07-19 23:33 - 2014-07-19 23:33 - 00012257 ____C () C:\Documents and Settings\JS3\Desktop\combofix.txt
2014-07-19 23:32 - 2014-07-19 23:35 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00012257 ____C () C:\ComboFix.txt
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\temp
2014-07-19 23:05 - 2014-07-19 19:37 - 01079808 ____C (Farbar) C:\Documents and Settings\JS3\Desktop\FRST.exe
2014-07-19 23:05 - 2014-07-19 19:35 - 05222180 ___RC (Swearware) C:\Documents and Settings\JS3\Desktop\ComboFix.exe
2014-07-19 23:00 - 2014-07-19 23:00 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-05.dmp
2014-07-19 21:43 - 2014-07-19 21:43 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-04.dmp
2014-07-19 21:10 - 2014-07-19 21:10 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\SM2
2014-07-19 21:04 - 2014-07-19 21:04 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\BVRP Software
2014-07-19 20:55 - 2014-07-19 20:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-03.dmp
2014-07-19 19:48 - 2014-07-19 19:48 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-02.dmp
2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\AVAST Software
2014-07-19 19:39 - 2014-07-19 19:39 - 00000283 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to ComboFix.lnk
2014-07-19 19:39 - 2014-07-19 19:37 - 01079808 ____C (Farbar) C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\FRST.exe
2014-07-19 19:39 - 2014-07-19 19:35 - 05222180 ___RC (Swearware) C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\ComboFix.exe
2014-07-19 19:35 - 2014-07-19 19:34 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-18 09:55 - 2014-07-18 09:55 - 00001744 ____C () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-18 09:52 - 2014-07-18 09:52 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071814-01.dmp
2014-07-17 21:11 - 2014-07-17 21:10 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071714-02.dmp
2014-07-17 20:59 - 2014-07-17 20:59 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071714-01.dmp
2014-07-17 20:56 - 2014-07-17 20:56 - 00001746 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\HijackThis.lnk
2014-07-17 20:54 - 2014-07-17 20:54 - 00000914 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to SHORTCUTS.lnk
2014-07-11 16:57 - 2014-07-11 16:57 - 00000919 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to Consulting Trasnferred!.lnk
2014-07-11 16:55 - 2014-07-11 16:55 - 00000919 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to INVESTMENT.lnk
2014-07-10 20:29 - 2014-07-10 20:28 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071014-01.dmp
2014-07-08 03:00 - 2014-07-08 03:00 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\NCH Swift Sound
2014-07-08 02:04 - 2014-07-08 02:04 - 00000792 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Start Menu\Programs\Windows Media Player.lnk
2014-07-08 02:04 - 2014-07-08 02:04 - 00000786 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Windows Media Player.lnk
2014-07-08 01:57 - 2014-07-08 01:57 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\Adobe
2014-07-08 01:57 - 2014-07-08 01:57 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\Adobe
2014-07-08 01:47 - 2014-07-19 21:06 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\SAFE MODE
2014-07-08 01:45 - 2014-07-08 01:45 - 00000626 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to Downloads.lnk
2014-07-08 01:42 - 2014-07-08 01:54 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\Mozilla
2014-07-08 01:42 - 2014-07-08 01:42 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\Mozilla
2014-07-08 01:39 - 2014-07-08 01:38 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070814-01.dmp
2014-07-07 04:54 - 2014-07-07 04:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Program Files\File Type Assistant
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\DefineExt
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Documents and Settings\JS3\Application Data\ZoomBrowser EX
2014-07-05 20:57 - 2014-07-05 20:58 - 00000000 ___DC () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-05 20:22 - 2014-07-05 23:57 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-07-05 20:20 - 2014-07-05 20:20 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\Adobe
2014-07-04 18:54 - 2014-07-04 18:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070414-01.dmp
2014-07-03 17:54 - 2014-07-03 17:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-06-27 17:27 - 2014-06-27 17:27 - 00090112 ____C () C:\WINDOWS\Minidump\Mini062714-01.dmp
2014-06-26 16:12 - 2014-06-26 16:12 - 00090112 ____C () C:\WINDOWS\Minidump\Mini062614-01.dmp
2014-06-26 13:29 - 2014-06-26 13:29 - 00000000 ___DC () C:\Program Files\Citrix

==================== One Month Modified Files and Folders =======

2014-07-19 23:35 - 2014-07-19 23:34 - 00015940 ____C () C:\Documents and Settings\JS3\Desktop\FRST.txt
2014-07-19 23:35 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\temp
2014-07-19 23:35 - 2013-09-29 23:32 - 00000880 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 23:34 - 2014-07-19 23:33 - 00000000 ___DC () C:\FRST
2014-07-19 23:33 - 2014-07-19 23:33 - 00012257 ____C () C:\Documents and Settings\JS3\Desktop\combofix.txt
2014-07-19 23:32 - 2014-07-19 23:32 - 00012257 ____C () C:\ComboFix.txt
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\temp
2014-07-19 23:32 - 2011-12-18 15:53 - 00000000 ___DC () C:\Qoobox
2014-07-19 23:32 - 2004-08-10 14:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-07-19 23:32 - 2004-08-10 14:08 - 00000000 _SHDC () C:\Documents and Settings\NetworkService
2014-07-19 23:29 - 2004-08-10 13:51 - 00000321 ____C () C:\WINDOWS\system.ini
2014-07-19 23:12 - 2004-08-10 14:02 - 01435348 ____C () C:\WINDOWS\WindowsUpdate.log
2014-07-19 23:11 - 2004-08-10 14:08 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-19 23:09 - 2013-08-27 14:04 - 00000366 ___HC () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-19 23:09 - 2004-08-10 13:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-07-19 23:08 - 2014-03-28 02:37 - 00000218 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-19 23:08 - 2013-09-29 23:32 - 00000876 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 23:08 - 2011-12-19 18:43 - 00000374 ____C () C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2014-07-19 23:08 - 2004-08-10 13:59 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-07-19 23:08 - 2004-08-10 13:59 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-07-19 23:00 - 2014-07-19 23:00 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-05.dmp
2014-07-19 23:00 - 2006-07-03 22:21 - 00000000 ___DC () C:\WINDOWS\Minidump
2014-07-19 22:31 - 2013-05-03 12:36 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-19 22:11 - 2009-11-09 11:51 - 00776425 ____C () C:\WINDOWS\setupapi.log
2014-07-19 21:43 - 2014-07-19 21:43 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-04.dmp
2014-07-19 21:12 - 2007-01-17 02:25 - 00000000 ___DC () C:\Program Files\ZipWiz
2014-07-19 21:10 - 2014-07-19 21:10 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\SM2
2014-07-19 21:06 - 2014-07-08 01:47 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\SAFE MODE
2014-07-19 21:06 - 2005-08-20 11:10 - 00000000 ___DC () C:\i386
2014-07-19 21:04 - 2014-07-19 21:04 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\BVRP Software
2014-07-19 20:54 - 2014-07-19 20:55 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-03.dmp
2014-07-19 19:48 - 2014-07-19 19:48 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-02.dmp
2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\AVAST Software
2014-07-19 19:39 - 2014-07-19 19:39 - 00000283 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to ComboFix.lnk
2014-07-19 19:37 - 2014-07-19 23:05 - 01079808 ____C (Farbar) C:\Documents and Settings\JS3\Desktop\FRST.exe
2014-07-19 19:37 - 2014-07-19 19:39 - 01079808 ____C (Farbar) C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\FRST.exe
2014-07-19 19:35 - 2014-07-19 23:05 - 05222180 ___RC (Swearware) C:\Documents and Settings\JS3\Desktop\ComboFix.exe
2014-07-19 19:35 - 2014-07-19 19:39 - 05222180 ___RC (Swearware) C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\ComboFix.exe
2014-07-19 19:34 - 2014-07-19 19:35 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-19 17:50 - 2009-09-16 23:05 - 00000000 ___DC () C:\Documents and Settings\JS3\My Documents\Any Audio Converter
2014-07-18 16:48 - 2010-08-05 22:46 - 00000178 __SHC () C:\Documents and Settings\Administrator.DC1PW881.000\ntuser.ini
2014-07-18 09:55 - 2014-07-18 09:55 - 00001744 ____C () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-18 09:52 - 2014-07-18 09:52 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071814-01.dmp
2014-07-18 09:52 - 2009-09-29 17:32 - 00000330 ___HC () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-07-17 21:10 - 2014-07-17 21:11 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071714-02.dmp
2014-07-17 20:59 - 2014-07-17 20:59 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071714-01.dmp
2014-07-17 20:56 - 2014-07-17 20:56 - 00001746 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\HijackThis.lnk
2014-07-17 20:54 - 2014-07-17 20:54 - 00000914 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to SHORTCUTS.lnk
2014-07-13 21:31 - 2012-11-03 03:46 - 00699056 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-13 21:31 - 2011-09-03 22:21 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-13 20:25 - 2005-09-11 11:21 - 00000000 ___DC () C:\Documents and Settings\JS3\Desktop\SHORTCUTS
2014-07-13 19:43 - 2009-11-09 11:51 - 00000836 ____C () C:\WINDOWS\setupact.log
2014-07-11 16:57 - 2014-07-11 16:57 - 00000919 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to Consulting Trasnferred!.lnk
2014-07-11 16:55 - 2014-07-11 16:55 - 00000919 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to INVESTMENT.lnk
2014-07-10 20:28 - 2014-07-10 20:29 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071014-01.dmp
2014-07-09 01:33 - 2014-03-28 02:37 - 00000212 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-08 03:00 - 2014-07-08 03:00 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\NCH Swift Sound
2014-07-08 02:04 - 2014-07-08 02:04 - 00000792 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Start Menu\Programs\Windows Media Player.lnk
2014-07-08 02:04 - 2014-07-08 02:04 - 00000786 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Windows Media Player.lnk
2014-07-08 02:04 - 2009-10-27 19:14 - 00070509 ____C () C:\WINDOWS\wmsetup.log
2014-07-08 01:57 - 2014-07-08 01:57 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\Adobe
2014-07-08 01:57 - 2014-07-08 01:57 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\Adobe
2014-07-08 01:54 - 2014-07-08 01:42 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\Mozilla
2014-07-08 01:45 - 2014-07-08 01:45 - 00000626 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to Downloads.lnk
2014-07-08 01:42 - 2014-07-08 01:42 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\Mozilla
2014-07-08 01:38 - 2014-07-08 01:39 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070814-01.dmp
2014-07-07 05:39 - 2012-07-07 16:50 - 00000000 ___DC () C:\Documents and Settings\JS3\.umplayer
2014-07-07 04:54 - 2014-07-07 04:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-05 23:57 - 2014-07-05 20:22 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-07-05 23:57 - 2012-08-04 17:57 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-05 23:57 - 2012-08-04 17:57 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-07-05 21:58 - 2013-08-13 03:00 - 00000000 ___DC () C:\WINDOWS\system32\MRT
2014-07-05 21:52 - 2005-08-23 18:50 - 00000278 __SHC () C:\Documents and Settings\JS3\ntuser.ini
2014-07-05 21:48 - 2005-12-10 09:09 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\Google
2014-07-05 21:16 - 2010-08-05 22:46 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000
2014-07-05 21:16 - 2005-08-23 18:50 - 00000000 ___DC () C:\Documents and Settings\JS3
2014-07-05 21:16 - 2004-08-10 14:08 - 00000000 _SHDC () C:\Documents and Settings\LocalService
2014-07-05 21:16 - 2004-08-10 14:02 - 00000000 ___DC () C:\WINDOWS\Registration
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Program Files\File Type Assistant
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\DefineExt
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Documents and Settings\JS3\Application Data\ZoomBrowser EX
2014-07-05 20:58 - 2014-07-05 20:57 - 00000000 ___DC () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-05 20:58 - 2014-06-04 00:08 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2014-07-05 20:58 - 2008-08-09 09:48 - 00000000 ___DC () C:\Documents and Settings\JS3\Application Data\Malwarebytes
2014-07-05 20:58 - 2008-08-09 09:48 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-05 20:20 - 2014-07-05 20:20 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\Adobe
2014-07-05 20:15 - 2005-09-12 19:21 - 00000000 ___DC () C:\Program Files\Common Files\Adobe
2014-07-04 18:54 - 2014-07-04 18:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070414-01.dmp
2014-07-03 17:54 - 2014-07-03 17:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-06-27 17:27 - 2014-06-27 17:27 - 00090112 ____C () C:\WINDOWS\Minidump\Mini062714-01.dmp
2014-06-26 16:12 - 2014-06-26 16:12 - 00090112 ____C () C:\WINDOWS\Minidump\Mini062614-01.dmp
2014-06-26 13:29 - 2014-06-26 13:29 - 00000000 ___DC () C:\Program Files\Citrix
2014-06-26 13:29 - 2010-11-01 07:10 - 00001324 ____C () C:\WINDOWS\system32\d3d9caps.dat

Files to move or delete:
====================
C:\Documents and Settings\JS3\hpothb07.dat

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

Attached Files



#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,207 posts

Posted 20 July 2014 - 06:19 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\gystqfr@ylgga.com [2014-07-05]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S4 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [X]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
R3 catchme; \??\C:\DOCUME~1\JS3\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr;
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
Define Ext (HKCU\...\Define Ext) (Version: 8 - DefineExt.com) <==== ATTENTION
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
Free File Viewer 2011 (HKLM\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
====

How is the computer running now?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 20 July 2014 - 09:44 AM

nasdaq, I couldn't get the PC to start in Normal Windows mode after a dozen times of reboots. most of the times still getting the 0x00000024 error, a few times something else (I took pics of the screen for the record on each situation). I chose to go to Safe Mode and perform the above actions. If this doesn't make sense, let me know and I will keep trying.

 

If these logs are ok, then here they are. One comment on the AdwCleaner. I did not click on the CHECH box since some of the key I saw seemed to be legit. Others not so, then again, I don't want to mess up the registry.

 

Your advice is deeply appreciated.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:19-07-2014
Ran by Administrator at 2014-07-20 11:24:09 Run:1
Running from C:\Documents and Settings\Administrator.DC1PW881.000\Desktop
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\gystqfr@ylgga.com [2014-07-05]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S4 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [X]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
R3 catchme; \??\C:\DOCUME~1\JS3\LOCALS~1\Temp\catchme.sys [X]
U3 TlntSvr;
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
Define Ext (HKCU\...\Define Ext) (Version: 8 - DefineExt.com) <==== ATTENTION
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
Free File Viewer 2011 (HKLM\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

End
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\Backup.Old.DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Value not found.
'HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}'=> Key not found.
C:\Program Files\Mozilla Firefox\extensions\gystqfr@ylgga.com => Moved successfully.
iPod Service => Service deleted successfully.
rpcapd => Service deleted successfully.
agp440 => Service deleted successfully.
anvsnddrv => Service deleted successfully.
catchme => Service deleted successfully.
TlntSvr => Service deleted successfully.
mbr => Service not found.
Define Ext (HKCU\...\Define Ext) (Version: 8 - DefineExt.com) <==== ATTENTION => Error: No automatic fix found for this entry.
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION => Error: No automatic fix found for this entry.
Free File Viewer 2011 (HKLM\...\FreeFileViewer_is1) (Version:  - Bitberry Software) <==== ATTENTION => Error: No automatic fix found for this entry.
Yahoo! Search Protection (HKLM\...\Yahoo! Search Defender) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.

==== End of Fixlog ====

 

 

 

 

# AdwCleaner v3.211 - Report created 03/06/2014 at 23:48:22
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : JS3 - DC1PW881
# Running from : C:\Documents and Settings\JS3\My Documents\Downloads\adwcleaner_3.211.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\JS3\Application Data\ZoomBrowser EX
Folder Found : C:\Documents and Settings\JS3\Local Settings\Application Data\DefineExt
Folder Found : C:\Program Files\File Type Assistant

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Search Protection
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\MyWaySA
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\Software\Trymedia Systems

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Documents and Settings\JS3\Application Data\Mozilla\Firefox\Profiles\bt9ykm97.default-1377636682412\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCtBtA0Fzz0A0C0FtA0ByCyB0ByBtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1038598020
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3204 octets] - [03/06/2014 23:48:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3264 octets] ##########
# AdwCleaner v3.216 - Report created 20/07/2014 at 11:27:44
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - DC1PW881
# Running from : C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\adwcleaner_3.216.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found : C:\Program Files\File Type Assistant
Folder Found : C:\Program Files\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\MyWaySA
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\Software\Trymedia Systems
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v30.0 (en-US)

*************************

AdwCleaner[R0].txt - [5642 octets] - [03/06/2014 23:48:22]
AdwCleaner[S0].txt - [3390 octets] - [03/06/2014 23:52:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5762 octets] ##########



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,207 posts

Posted 20 July 2014 - 12:38 PM

Run the Clean button on the AdwCleaner tool and remove everything.

We can restore the items if needed.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 20 July 2014 - 02:39 PM

Pls remember that I am using Safe Mode since NOrmal Windows mode is essentially useless as it gets stuck even if I do something as simple as opening a folder.

 

Here is the log I got after  running the Clear button on AdwCleaner.

 

# AdwCleaner v3.211 - Report created 03/06/2014 at 23:52:12
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : JS3 - DC1PW881
# Running from : C:\Documents and Settings\JS3\My Documents\Downloads\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Documents and Settings\JS3\Local Settings\Application Data\DefineExt
Folder Deleted : C:\Documents and Settings\JS3\Application Data\ZoomBrowser EX

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\MyWaySA
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Documents and Settings\JS3\Application Data\Mozilla\Firefox\Profiles\bt9ykm97.default-1377636682412\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtCtBtA0Fzz0A0C0FtA0ByCyB0ByBtN0D0Tzu0CtCzzzytN1L2XzutBtFtCtFtDtFtAtDtC&cr=1038598020
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3344 octets] - [03/06/2014 23:48:22]
AdwCleaner[S0].txt - [3250 octets] - [03/06/2014 23:52:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3310 octets] ##########
# AdwCleaner v3.216 - Report created 20/07/2014 at 16:29:17
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - DC1PW881
# Running from : C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Program Files\NCH Software

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\MyWaySA
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v30.0 (en-US)

*************************

AdwCleaner[R0].txt - [5842 octets] - [03/06/2014 23:48:22]
AdwCleaner[R1].txt - [2558 octets] - [20/07/2014 16:12:43]
AdwCleaner[R2].txt - [2618 octets] - [20/07/2014 16:28:21]
AdwCleaner[S0].txt - [5907 octets] - [03/06/2014 23:52:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5967 octets] ##########

 



#10 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 20 July 2014 - 07:02 PM

Just for kicks I rebooted the computer from Safe Mode. On its way out, it gave me another error + blue screen (I've been taking pics of these in case they might be useful). So I turned off the PC, then booted to Normal mode, but still got the same 0x000000024 error. At that point, I turned off the computer to give it some rest. Not quite rest in peace yet, but I think getting there.



#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,207 posts

Posted 21 July 2014 - 04:57 AM

To continue with this you will need the Windows XP installation disk.

Or you can try the suggested fix on this page.

http://answers.micro...m=1310339091657

Unless you have important files on this computer that you want to safe I would not spend much time on it.
But it you have the time and want to try it. Your call.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 21 July 2014 - 07:49 AM

I found a DVD that I am very certain is from the problem PC. It says (excerpts):

"Operating System - Already Installed On Your Computer

"Reinstallation DVD: Microsoft Windows XP Media Center Version 2005 With Update Rollup2

"Only use this DVD to reinstall the operating systems on a Dell PC

"2006 Dell - P/N MW892"

 

I can try this before trying the other approach you mention above. Pls advice on procedure. Will this wipe out apps & data from the PC? I think I downloaded essentially all the data when it was beginning to act up a few months ago so any losses can be ignored.



#13 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 21 July 2014 - 11:35 AM

nasdaq: I forgot. I haven't done this before and it might be simple, but your advice is appreciated. I assume I will have to go to some changes in the way the PC starts so it goes to the DVD ... there is where I will appreciate help. Thanks!



#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,207 posts

Posted 22 July 2014 - 05:19 AM

Look at this pate.

Update Rollup 2 for Windows XP Media Center Edition 2005
http://support.microsoft.com/kb/900325

The link to the Media Download is dead.

I do not believe you need it for the moment.

The error code is referring to possible Hardware problems or even some RAM issues.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#15 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 22 July 2014 - 08:25 AM

Hi nasdaq, I missed the point. Did not understand what your note. ... Maybe you are telling me that might as well consider the PC dead (?).

 

If that is the case, I think you may be right since I haven't been able to get in working at all. Safe Mode or otherwise,

 

Last night I tried to boot from the CD, by hitting either F2 and later F12 so that the PC would use the CD. The WIndows Setup started to load, and after 15 minutes or so, when it had loaded the stuff, attempted to boot, and right after the Windows screen (the black background with the MS logo ) the PC went to the blue screen.

 

I wondered if I had properly done the loading of the CD, but I don't see any other way...

 

Pls advice   Thank!



#16 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,207 posts

Posted 23 July 2014 - 06:01 AM

It may just be that this computer cannot be repaired.

I'm willing to try a few things if you want to continue.

Like ckecking your RAM.

Read the instructions on this page.

I suggest you use a USB to proceed.

http://www.cnet.com/...ram-in-windows/

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#17 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 24 July 2014 - 09:12 AM

nasdaq, does it make sense to buy some RAM and see if that fixes the problem? I know that BestBuy will take it back within 14 days, so a simple thing to try... I will do so, and report my findings



#18 azuleno

azuleno

    Advanced Member

  • Full Member
  • PipPipPip
  • 224 posts

Posted 24 July 2014 - 06:56 PM

Hi nasdaq, I was going to buy RAM for the PC, but upon discussing with one of the Geek Guys @ BestBuy the symptoms of how the PC died (in 'steps', in a period of a few weeks; unlike a light bulb burning out at once) he thought, and it sort of makes sense, that the problem is hardware (hard drive). If it had been RAM he said it would had just simply failed like a light bulb burning out. Instant death.

 

So, RIP the PC. So long all my XP computers. Thanks anyways for your help. Keep up the excellent service you guys have been providing for free. I have pitched in to support you folks all the time. This will be no exception. It is special since it gives closure to a PC era.... the XP era.

 

So this ticket can be closed.

 

Thanks again.



#19 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,207 posts

Posted 25 July 2014 - 05:57 AM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of ASAP and UNITE
Support SpywareInfo Forum - click the button