BSOD IRQL Not Less Or Equal. Firefox default browser will not open. I am posting using IE.
computer is ASUSTeK Computer INC. 1101HA notebook.
Running Windows XP Service Pack 3, have been receiving updated Windows Malicious Software Removal Tools, and have been installing and running them.
Had a lot of updates to my Firefox Ad Ons about 2 weeks ago. I first noticed that now VLC Player would not play any visual files, the window would open with the name of the file at the top bar but would immediately crash. Also when I clicked to send a crash report it said could not be completed, and this happened several times, but I could play mp3 sound only files in VLC, and compatable visual files would play in Windows Media Player, the same files that crashed VLC.
Then I started to get the BSOD. It always seem to happen just within the first 5 or 10 minutes of boot-up, and mostly when I would open Firefox and went to a page which had files which triggered ny Video Downloadhelper add-on in FF. Then after the computer was restarted after that first BSOD, it would run fine for hours. Then next day, turn on computer, run for 7-8 mins, BSOD, restart, operate OK rest of the day. This has happened every day for 2 weeks.
I tried re-install of VLC, did not fix, also delete Video Downloadhelper. didn't help.
Then just today I tried to restore the system to an earlier time, I picked a point 30 days ago, did the restore, but now here is the real problem:
Firefox will not open when I click any icons for it.
FF will not open in Windows safe mode
Avast Antivirus has an software update function, but it will not update FF, says update failed must do manually ( I have FF 36 and I guess an update to 37 has been just released).
Can not remove FF for an uninstall/reinstall, Add/remove programs just sits after I click remove, and Revo Uninstaller will not complete as it hangs after step 1 cannot create restore point.
Can not undo the system restore back to today or restore to any other point, if I start the restore Windows gives me a message that it can not be done.
I am not quite sure if this is a malware problem of a massive incompatability from updates.
some numbers copied from the BSOD screens
BCCode : 1000000a BCP1 : 000005C4 BCP2 : 0000001C BCP3 : 00000001
BCP4 : 80545263 OSVer : 5_1_2600 SP : 3_0 Product : 768_1
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER352b.dir00\Mini032015-01.dmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\WER352b.dir00\sysdata.xml
BCCode : 1000000a BCP1 : 00000FF8 BCP2 : 0000001D BCP3 : 00000000
BCP4 : 804FFB6A OSVer : 5_1_2600 SP : 3_0 Product : 768_1
a few days ago I tried some selfhelp, ran rkill.exe, adwcleaner_4.200.exe, JRT.exe, (a few reg keys deleted), and did a malwarebites updated scan including rootkit, and eset online virus scan, nothing found.
I have been using IE8 as a browser for now, and I have not gotten any BSOD at all with it so far, but I am not used to it, it doesn't seem to function like FireFox, and may be buggy by being so out of date,
Scans below
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Owner (administrator) on YOUR-LEM00LFU81 on 01-04-2015 17:06:29
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\PersistenceThread.exe
() C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsEPCMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Comfort Software Group) C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Toolbar\wltuser.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1512744 2009-04-09] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [79144 2009-04-09] (Synaptics Incorporated)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17881600 2009-05-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PersistenceThread] => C:\WINDOWS\system32\PersistenceThread.exe [96792 2009-12-14] (Intel Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [712704 2009-06-25] ()
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [EasyMode] => C:\Program Files\\ASUS\\Easy Mode\\Easy Mode.exe [1249280 2009-03-18] ()
HKLM\...\Run: [AsusEPCMonitor] => C:\Program Files\EeePC\ACPI\AsEPCMon.exe [98304 2009-05-08] (ASUSTeK Computer Inc.)
HKLM\...\Run: [AsusACPIServer] => C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [700416 2009-07-10] (ASUSTeK Computer Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-04-01] (AVAST Software)
Winlogon\Notify\igdlogin: C:\WINDOWS\system32\igdlogin.dll ()
HKU\S-1-5-21-3757006212-1298658743-396924995-1003\...\Run: [FreeAC] => C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3757006212-1298658743-396924995-1003\...\MountPoints2: {17731b76-72ae-11e4-a839-0025d37bbeef} - E:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk
ShortcutTarget: SuperHybridEngine.lnk -> C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3757006212-1298658743-396924995-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) -> {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15] (Skype Technologies S.A.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-18] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3757006212-1298658743-396924995-1003 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1259061635718
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2009-07-16] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-01] ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-04-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-19]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nzm6qdvv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [Not Found]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-01]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-18] (AVAST Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1529600 2009-03-27] (Atheros Communications, Inc.)
R3 AsusACPI; C:\WINDOWS\System32\DRIVERS\ASUSACPI.sys [10752 2008-04-08] (ASUSTeK Computer Inc.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-18] ()
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2014-11-18] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-18] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2014-11-18] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [253640 2014-11-18] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-18] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-18] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-04-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-04-01] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-18] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-18] ()
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [55152 2009-02-06] (Microsoft Corporation)
R3 igd; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [583360 2009-12-03] (Intel Corporation)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 uvclf; C:\WINDOWS\System32\DRIVERS\uvclf.sys [39040 2008-11-18] (GenesysLogic Technologies, Inc.)
S3 btaudio; system32\drivers\btaudio.sys [X]
S3 BTDriver; system32\DRIVERS\btport.sys [X]
S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X]
S3 btwhid; system32\DRIVERS\btwhid.sys [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 17:06 - 2015-04-01 17:07 - 00013217 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2015-04-01 17:06 - 2015-04-01 17:06 - 00000000 ____D () C:\FRST
2015-04-01 17:01 - 2015-04-01 17:01 - 01135104 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2015-04-01 14:39 - 2014-11-18 19:17 - 00291352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-04-01 14:30 - 2015-04-01 16:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-01 14:24 - 2015-04-01 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2015-04-01 14:23 - 2015-04-01 14:23 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2015-04-01 14:08 - 2015-04-01 14:08 - 00081920 _____ () C:\WINDOWS\Minidump\Mini040115-02.dmp
2015-04-01 13:49 - 2015-04-01 13:49 - 00081920 _____ () C:\WINDOWS\Minidump\Mini040115-01.dmp
2015-03-31 20:33 - 2015-03-31 20:33 - 00081920 _____ () C:\WINDOWS\Minidump\Mini033115-01.dmp
2015-03-31 12:54 - 2015-03-31 12:54 - 00000589 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2015-03-31 12:32 - 2015-04-01 14:14 - 00000000 ____D () C:\AdwCleaner
2015-03-31 12:29 - 2015-03-31 12:31 - 00002414 _____ () C:\Documents and Settings\Owner\Desktop\Rkill.txt
2015-03-30 21:01 - 2015-03-30 21:01 - 00081920 _____ () C:\WINDOWS\Minidump\Mini033015-02.dmp
2015-03-30 11:36 - 2015-03-30 11:36 - 00081920 _____ () C:\WINDOWS\Minidump\Mini033015-01.dmp
2015-03-29 21:02 - 2015-03-29 21:02 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032915-04.dmp
2015-03-29 17:48 - 2015-03-29 17:48 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032915-03.dmp
2015-03-29 11:52 - 2015-03-29 11:52 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032915-02.dmp
2015-03-29 11:42 - 2015-03-29 11:42 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032915-01.dmp
2015-03-28 21:37 - 2015-03-28 21:37 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032815-01.dmp
2015-03-27 20:11 - 2015-03-27 20:11 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032715-01.dmp
2015-03-26 15:24 - 2015-03-26 15:44 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\LUBECK
2015-03-25 15:29 - 2015-03-25 15:29 - 00016322 _____ () C:\Documents and Settings\Owner\My Documents\Registration Renewal - 2015.htm
2015-03-25 15:29 - 2015-03-25 15:29 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Registration Renewal - 2015_files
2015-03-25 13:06 - 2015-03-25 13:05 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032515-01.dmp
2015-03-24 21:35 - 2015-03-24 21:35 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032415-01.dmp
2015-03-23 20:57 - 2015-03-23 20:56 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032315-02.dmp
2015-03-23 17:09 - 2015-03-23 17:09 - 00000166 _____ () C:\Documents and Settings\Owner\My Documents\blue3.txt
2015-03-23 17:06 - 2015-03-23 17:06 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032315-01.dmp
2015-03-23 07:01 - 2015-03-23 07:01 - 00000153 _____ () C:\Documents and Settings\Owner\My Documents\blue2.txt
2015-03-22 20:39 - 2015-03-22 20:39 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032215-01.dmp
2015-03-21 11:48 - 2015-03-21 11:48 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032115-01.dmp
2015-03-20 20:18 - 2015-03-20 20:18 - 00000153 _____ () C:\Documents and Settings\Owner\My Documents\blue.txt
2015-03-20 20:16 - 2015-03-20 20:16 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032015-02.dmp
2015-03-20 17:44 - 2015-03-20 17:44 - 00000282 _____ () C:\Documents and Settings\Owner\My Documents\blue_screen.txt
2015-03-20 14:01 - 2015-03-20 14:01 - 00000875 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
2015-03-20 13:11 - 2015-03-20 13:11 - 00081920 _____ () C:\WINDOWS\Minidump\Mini032015-01.dmp
2015-03-19 19:30 - 2015-03-19 19:30 - 00002274 _____ () C:\Documents and Settings\Owner\My Documents\PETER.txt
2015-03-19 08:12 - 2015-03-19 08:18 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\BELT
2015-03-16 11:49 - 2015-04-01 14:23 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc(2)
2015-03-14 08:26 - 2015-03-14 08:26 - 00000001 _____ () C:\Documents and Settings\Owner\My Documents\red.txt
2015-03-13 17:40 - 2015-03-13 17:40 - 00000115 _____ () C:\Documents and Settings\Owner\My Documents\AUGER_estate.txt
2015-03-12 18:22 - 2015-03-13 04:36 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\ROOM
2015-03-10 15:44 - 2015-03-10 15:44 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\516CANON
2015-03-09 19:45 - 2015-03-09 19:45 - 00001934 _____ () C:\Documents and Settings\Owner\My Documents\Brussel_Sprouts.txt
2015-03-09 18:08 - 2015-03-09 18:08 - 00119816 _____ () C:\Documents and Settings\Owner\My Documents\Linguine with Brussel Sprouts Barigoule Recipe _ Epicurious.com.htm
2015-03-09 18:08 - 2015-03-09 18:08 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Linguine with Brussel Sprouts Barigoule Recipe _ Epicurious.com_files
2015-03-07 14:05 - 2015-03-07 14:06 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\JOBS
2015-03-07 07:43 - 2015-03-07 07:43 - 00000671 _____ () C:\Documents and Settings\Owner\My Documents\xxxxxxxx.txt
2015-03-06 13:10 - 2015-03-06 13:10 - 00000117 _____ () C:\Documents and Settings\Owner\My Documents\RandPaul.txt
2015-03-05 09:03 - 2015-03-05 09:03 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\TAX
2015-03-02 14:43 - 2015-03-02 14:43 - 06903996 _____ () C:\Program Files\-TRANSFERs.caf
2015-03-02 13:39 - 2015-04-01 15:01 - 00030021 _____ () C:\WINDOWS\setupapi.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-01 17:07 - 2009-08-17 14:13 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2015-04-01 16:56 - 2009-08-17 14:07 - 01481638 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-01 16:37 - 2009-08-17 07:00 - 00509652 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-01 16:34 - 2014-10-19 16:44 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-04-01 16:33 - 2014-06-21 12:11 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-01 16:33 - 2009-08-17 14:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-01 16:33 - 2009-08-17 07:03 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-01 16:33 - 2009-08-17 07:03 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-04-01 16:32 - 2014-07-30 11:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
2015-04-01 16:31 - 2014-11-18 19:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-04-01 16:31 - 2014-06-19 10:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-01 16:28 - 2009-08-17 14:13 - 00032124 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-01 15:42 - 2009-08-17 14:13 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2015-04-01 15:35 - 2009-08-17 14:13 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-04-01 15:27 - 2014-10-30 19:47 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 15:13 - 2015-01-15 20:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-01 15:13 - 2014-07-24 13:16 - 00778928 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-01 15:13 - 2014-07-24 13:16 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-01 15:12 - 2014-07-23 19:42 - 00000719 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-04-01 14:44 - 2014-11-18 19:20 - 00001797 _____ () C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk
2015-04-01 14:44 - 2014-11-18 19:20 - 00001737 _____ () C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-04-01 14:43 - 2014-10-19 16:42 - 00787800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-04-01 14:43 - 2014-10-19 16:42 - 00423784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-04-01 14:41 - 2009-11-24 10:54 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-01 14:37 - 2009-08-17 13:51 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-01 14:35 - 2009-08-17 14:13 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-01 14:35 - 2009-08-17 14:13 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-01 14:35 - 2009-08-17 14:13 - 00000000 ____D () C:\Documents and Settings\Owner
2015-04-01 14:35 - 2009-08-17 14:06 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-01 14:34 - 2015-03-01 08:39 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Old Firefox Data
2015-04-01 14:34 - 2014-06-21 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-04-01 14:32 - 2014-08-05 15:23 - 00000000 ____D () C:\Documents and Settings\Owner\dwhelper
2015-04-01 14:30 - 2014-06-21 12:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-01 14:28 - 2014-11-22 14:52 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\gtk-2.0
2015-04-01 14:23 - 2014-10-30 19:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-01 14:23 - 2014-10-30 19:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-01 14:13 - 2009-08-17 14:07 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-04-01 14:08 - 2014-07-10 07:25 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-20 17:36 - 2014-11-22 14:32 - 00000000 ____D () C:\Documents and Settings\Owner\.gimp-2.8
2015-03-10 15:43 - 2014-11-22 14:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\515CANON
2015-03-03 20:50 - 2015-01-28 17:51 - 00024548 _____ () C:\Documents and Settings\Owner\My Documents\BRADY.txt
2015-03-02 20:10 - 2014-11-22 21:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\U3
2015-03-02 14:44 - 2014-12-26 16:40 - 00197857 _____ () C:\Program Files\-tRANSFERS1.caf
==================== Files in the root of some directories =======
2015-03-02 14:43 - 2015-03-02 14:43 - 6903996 _____ () C:\Program Files\-TRANSFERs.caf
2014-12-26 16:40 - 2015-03-02 14:44 - 0197857 _____ () C:\Program Files\-tRANSFERS1.caf
2014-11-28 00:38 - 2013-10-29 09:36 - 0155648 _____ (Robert Vasicek) C:\Program Files\Cathy.exe
2014-11-28 00:36 - 2014-11-28 00:37 - 0066639 _____ () C:\Program Files\Cathy2313.zip
2015-01-24 05:22 - 2015-01-24 05:21 - 1729768 _____ (Comfort Software Group ) C:\Program Files\FreeAlarmClockSetup.exe
2014-11-26 19:20 - 2014-11-26 19:22 - 4151768 _____ (HTTrack ) C:\Program Files\httrack-3.48.19.exe
2014-12-07 22:45 - 2014-12-07 22:45 - 0448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe
2014-07-30 11:24 - 2014-12-22 16:29 - 1378640 _____ (BitTorrent Inc.) C:\Program Files\uTorrent.exe
2014-11-28 00:45 - 2014-11-28 00:48 - 5073240 _____ (Microsoft Corporation) C:\Program Files\vcredist_x86.exe
2014-07-23 19:17 - 2015-01-04 21:46 - 0037376 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 14:01 - 2015-03-20 14:01 - 0000875 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\recently-used.xbel
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Owner at 2015-04-01 17:09:25
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 8.1.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81100000003}) (Version: 8.1.1 - Adobe Systems Incorporated)
Asus ACPI Driver (HKLM\...\{19F5658D-92E8-4A08-8657-D38ABB1574B2}) (Version: 6.1.1.1023 - AsusTek Computer)
ASUS VIBE (HKLM\...\ASUS VIBE) (Version: 1.0.166 - Ecareme, Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - )
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
Avast Internet Security (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Azurewave Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.7.0 - Azurewave)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CrystalDiskInfo 6.2.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
Data Sync (HKLM\...\{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}) (Version: 1.0.2 - ASUS)
Easy Mode (HKLM\...\{F0DE168D-39C0-4378-BD45-C7D150DC5D0E}) (Version: 1.05.0049 - ASUSTek)
EzMessenger (HKLM\...\{C72CA49A-9237-4810-8449-45DA3BD26D64}) (Version: 1.0.2 - ASUS)
FontResizer (HKLM\...\{47BACF74-5A07-48BD-BADB-A769550F0F5A}) (Version: 1.00.0010 - ASUSTek)
Free Alarm Clock 3.1.0 (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GamePark Console (HKLM\...\{91C25C4D-5484-411B-8891-F62EFEA02F54}_is1) (Version: 5.2.0.9 - Oberon Media, Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel® Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version: - )
Junk Mail filter update (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.13 - Asus)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
ophcrack 3.6.0 (HKLM\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5851 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3810 - Skype Technologies S.A.)
Skype™ 4.1 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.1.141 - Skype Technologies S.A.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 1.18 - ASUS)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.0.1.0 - Synaptics Incorporated)
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version: - Microsoft)
USB2.0 UVC Camera Device (HKLM\...\{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}) (Version: 0.1.0.0 - UVCPCC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
WinHTTrack Website Copier 3.48-19 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-3757006212-1298658743-396924995-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
==================== Restore Points =========================
13-01-2015 23:35:27 System Checkpoint
14-01-2015 14:54:58 Software Distribution Service 3.0
16-01-2015 01:03:00 System Checkpoint
17-01-2015 06:25:46 System Checkpoint
18-01-2015 07:12:12 System Checkpoint
19-01-2015 08:53:01 System Checkpoint
20-01-2015 20:19:40 System Checkpoint
21-01-2015 21:17:20 System Checkpoint
22-01-2015 23:52:01 System Checkpoint
24-01-2015 01:38:34 System Checkpoint
25-01-2015 05:10:17 System Checkpoint
26-01-2015 07:18:28 System Checkpoint
27-01-2015 15:18:47 System Checkpoint
29-01-2015 00:52:40 System Checkpoint
30-01-2015 01:21:49 System Checkpoint
31-01-2015 08:06:11 System Checkpoint
01-02-2015 15:36:35 System Checkpoint
03-02-2015 01:37:47 System Checkpoint
04-02-2015 01:45:19 System Checkpoint
05-02-2015 05:31:44 System Checkpoint
06-02-2015 07:19:14 System Checkpoint
07-02-2015 07:46:31 System Checkpoint
08-02-2015 18:18:01 System Checkpoint
10-02-2015 00:56:28 System Checkpoint
11-02-2015 08:21:50 Software Distribution Service 3.0
13-02-2015 01:00:22 System Checkpoint
14-02-2015 07:35:37 System Checkpoint
16-02-2015 01:03:56 System Checkpoint
17-02-2015 05:30:51 System Checkpoint
18-02-2015 08:11:13 System Checkpoint
20-02-2015 00:52:02 System Checkpoint
21-02-2015 06:14:55 System Checkpoint
22-02-2015 11:08:37 System Checkpoint
24-02-2015 00:55:21 System Checkpoint
25-02-2015 07:14:23 System Checkpoint
26-02-2015 17:58:12 System Checkpoint
27-02-2015 23:08:13 System Checkpoint
01-03-2015 05:15:12 System Checkpoint
02-03-2015 18:27:35 System Checkpoint
03-03-2015 18:58:19 System Checkpoint
04-03-2015 21:33:45 System Checkpoint
06-03-2015 00:12:29 System Checkpoint
07-03-2015 07:20:52 System Checkpoint
08-03-2015 20:29:34 System Checkpoint
10-03-2015 01:02:10 System Checkpoint
11-03-2015 11:02:02 Software Distribution Service 3.0
12-03-2015 14:05:30 System Checkpoint
14-03-2015 20:56:25 System Checkpoint
16-03-2015 05:36:48 System Checkpoint
16-03-2015 11:15:08 Revo Uninstaller's restore point - VLC media player
17-03-2015 23:27:55 System Checkpoint
19-03-2015 05:17:41 System Checkpoint
19-03-2015 15:03:38 avast! antivirus system restore point
20-03-2015 17:12:35 System Checkpoint
21-03-2015 21:29:23 System Checkpoint
23-03-2015 00:24:11 System Checkpoint
24-03-2015 07:03:12 System Checkpoint
25-03-2015 21:43:24 System Checkpoint
26-03-2015 23:13:59 System Checkpoint
28-03-2015 07:12:15 System Checkpoint
29-03-2015 12:58:23 System Checkpoint
30-03-2015 17:34:40 System Checkpoint
01-04-2015 00:41:28 System Checkpoint
01-04-2015 14:13:05 Restore Operation
01-04-2015 14:37:50 avast! antivirus system restore point
01-04-2015 14:40:56 Software Distribution Service 3.0
01-04-2015 16:09:50 Restore Operation
01-04-2015 16:33:49 Restore Operation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-08-17 13:51 - 2014-10-19 16:34 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (whitelisted) ==============
2015-04-01 14:49 - 2015-04-01 14:49 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040102\algo.dll
2009-06-25 11:25 - 2009-06-25 11:25 - 00712704 _____ () C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
2009-03-23 17:53 - 2009-03-23 17:53 - 00106496 _____ () C:\Program Files\Asus\LiveUpdate\ClientSocket.dll
2009-03-23 17:55 - 2009-03-23 17:55 - 00176128 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll
2009-06-25 10:15 - 2009-06-25 10:15 - 00135168 _____ () C:\Program Files\Asus\LiveUpdate\Enumeration.dll
2015-03-13 14:14 - 2015-04-01 14:43 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3757006212-1298658743-396924995-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\EeePC_wallpaper1.bmp
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
==================== Accounts: =============================
Administrator (S-1-5-21-3757006212-1298658743-396924995-500 - Administrator - Enabled)
Guest (S-1-5-21-3757006212-1298658743-396924995-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-3757006212-1298658743-396924995-1004 - Limited - Disabled)
Owner (S-1-5-21-3757006212-1298658743-396924995-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-3757006212-1298658743-396924995-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/10/2015 03:50:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application gimp-2.8.exe, version 2.8.14.0, faulting module gimp-2.8.exe, version 2.8.14.0, fault address 0x000e4fb6.
Processing media-specific event for [gimp-2.8.exe!ws!]
Error: (12/27/2014 03:30:49 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 00000050.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (12/27/2014 03:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dbp.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x003eeb10.
Processing media-specific event for [dbp.exe!ws!]
Error: (12/12/2014 01:34:40 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 672907187.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (12/12/2014 01:34:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 34.0.0.5442, faulting module mozalloc.dll, version 34.0.0.5442, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (06/19/2014 08:59:09 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (06/19/2014 08:59:09 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (05/20/2010 11:59:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (05/20/2010 11:24:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (05/13/2010 00:52:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System errors:
=============
Error: (04/01/2015 03:35:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SeaPort service terminated unexpectedly. It has done this 1 time(s).
Error: (04/01/2015 03:32:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (04/01/2015 03:24:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
BANTExt
Fips
intelppm
Error: (04/01/2015 03:23:18 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (04/01/2015 03:00:55 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume1
Error: (04/01/2015 02:10:06 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 000005c4, parameter2 0000001c, parameter3 00000001, parameter4 80545263.
Error: (04/01/2015 01:58:05 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 00000f34, parameter2 0000001d, parameter3 00000000, parameter4 804ffb6a.
Error: (04/01/2015 01:38:50 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0025D37BBEEF has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
Error: (03/31/2015 08:35:16 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 1000000a, parameter1 00000fec, parameter2 0000001d, parameter3 00000000, parameter4 804ffb6a.
Error: (03/31/2015 08:34:11 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 0025D37BBEEF has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel® Atom CPU Z520 @ 1.33GHz
Percentage of memory in use: 79%
Total physical RAM: 1013.86 MB
Available physical RAM: 211.68 MB
Total Pagefile: 2440.55 MB
Available Pagefile: 1652.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:144.12 GB) (Free:2.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (Toshiba Canvio Hard Drive(E:)) (Fixed) (Total:2794.51 GB) (Free:1455.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 6E762533)
Partition 1: (Active) - (Size=144.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.9 GB) - (Type=1C)
Partition 3: (Not Active) - (Size=39 MB) - (Type=EF)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
==================== End Of Log ============================
From 1 day ago
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 03/31/2015 12:29:32 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 03/31/2015 12:31:40 PM
Execution time: 0 hours(s), 2 minute(s), and 8 seconds(s)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.9 (03.31.2015:1)
OS: Microsoft Windows XP x86
Ran by Owner on Tue 03/31/2015 at 12:42:29.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/31/2015 at 12:54:52.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edited by clxskeeg, 03 April 2015 - 08:05 AM.