Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD IRQL Not Less Or Equal Windows XP


  • Please log in to reply

#1
clxskeeg

clxskeeg

    Member

  • Member
  • PipPip
  • 60 posts

BSOD IRQL Not Less Or Equal. Firefox default browser will not open. I am posting using IE.

 

computer is ASUSTeK Computer INC. 1101HA  notebook.
 

 

 

Running Windows XP Service Pack 3, have been receiving updated Windows Malicious Software Removal Tools, and have been installing and running them.

 

Had a lot of updates to my Firefox Ad Ons about 2 weeks ago. I first noticed that now VLC Player would not play any visual files, the window would open with the name of the file at the top bar but would immediately crash. Also when I clicked to send a crash report it said could not be completed, and this happened several times, but I could play mp3 sound only files in VLC, and compatable visual files would play in Windows Media Player, the same files that crashed VLC.

 

Then I started to get the BSOD. It always seem to happen just within the first 5 or 10 minutes of boot-up, and mostly when I would open Firefox and went to a page which had files which triggered ny Video Downloadhelper add-on in FF. Then after the computer was restarted after that first BSOD, it would run fine for hours. Then next day, turn on computer, run for 7-8 mins, BSOD, restart, operate OK rest of the day. This has happened every day for 2 weeks.

 

I tried re-install of VLC, did not fix, also delete Video Downloadhelper. didn't help.

 

Then just today I tried to restore the system to an earlier time, I picked a point 30 days ago, did the restore, but now here is the real problem:

Firefox will not open when I click any icons for it.

 

FF will not open in Windows safe mode

 

Avast Antivirus has an software update function, but it will not update FF, says update failed must do manually ( I have FF 36 and I guess an update to 37 has been just released).

 

Can not remove FF for an uninstall/reinstall, Add/remove programs just sits after I click remove, and Revo Uninstaller will not complete as it hangs after step 1 cannot create restore point.

Can not undo the system restore back to today or restore to any other point, if I start the restore Windows gives me a message that it can not be done.

 

 

I am not quite sure if this is a malware problem of a massive incompatability from updates.

 

 

 

some numbers copied from the BSOD screens

 

 

BCCode : 1000000a     BCP1 : 000005C4     BCP2 : 0000001C     BCP3 : 00000001
BCP4 : 80545263     OSVer : 5_1_2600     SP : 3_0     Product : 768_1

 

C:\DOCUME~1\Owner\LOCALS~1\Temp\WER352b.dir00\Mini032015-01.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER352b.dir00\sysdata.xml  

 

 

BCCode : 1000000a     BCP1 : 00000FF8     BCP2 : 0000001D     BCP3 : 00000000
BCP4 : 804FFB6A     OSVer : 5_1_2600     SP : 3_0     Product : 768_1  

 

 

a few days ago I tried some selfhelp, ran rkill.exe, adwcleaner_4.200.exe, JRT.exe, (a few reg keys deleted), and did a malwarebites updated scan including rootkit, and eset online virus scan, nothing found.

 

 

I have been using IE8 as a browser for now, and I have not gotten any BSOD at all with it so far, but I am not used to it, it doesn't seem to function like FireFox, and may be buggy by being so out of date,

 

 

 

Scans below

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Owner (administrator) on YOUR-LEM00LFU81 on 01-04-2015 17:06:29
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\PersistenceThread.exe
() C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsEPCMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Comfort Software Group) C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Toolbar\wltuser.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1512744 2009-04-09] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [79144 2009-04-09] (Synaptics Incorporated)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17881600 2009-05-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PersistenceThread] => C:\WINDOWS\system32\PersistenceThread.exe [96792 2009-12-14] (Intel Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [712704 2009-06-25] ()
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [EasyMode] => C:\Program Files\\ASUS\\Easy Mode\\Easy Mode.exe [1249280 2009-03-18] ()
HKLM\...\Run: [AsusEPCMonitor] => C:\Program Files\EeePC\ACPI\AsEPCMon.exe [98304 2009-05-08] (ASUSTeK Computer Inc.)
HKLM\...\Run: [AsusACPIServer] => C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [700416 2009-07-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-01] (AVAST Software)
Winlogon\Notify\igdlogin: C:\WINDOWS\system32\igdlogin.dll ()
HKU\S-1-5-21-3757006212-1298658743-396924995-1003\...\Run: [FreeAC] => C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3757006212-1298658743-396924995-1003\...\MountPoints2: {17731b76-72ae-11e4-a839-0025d37bbeef} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk
ShortcutTarget:  SuperHybridEngine.lnk -> C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3757006212-1298658743-396924995-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15] (Skype Technologies S.A.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-18] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3757006212-1298658743-396924995-1003 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1259061635718
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2009-07-16] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-04-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-19]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [Not Found]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-18] (AVAST Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1529600 2009-03-27] (Atheros Communications, Inc.)
R3 AsusACPI; C:\WINDOWS\System32\DRIVERS\ASUSACPI.sys [10752 2008-04-08] (ASUSTeK Computer Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-18] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-11-18] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-18] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-11-18] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2014-11-18] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-18] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-18] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-04-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-04-01] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-18] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-18] ()
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [55152 2009-02-06] (Microsoft Corporation)
R3 igd; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [583360 2009-12-03] (Intel Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 uvclf; C:\WINDOWS\System32\DRIVERS\uvclf.sys [39040 2008-11-18] (GenesysLogic Technologies, Inc.)
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S3 btwhid; system32\DRIVERS\btwhid.sys [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 17:06 - 2015-04-01 17:07 - 00013217 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2015-04-01 17:06 - 2015-04-01 17:06 - 00000000 ____D () C:\FRST
2015-04-01 17:01 - 2015-04-01 17:01 - 01135104 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2015-04-01 14:39 - 2014-11-18 19:17 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-04-01 14:30 - 2015-04-01 16:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-01 14:24 - 2015-04-01 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-04-01 14:23 - 2015-04-01 14:23 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2015-04-01 14:08 - 2015-04-01 14:08 - 00081920 _____ () C:\WINDOWS\Minidump\Mini040115-02.dmp
2015-04-01 13:49 - 2015-04-01 13:49 - 00081920 _____ () C:\WINDOWS\Minidump\Mini040115-01.dmp
2015-03-31 20:33 - 2015-03-31 20:33 - 00081920 _____ () C:\WINDOWS\Minidump\Mini033115-01.dmp
2015-03-31 12:54 - 2015-03-31 12:54 - 00000589 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2015-03-31 12:32 - 2015-04-01 14:14 - 00000000 ____D () C:\AdwCleaner
2015-03-31 12:29 - 2015-03-31 12:31 - 00002414 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2015-03-30 21:01 - 2015-03-30 21:01 - 00081920 _____ () C:\WINDOWS\Minidump\Mini033015-02.dmp
2015-03-30 11:36 - 2015-03-30 11:36 - 00081920 _____ () C:\WINDOWS\Minidump\Mini033015-01.dmp
2015-03-29 21:02 - 2015-03-29 21:02 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032915-04.dmp
2015-03-29 17:48 - 2015-03-29 17:48 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032915-03.dmp
2015-03-29 11:52 - 2015-03-29 11:52 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032915-02.dmp
2015-03-29 11:42 - 2015-03-29 11:42 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032915-01.dmp
2015-03-28 21:37 - 2015-03-28 21:37 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032815-01.dmp
2015-03-27 20:11 - 2015-03-27 20:11 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032715-01.dmp
2015-03-26 15:24 - 2015-03-26 15:44 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\LUBECK
2015-03-25 15:29 - 2015-03-25 15:29 - 00016322 _____ () C:\Documents and Settings\Owner\My Documents\Registration Renewal - 2015.htm
2015-03-25 15:29 - 2015-03-25 15:29 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Registration Renewal - 2015_files
2015-03-25 13:06 - 2015-03-25 13:05 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032515-01.dmp
2015-03-24 21:35 - 2015-03-24 21:35 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032415-01.dmp
2015-03-23 20:57 - 2015-03-23 20:56 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032315-02.dmp
2015-03-23 17:09 - 2015-03-23 17:09 - 00000166 _____ () C:\Documents and Settings\Owner\My Documents\blue3.txt
2015-03-23 17:06 - 2015-03-23 17:06 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032315-01.dmp
2015-03-23 07:01 - 2015-03-23 07:01 - 00000153 _____ () C:\Documents and Settings\Owner\My Documents\blue2.txt
2015-03-22 20:39 - 2015-03-22 20:39 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032215-01.dmp
2015-03-21 11:48 - 2015-03-21 11:48 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032115-01.dmp
2015-03-20 20:18 - 2015-03-20 20:18 - 00000153 _____ () C:\Documents and Settings\Owner\My Documents\blue.txt
2015-03-20 20:16 - 2015-03-20 20:16 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032015-02.dmp
2015-03-20 17:44 - 2015-03-20 17:44 - 00000282 _____ () C:\Documents and Settings\Owner\My Documents\blue_screen.txt
2015-03-20 14:01 - 2015-03-20 14:01 - 00000875 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
2015-03-20 13:11 - 2015-03-20 13:11 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032015-01.dmp
2015-03-19 19:30 - 2015-03-19 19:30 - 00002274 _____ () C:\Documents and Settings\Owner\My Documents\PETER.txt
2015-03-19 08:12 - 2015-03-19 08:18 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\BELT
2015-03-16 11:49 - 2015-04-01 14:23 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc(2)
2015-03-14 08:26 - 2015-03-14 08:26 - 00000001 _____ () C:\Documents and Settings\Owner\My Documents\red.txt
2015-03-13 17:40 - 2015-03-13 17:40 - 00000115 _____ () C:\Documents and Settings\Owner\My Documents\AUGER_estate.txt
2015-03-12 18:22 - 2015-03-13 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\ROOM
2015-03-10 15:44 - 2015-03-10 15:44 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\516CANON
2015-03-09 19:45 - 2015-03-09 19:45 - 00001934 _____ () C:\Documents and Settings\Owner\My Documents\Brussel_Sprouts.txt
2015-03-09 18:08 - 2015-03-09 18:08 - 00119816 _____ () C:\Documents and Settings\Owner\My Documents\Linguine with Brussel Sprouts Barigoule Recipe _ Epicurious.com.htm
2015-03-09 18:08 - 2015-03-09 18:08 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Linguine with Brussel Sprouts Barigoule Recipe _ Epicurious.com_files
2015-03-07 14:05 - 2015-03-07 14:06 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\JOBS
2015-03-07 07:43 - 2015-03-07 07:43 - 00000671 _____ () C:\Documents and Settings\Owner\My Documents\xxxxxxxx.txt
2015-03-06 13:10 - 2015-03-06 13:10 - 00000117 _____ () C:\Documents and Settings\Owner\My Documents\RandPaul.txt
2015-03-05 09:03 - 2015-03-05 09:03 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\TAX
2015-03-02 14:43 - 2015-03-02 14:43 - 06903996 _____ () C:\Program Files\-TRANSFERs.caf
2015-03-02 13:39 - 2015-04-01 15:01 - 00030021 _____ () C:\WINDOWS\setupapi.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 17:07 - 2009-08-17 14:13 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2015-04-01 16:56 - 2009-08-17 14:07 - 01481638 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-01 16:37 - 2009-08-17 07:00 - 00509652 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-01 16:34 - 2014-10-19 16:44 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-04-01 16:33 - 2014-06-21 12:11 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-01 16:33 - 2009-08-17 14:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-01 16:33 - 2009-08-17 07:03 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-01 16:33 - 2009-08-17 07:03 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-04-01 16:32 - 2014-07-30 11:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
2015-04-01 16:31 - 2014-11-18 19:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-04-01 16:31 - 2014-06-19 10:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-01 16:28 - 2009-08-17 14:13 - 00032124 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-01 15:42 - 2009-08-17 14:13 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2015-04-01 15:35 - 2009-08-17 14:13 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-04-01 15:27 - 2014-10-30 19:47 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 15:13 - 2015-01-15 20:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-01 15:13 - 2014-07-24 13:16 - 00778928 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-01 15:13 - 2014-07-24 13:16 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-01 15:12 - 2014-07-23 19:42 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-04-01 14:44 - 2014-11-18 19:20 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk
2015-04-01 14:44 - 2014-11-18 19:20 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-04-01 14:43 - 2014-10-19 16:42 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-04-01 14:43 - 2014-10-19 16:42 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-04-01 14:41 - 2009-11-24 10:54 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-01 14:37 - 2009-08-17 13:51 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-01 14:35 - 2009-08-17 14:13 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-01 14:35 - 2009-08-17 14:13 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-01 14:35 - 2009-08-17 14:13 - 00000000 ____D () C:\Documents and Settings\Owner
2015-04-01 14:35 - 2009-08-17 14:06 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-01 14:34 - 2015-03-01 08:39 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Old Firefox Data
2015-04-01 14:34 - 2014-06-21 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-04-01 14:32 - 2014-08-05 15:23 - 00000000 ____D () C:\Documents and Settings\Owner\dwhelper
2015-04-01 14:30 - 2014-06-21 12:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-01 14:28 - 2014-11-22 14:52 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\gtk-2.0
2015-04-01 14:23 - 2014-10-30 19:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-01 14:23 - 2014-10-30 19:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-01 14:13 - 2009-08-17 14:07 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-04-01 14:08 - 2014-07-10 07:25 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-20 17:36 - 2014-11-22 14:32 - 00000000 ____D () C:\Documents and Settings\Owner\.gimp-2.8
2015-03-10 15:43 - 2014-11-22 14:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\515CANON
2015-03-03 20:50 - 2015-01-28 17:51 - 00024548 _____ () C:\Documents and Settings\Owner\My Documents\BRADY.txt
2015-03-02 20:10 - 2014-11-22 21:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\U3
2015-03-02 14:44 - 2014-12-26 16:40 - 00197857 _____ () C:\Program Files\-tRANSFERS1.caf

==================== Files in the root of some directories =======

2015-03-02 14:43 - 2015-03-02 14:43 - 6903996 _____ () C:\Program Files\-TRANSFERs.caf
2014-12-26 16:40 - 2015-03-02 14:44 - 0197857 _____ () C:\Program Files\-tRANSFERS1.caf
2014-11-28 00:38 - 2013-10-29 09:36 - 0155648 _____ (Robert Vasicek) C:\Program Files\Cathy.exe
2014-11-28 00:36 - 2014-11-28 00:37 - 0066639 _____ () C:\Program Files\Cathy2313.zip
2015-01-24 05:22 - 2015-01-24 05:21 - 1729768 _____ (Comfort Software Group                                      ) C:\Program Files\FreeAlarmClockSetup.exe
2014-11-26 19:20 - 2014-11-26 19:22 - 4151768 _____ (HTTrack                                                     ) C:\Program Files\httrack-3.48.19.exe
2014-12-07 22:45 - 2014-12-07 22:45 - 0448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe
2014-07-30 11:24 - 2014-12-22 16:29 - 1378640 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe
2014-11-28 00:45 - 2014-11-28 00:48 - 5073240 _____ (Microsoft Corporation) C:\Program Files\vcredist_x86.exe
2014-07-23 19:17 - 2015-01-04 21:46 - 0037376 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 14:01 - 2015-03-20 14:01 - 0000875 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Owner at 2015-04-01 17:09:25
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 8.1.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81100000003}) (Version: 8.1.1 - Adobe Systems Incorporated)
Asus ACPI Driver (HKLM\...\{19F5658D-92E8-4A08-8657-D38ABB1574B2}) (Version: 6.1.1.1023 - AsusTek Computer)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.166 - Ecareme, Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
Avast Internet Security (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Azurewave Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.7.0 - Azurewave)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CrystalDiskInfo 6.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
Data Sync (HKLM\...\{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}) (Version: 1.0.2 - ASUS)
Easy Mode (HKLM\...\{F0DE168D-39C0-4378-BD45-C7D150DC5D0E}) (Version: 1.05.0049 - ASUSTek)
EzMessenger (HKLM\...\{C72CA49A-9237-4810-8449-45DA3BD26D64}) (Version: 1.0.2 - ASUS)
FontResizer (HKLM\...\{47BACF74-5A07-48BD-BADB-A769550F0F5A}) (Version: 1.00.0010 - ASUSTek)
Free Alarm Clock 3.1.0 (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GamePark Console (HKLM\...\{91C25C4D-5484-411B-8891-F62EFEA02F54}_is1) (Version: 5.2.0.9 - Oberon Media, Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel® Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version:  - )
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.13 - Asus)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
ophcrack 3.6.0 (HKLM\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5851 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3810 - Skype Technologies S.A.)
Skype™ 4.1 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.1.141 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 1.18 - ASUS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.0.1.0 - Synaptics Incorporated)
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - Microsoft)
USB2.0 UVC Camera Device (HKLM\...\{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}) (Version: 0.1.0.0 - UVCPCC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinHTTrack Website Copier 3.48-19 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)

==================== Restore Points  =========================

13-01-2015 23:35:27 System Checkpoint
14-01-2015 14:54:58 Software Distribution Service 3.0
16-01-2015 01:03:00 System Checkpoint
17-01-2015 06:25:46 System Checkpoint
18-01-2015 07:12:12 System Checkpoint
19-01-2015 08:53:01 System Checkpoint
20-01-2015 20:19:40 System Checkpoint
21-01-2015 21:17:20 System Checkpoint
22-01-2015 23:52:01 System Checkpoint
24-01-2015 01:38:34 System Checkpoint
25-01-2015 05:10:17 System Checkpoint
26-01-2015 07:18:28 System Checkpoint
27-01-2015 15:18:47 System Checkpoint
29-01-2015 00:52:40 System Checkpoint
30-01-2015 01:21:49 System Checkpoint
31-01-2015 08:06:11 System Checkpoint
01-02-2015 15:36:35 System Checkpoint
03-02-2015 01:37:47 System Checkpoint
04-02-2015 01:45:19 System Checkpoint
05-02-2015 05:31:44 System Checkpoint
06-02-2015 07:19:14 System Checkpoint
07-02-2015 07:46:31 System Checkpoint
08-02-2015 18:18:01 System Checkpoint
10-02-2015 00:56:28 System Checkpoint
11-02-2015 08:21:50 Software Distribution Service 3.0
13-02-2015 01:00:22 System Checkpoint
14-02-2015 07:35:37 System Checkpoint
16-02-2015 01:03:56 System Checkpoint
17-02-2015 05:30:51 System Checkpoint
18-02-2015 08:11:13 System Checkpoint
20-02-2015 00:52:02 System Checkpoint
21-02-2015 06:14:55 System Checkpoint
22-02-2015 11:08:37 System Checkpoint
24-02-2015 00:55:21 System Checkpoint
25-02-2015 07:14:23 System Checkpoint
26-02-2015 17:58:12 System Checkpoint
27-02-2015 23:08:13 System Checkpoint
01-03-2015 05:15:12 System Checkpoint
02-03-2015 18:27:35 System Checkpoint
03-03-2015 18:58:19 System Checkpoint
04-03-2015 21:33:45 System Checkpoint
06-03-2015 00:12:29 System Checkpoint
07-03-2015 07:20:52 System Checkpoint
08-03-2015 20:29:34 System Checkpoint
10-03-2015 01:02:10 System Checkpoint
11-03-2015 11:02:02 Software Distribution Service 3.0
12-03-2015 14:05:30 System Checkpoint
14-03-2015 20:56:25 System Checkpoint
16-03-2015 05:36:48 System Checkpoint
16-03-2015 11:15:08 Revo Uninstaller's restore point - VLC media player
17-03-2015 23:27:55 System Checkpoint
19-03-2015 05:17:41 System Checkpoint
19-03-2015 15:03:38 avast! antivirus system restore point
20-03-2015 17:12:35 System Checkpoint
21-03-2015 21:29:23 System Checkpoint
23-03-2015 00:24:11 System Checkpoint
24-03-2015 07:03:12 System Checkpoint
25-03-2015 21:43:24 System Checkpoint
26-03-2015 23:13:59 System Checkpoint
28-03-2015 07:12:15 System Checkpoint
29-03-2015 12:58:23 System Checkpoint
30-03-2015 17:34:40 System Checkpoint
01-04-2015 00:41:28 System Checkpoint
01-04-2015 14:13:05 Restore Operation
01-04-2015 14:37:50 avast! antivirus system restore point
01-04-2015 14:40:56 Software Distribution Service 3.0
01-04-2015 16:09:50 Restore Operation
01-04-2015 16:33:49 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-08-17 13:51 - 2014-10-19 16:34 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-01 14:49 - 2015-04-01 14:49 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040102\algo.dll
2009-06-25 11:25 - 2009-06-25 11:25 - 00712704 _____ () C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
2009-03-23 17:53 - 2009-03-23 17:53 - 00106496 _____ () C:\Program Files\Asus\LiveUpdate\ClientSocket.dll
2009-03-23 17:55 - 2009-03-23 17:55 - 00176128 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2009-06-25 10:15 - 2009-06-25 10:15 - 00135168 _____ () C:\Program Files\Asus\LiveUpdate\Enumeration.dll
2015-03-13 14:14 - 2015-04-01 14:43 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3757006212-1298658743-396924995-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\EeePC_wallpaper1.bmp
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

==================== Accounts: =============================

Administrator (S-1-5-21-3757006212-1298658743-396924995-500 - Administrator - Enabled)
Guest (S-1-5-21-3757006212-1298658743-396924995-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3757006212-1298658743-396924995-1004 - Limited - Disabled)
Owner (S-1-5-21-3757006212-1298658743-396924995-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-3757006212-1298658743-396924995-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 03:50:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application gimp-2.8.exe, version 2.8.14.0, faulting module gimp-2.8.exe, version 2.8.14.0, fault address 0x000e4fb6.
Processing media-specific event for [gimp-2.8.exe!ws!]

Error: (12/27/2014 03:30:49 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 00000050.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/27/2014 03:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dbp.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x003eeb10.
Processing media-specific event for [dbp.exe!ws!]

Error: (12/12/2014 01:34:40 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 672907187.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (12/12/2014 01:34:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 34.0.0.5442, faulting module mozalloc.dll, version 34.0.0.5442, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/19/2014 08:59:09 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/19/2014 08:59:09 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/20/2010 11:59:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/20/2010 11:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/13/2010 00:52:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (04/01/2015 03:35:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SeaPort service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/01/2015 03:32:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/01/2015 03:24:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
BANTExt
Fips
intelppm

Error: (04/01/2015 03:23:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/01/2015 03:00:55 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (04/01/2015 02:10:06 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 000005c4, parameter2 0000001c, parameter3 00000001, parameter4 80545263.

Error: (04/01/2015 01:58:05 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 00000f34, parameter2 0000001d, parameter3 00000000, parameter4 804ffb6a.

Error: (04/01/2015 01:38:50 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0025D37BBEEF has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/31/2015 08:35:16 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 00000fec, parameter2 0000001d, parameter3 00000000, parameter4 804ffb6a.

Error: (03/31/2015 08:34:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0025D37BBEEF has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Atom™ CPU Z520 @ 1.33GHz
Percentage of memory in use: 79%
Total physical RAM: 1013.86 MB
Available physical RAM: 211.68 MB
Total Pagefile: 2440.55 MB
Available Pagefile: 1652.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.12 GB) (Free:2.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (Toshiba Canvio Hard Drive(E:)) (Fixed) (Total:2794.51 GB) (Free:1455.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 6E762533)
Partition 1: (Active) - (Size=144.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.9 GB) - (Type=1C)
Partition 3: (Not Active) - (Size=39 MB) - (Type=EF)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End Of Log ============================

 

 

 

From 1 day ago

 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 03/31/2015 12:29:32 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 03/31/2015 12:31:40 PM
Execution time: 0 hours(s), 2 minute(s), and 8 seconds(s)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.9 (03.31.2015:1)
OS: Microsoft Windows XP x86
Ran by Owner on Tue 03/31/2015 at 12:42:29.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/31/2015 at 12:54:52.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by clxskeeg, 03 April 2015 - 08:05 AM.

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts

Welcome and sorry for the delay.

Please browse to the C:\WINDOWS folder, right click on the Minidump folder and select Send to -> Compressed zipped folder. This will create a zip folder in the C:\WINDOWS folder.

Please upload the zipped folder in your reply. If too large, attempt to upload it here.


  • 0

#3
clxskeeg

clxskeeg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Thanks for getting back to me.
 
The way to computer stands now is that Firefox finally did update and now opens and works. Computer ran Fri and Sat in Firefox without BSOD, but late Sunday I booted up and got it again, and got it this morning just before opening this reply, it appears tom be the same situation as in the beginning, with VLC player still not playing any visual files, although those files will play in Windows Media Player. As soon as I "get" the BSOD soon after turning the computer on, the OS works fine the rest of the day, no BSOD.

 

Minidump zip is attached.Attached File  Minidump.zip   467.42KB   32 downloads


  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts

Seems memory related, but lets take a look at the files that caused the BSOD

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

hall.dll;afd.sys;ntoskrnl.exe

It then should look like:

Search: hall.dll;afd.sys;ntoskrnl.exe

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.


  • 0

#5
clxskeeg

clxskeeg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Turned on this computer and started to read and respond to your reply and in about 12  minutes I got the BSOD, but this time it said "TRAP_CAUSE_UNKNOWN" instead or IRQL.

But I don't follow what you say about a USB drive, I don't see any instructions on the "do this first page" about pluging in a USB stick. I deleted the FRST I downloaded to the desktop a few days ago, and downloaded a fresh file to the desktop.

Here is the Search text that was saved to the desktop:

Farbar Recovery Scan Tool (x86) Version: 13-04-2015
Ran by Owner at 2015-04-13 17:34:28
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

================== Search Files: "hall.dll;afd.sys;ntoskrnl.exe" =============

C:\WINDOWS\system32\ntoskrnl.exe
[2008-04-13 20:54][2013-07-03 23:03] 2149888 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\system32\drivers\afd.sys
[2009-08-17 13:51][2011-08-17 09:49] 0138496 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\system32\dllcache\afd.sys
[2009-08-17 13:51][2011-08-17 09:49] 0138496 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2009-08-17 14:49][2013-07-03 22:59] 2193536 ___AC (Microsoft Corporation)  [File is signed]

C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2009-08-17 14:49][2013-07-03 22:59] 2193536 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe
[2010-04-14 08:57][2009-12-08 15:26] 2145280 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB977165-v2$\ntoskrnl.exe
[2010-03-28 16:49][2009-08-04 11:13] 2145280 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2009-11-24 10:51][2009-02-06 07:06] 2145280 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2009-08-17 14:50][2008-06-20 07:40] 0138496 ___AC (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[2009-08-17 14:49][2008-04-14 08:00] 2145280 ___AC (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2009-08-17 14:45][2008-04-14 08:00] 0138112 ___AC (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB2859537$\ntoskrnl.exe
[2014-06-19 10:46][2012-04-11 09:14] 2148352 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe
[2014-06-19 10:24][2010-12-09 09:42] 2148864 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2014-06-19 10:49][2008-10-16 10:43] 0138496 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2014-06-19 10:25][2008-08-14 06:04] 0138496 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe
[2014-06-19 10:08][2010-02-16 10:08] 2146304 ____C (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2010-04-13 22:18][2010-02-16 08:52] 2190080 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB977165-v2\SP3QFE\ntoskrnl.exe
[2009-12-09 16:22][2009-12-09 16:22] 2189312 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[2009-11-24 07:52][2009-08-04 09:56] 2189312 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[2008-08-14 16:11][2008-08-14 16:11] 2189184 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2009-08-17 14:50][2008-08-14 06:34] 0138496 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009-02-07 19:35][2009-02-07 19:35] 2189184 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2009-08-17 14:45][2008-06-20 07:48] 0138496 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[2012-04-11 09:22][2012-04-11 09:22] 2192640 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2014-06-19 06:52][2011-08-17 09:41] 0138496 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008-10-16 11:07][2008-10-16 11:07] 0138496 ____A (Microsoft Corporation)  [File is signed]

C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2014-06-19 06:48][2010-12-09 09:43] 2192768 ____A (Microsoft Corporation)  [File is signed]

====== End Of Search ======

 

 

oops, I just realized I have an SD card from my digital camera in the card reader slot of this notebook, was that what you thought was a USB?


Edited by clxskeeg, 13 April 2015 - 03:46 PM.

  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts

My fault, mispelled hal.dll. Lets check this file again. If shows as signed, we will need to troubleshoot Windows.

 

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

hal.dll

It then should look like:

Search: hal.dll

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.


  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts

When you use System Restore, after installing a program, the Registry gets modify and loses the entries for those programs.

Please remove the following programs

VLC media player
AVAST


See how the computer handle itself without these programs.

As part of the above fix, follow these steps after removing these programs. It will remove some remnants:

Please download this attached Attached File  fixlist.txt   559bytes   39 downloads and save it in the same directory as FRST.

  • Start FRST .
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

  • 0

#8
clxskeeg

clxskeeg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Here is the resault of the hal,dll search

 

Farbar Recovery Scan Tool (x86) Version: 13-04-2015
Ran by Owner at 2015-04-13 21:05:08
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal

================== Search Files: "hal.dll" =============

C:\WINDOWS\system32\hal.dll
[2008-04-13 20:01][2008-04-14 08:00] 0134400 ____A (Microsoft Corporation)  [File is signed]

====== End Of Search ======

 

 

 

 

 

 

 

Here is the fixlog.txt

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-04-2015
Ran by Owner at 2015-04-13 21:28:27 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\Documents and Settings\Owner\Application Data\vlc(2)
C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
C:\Program Files\VideoLAN
C:\Documents and Settings\Owner\Application Data\vlc
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
EmptyTemp:
End
*****************

C:\Documents and Settings\Owner\Application Data\vlc(2) => Moved successfully.
"C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN" => File/Directory not found.
C:\Program Files\VideoLAN => Moved successfully.
"C:\Documents and Settings\Owner\Application Data\vlc" => File/Directory not found.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
C:\Program Files\VideoLAN\VLC\npvlc.dll not found.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5" => Key deleted successfully.
C:\Program Files\VideoLAN\VLC\npvlc.dll not found.
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0 => Key not found.
C:\Program Files\VideoLAN\VLC\npvlc.dll not found.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 21:32:21 ====


Edited by clxskeeg, 13 April 2015 - 07:39 PM.

  • 0

#9
clxskeeg

clxskeeg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

After deleting the 2 programs last night, I have been running the computer for about an hour this morning and no BSOD (so far).

 

 

Also, reminding that I was getting the BSOD before I did the Restore

 

 

Will it be possible to re-install new downloads of them?


  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts

If you haven't had a problem, try reloading AVAST, then test for a while the computer. If a BSOD occurs, then AVAST shouldn't be your antivirus. If no BSOD is experience, then load Videolan, and test again.

 

Keep me posted.


  • 0

#11
clxskeeg

clxskeeg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Well, I re-installed the AVAST this morning, and while it was installing, I got the BSOD, even thought the computer had been operating for over an hour. After the restart, I started a scan with Avast while doing other work and web research, and after an hour or so got the BSOD again! Since that second time and a restart, no BSOD for about 4 hours.

 

Avast has just been redesigned with a whole new framework, but I don't remember if the BSOD started BEFORE that last update. I am using an old OS Windows XP and the hardware is a netbook, known for limited RAM and CPU. And when I went to the Avast community help board, there was a recent poster who opened a thread about Avast now using too much CPU. Does that sound like it would produce the IRQL error?

 

What would be the alternatives for a free Anti Virus? What would be the best AV with a paid subscription?


  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,965 posts

The BSOD happens when a file attempt to reach a space in memory that is already occupied.  Any antivirus or Spyware with real-time features, will remain in memory occupying a lot of memory. That will certainly slow down the computer.

 

For information and guidelines you can read this article    by Miekiemoes.
 

This article provides many options you may follow.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP