Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

random blue screen and no internet connection


  • This topic is locked This topic is locked
35 replies to this topic

#1 eremesu

eremesu

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 13 November 2013 - 12:11 PM

it started a year ago when i let my mad eldest sister use my old computer for a few months. it is a dell dimension e510 using windows xp.  eventually it started to get the blue screen so she stopped using it and after a while it could not start without showing the blue screen. i recently ruined my laptop so i'd like to revive my desktop pc so i can do online homework and maybe play some nostalgic pc games. 
the blue screen says a problem has been detected, restart if this is the first time seeing the message, check disk space, try changing video adapters, disable bios memory....

technical information ***STOP 0x0000007e (0xc0000005,0x80590DF5.... and two other sets of numbers.

i was able to actually log onto the computer when it gave me the option to use the last known good configuration. safe mode would get me an instant blue screen. so logged on i noticed that the computer was really really slow. i did a mcafee scan and it took nearly two days to finish and deleted some viruses. then i did an ad aware scan and the computer got much faster. internet explorer did not work it gave an error "LoadLibrary failed to load ieframe.dll" but it did open up the browser which showed there was no internet connection. but i could access internet from AOL. so i downloaded avira antivirus but i could not run it. i could not run many programs until i ran Rkill and Exehelper. i almost could not run those either. double clicking them i would get the "open with" menu. but if i right clicked and clicked start i could make them run. so i was able to run many programs but not avira. i got an error about windows installer. i ran malwarebytes and superantispyware and tdss killer.
Rkill showed a lot of things were disabled. automatic updates for one. it showed that my hosts file was alright but i had a program put it back in after i found out it was missing. i stopped being able to use AOL. it keeps updating files and asking to restart and i never get to use it. i still get the blue screen sometimes when starting up and sometimes after a while of using it. it is random. i have been trying to fix this for over a month and have read many forums. this website popped up the most in my google searches.
i was able to run a game, the sims, and it worked fine except there is no sound. still the computer works much better than it had a month ago.
i tried the fixes that people recommend when the internet cant be accessed. reset the internet protocol and the winsock fix. both fixes gave me an error that it was unable to obtain host information. but the winsock fix did say it reset. i also made sure the proxy server box was unchecked.
i also ran the windows file checker.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.5512
Run by Justin at 11:10:23 on 2013-11-13
.
============== Running Processes ================
.
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1219327914\ee\aolsoftware.exe
c:\program files\common files\aol\1219327914\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1219327914\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
uURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
BHO: OneTab Add-on: {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - 
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\paris1975\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Browse For Change BHO: {912C156F-05CF-4B62-851A-96E167A677B0} - 
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: AOL Toolbar: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - 
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - 
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{EA7853A6-8380-48BE-9559-354F0A651288} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= ymjmbe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages =  msv1_0 c:\windows\system32\rqRKDurs
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-11-10 22:42:02 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-10-31 18:52:48 -------- d-----w- c:\documents and settings\justin\local settings\application data\Google
2013-10-31 18:52:47 -------- d-----w- c:\documents and settings\justin\application data\SUPERAntiSpyware.com
2013-10-31 18:52:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-31 18:52:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-10-31 18:19:11 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-10-31 18:19:11 -------- d-----w- c:\documents and settings\justin\local settings\application data\MFAData
2013-10-31 18:19:11 -------- d-----w- c:\documents and settings\justin\local settings\application data\Avg2014
2013-10-31 18:19:11 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-10-24 00:16:31 -------- d-----w- c:\documents and settings\justin\application data\ScummVM
.
==================== Find3M  ====================
.
2013-10-26 22:36:03 14664 ----a-w- c:\windows\stinger.sys
2013-10-12 04:24:32 54016 ----a-w- c:\windows\system32\drivers\imiuceop.sys
2013-10-10 15:42:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-10 15:42:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 07:40:04 668672 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 07:40:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-09-23 07:40:03 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-09-23 01:22:30 369664 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2012-03-08 23:34:50 77269 ----a-w- c:\program files\Uninstall.exe
2011-11-17 21:21:32 3450472 ----a-w- c:\program files\AmazonMP3Downloader.exe
2011-11-17 21:21:32 1172072 ----a-w- c:\program files\npAmazonMP3DownloaderPlugin.dll
.
============= FINISH: 11:11:48.53 ===============
 


 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:53 PM

Posted 18 November 2013 - 12:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/513935 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 eremesu

eremesu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 19 November 2013 - 01:59 PM

it is a dell dimesion e510, 
windows xp media center edition

version 2002
service pack 3

i think 32 bits

2gb of ram
dell dimension DM051

it did not come with an installation cd. it came with a card saying it can be restored through help and support.
 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.5512
Run by Justin at 11:11:55 on 2013-11-19
.
============== Running Processes ================
.
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1219327914\ee\aolsoftware.exe
c:\program files\common files\aol\1219327914\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1219327914\ee\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
uURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
BHO: OneTab Add-on: {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - 
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\paris1975\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Browse For Change BHO: {912C156F-05CF-4B62-851A-96E167A677B0} - 
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: AOL Toolbar: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - 
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - 
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{EA7853A6-8380-48BE-9559-354F0A651288} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= ymjmbe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages =  msv1_0 c:\windows\system32\rqRKDurs
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-11-13 16:28:00 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-11-10 22:42:02 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-10-31 18:52:48 -------- d-----w- c:\documents and settings\justin\local settings\application data\Google
2013-10-31 18:52:47 -------- d-----w- c:\documents and settings\justin\application data\SUPERAntiSpyware.com
2013-10-31 18:52:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-31 18:52:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-10-31 18:19:11 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-10-31 18:19:11 -------- d-----w- c:\documents and settings\justin\local settings\application data\MFAData
2013-10-31 18:19:11 -------- d-----w- c:\documents and settings\justin\local settings\application data\Avg2014
2013-10-31 18:19:11 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-10-24 00:16:31 -------- d-----w- c:\documents and settings\justin\application data\ScummVM
.
==================== Find3M  ====================
.
2013-10-26 22:36:03 14664 ----a-w- c:\windows\stinger.sys
2013-10-12 04:24:32 54016 ----a-w- c:\windows\system32\drivers\imiuceop.sys
2013-10-10 15:42:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-10 15:42:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 07:40:04 668672 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 07:40:03 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-09-23 07:40:03 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-09-23 01:22:30 369664 ----a-w- c:\windows\system32\html.iec
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2012-03-08 23:34:50 77269 ----a-w- c:\program files\Uninstall.exe
2011-11-17 21:21:32 3450472 ----a-w- c:\program files\AmazonMP3Downloader.exe
2011-11-17 21:21:32 1172072 ----a-w- c:\program files\npAmazonMP3DownloaderPlugin.dll
.
============= FINISH: 11:13:20.78 ===============
 

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 22 November 2013 - 06:02 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#5 eremesu

eremesu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 25 November 2013 - 09:22 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-11-2013
Ran by Justin (administrator) on FAMILY on 25-11-2013 09:15:39
Running from J:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal
 
==================== Could not list processes ===============
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSConfig] - C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [AOLDialer] - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [34904 2004-10-20] (America Online)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5707544 2013-10-10] (SUPERAntiSpyware)
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
MountPoints2: E - E:\Start.exe
HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Administrator\...\Run: [AOL Fast Start] - C:\Program Files\America Online 9.0a\aol.exe [ 2005-07-12] (America Online, Inc.)
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Guest\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
AppInit_DLLs: ymjmbe.dll [ ] ()
Lsa: [Authentication Packages] msv1_0 C:\WINDOWS\system32\rqRKDurs
BootExecute: autocheck autochk * lsdelete
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: OneTab Add-on - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Documents and Settings\paris1975\Application Data\OneTab\OneTab.dll No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\paris1975\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: Browse For Change BHO - {912C156F-05CF-4B62-851A-96E167A677B0} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll No File
Toolbar: HKLM - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
 
========================== Services (Whitelisted) =================
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
S4 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-07-31] ()
S4 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
S4 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
S4 DefaultTabUpdate; C:\Documents and Settings\paris1975\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-12-25] ()
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S4 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-11-25] (Lavasoft Limited                                                  )
S4 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S4 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S4 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S4 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S4 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
S4 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-10-15] (Windows ® 2000 DDK provider)
S3 ATWPKT2; C:\Program Files\Common Files\AOL\ACS\ATWPKT2.SYS [23632 2004-11-11] (America Online)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-02-22] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-02-22] (Lavasoft AB)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
R3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-19] (McAfee, Inc.)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 P17; C:\Windows\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Sftfs; C:\Windows\System32\DRIVERS\Sftfsxp.sys [584680 2011-10-01] (Microsoft Corporation)
S3 Sftplay; C:\Windows\System32\DRIVERS\Sftplayxp.sys [209512 2011-10-01] (Microsoft Corporation)
S3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirxp.sys [20584 2011-10-01] (Microsoft Corporation)
S3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolxp.sys [18280 2011-10-01] (Microsoft Corporation)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S2 5629; \??\C:\DOCUME~1\PARIS1~1\LOCALS~1\Temp\5629.sys [x]
S3 bvrp_pci; No ImagePath
U3 mfeavfk01; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SymIM; system32\DRIVERS\SymIM.sys [x]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
2013-11-25 09:15 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-11-13 11:28 - 2013-11-13 11:28 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-11-13 11:11 - 2013-11-19 11:13 - 00020649 _____ C:\Documents and Settings\Justin\Desktop\attach.txt
2013-11-13 11:11 - 2013-11-19 11:13 - 00006990 _____ C:\Documents and Settings\Justin\Desktop\dds.txt
2013-11-10 17:43 - 2013-11-13 10:26 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol
2013-11-10 17:42 - 2013-11-10 17:42 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-11-10 15:49 - 2013-11-10 15:49 - 00000535 _____ C:\WINDOWS\wmsetup.log
2013-11-10 15:20 - 2013-11-10 15:20 - 00094208 _____ C:\WINDOWS\Minidump\Mini111013-01.dmp
2013-11-01 19:51 - 2013-11-01 19:51 - 00003084 ____N C:\bootex.log
2013-10-31 13:53 - 2013-10-31 13:53 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-31 13:52 - 2013-10-31 13:53 - 00000000 ____D C:\Program Files\Google
2013-10-31 13:52 - 2013-10-31 13:52 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Documents and Settings\Justin\Local Settings\Application Data\Google
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Documents and Settings\Justin\Application Data\SUPERAntiSpyware.com
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-10-31 13:19 - 2013-10-31 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-10-31 13:19 - 2013-10-31 13:19 - 00000000 ____D C:\Documents and Settings\Justin\Local Settings\Application Data\MFAData
2013-10-31 13:19 - 2013-10-31 13:19 - 00000000 ____D C:\Documents and Settings\Justin\Local Settings\Application Data\Avg2014
2013-10-26 17:02 - 2013-10-26 17:01 - 00094208 _____ C:\WINDOWS\Minidump\Mini102613-01.dmp
 
==================== One Month Modified Files and Folders =======
 
2013-11-25 09:15 - 2013-11-25 09:15 - 00000000 ____D C:\FRST
2013-11-25 09:06 - 2011-03-04 10:14 - 00127979 _____ C:\aaw7boot.log
2013-11-25 09:06 - 2008-07-06 10:07 - 00003568 ____C C:\WINDOWS\system32\ativvaxx.cap
2013-11-25 09:06 - 2004-08-19 15:50 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-19 11:26 - 2008-08-21 09:22 - 00000178 ___SH C:\Documents and Settings\Justin\ntuser.ini
2013-11-19 11:26 - 2004-08-19 16:05 - 01263576 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-19 11:21 - 2008-08-21 09:22 - 00001394 _____ C:\Documents and Settings\Justin\Desktop\Media Center.lnk
2013-11-19 11:13 - 2013-11-13 11:11 - 00020649 _____ C:\Documents and Settings\Justin\Desktop\attach.txt
2013-11-19 11:13 - 2013-11-13 11:11 - 00006990 _____ C:\Documents and Settings\Justin\Desktop\dds.txt
2013-11-13 11:28 - 2013-11-13 11:28 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-11-13 10:26 - 2013-11-10 17:43 - 00000008 __RSH C:\Documents and Settings\All Users\ntuser.pol
2013-11-10 17:42 - 2013-11-10 17:42 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-11-10 15:49 - 2013-11-10 15:49 - 00000535 _____ C:\WINDOWS\wmsetup.log
2013-11-10 15:20 - 2013-11-10 15:20 - 00094208 _____ C:\WINDOWS\Minidump\Mini111013-01.dmp
2013-11-10 15:20 - 2008-08-24 18:32 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-01 19:51 - 2013-11-01 19:51 - 00003084 ____N C:\bootex.log
2013-11-01 17:34 - 2013-10-11 18:01 - 00004408 _____ C:\Documents and Settings\Justin\Desktop\Rkill.txt
2013-10-31 17:54 - 2005-10-15 11:06 - 00000209 __RSH C:\boot.ini
2013-10-31 17:54 - 2004-08-19 15:49 - 00000327 _____ C:\WINDOWS\system.ini
2013-10-31 13:53 - 2013-10-31 13:53 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-31 13:53 - 2013-10-31 13:52 - 00000000 ____D C:\Program Files\Google
2013-10-31 13:52 - 2013-10-31 13:52 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Documents and Settings\Justin\Local Settings\Application Data\Google
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Documents and Settings\Justin\Application Data\SUPERAntiSpyware.com
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2013-10-31 13:52 - 2013-10-31 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-10-31 13:21 - 2013-10-31 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-10-31 13:19 - 2013-10-31 13:19 - 00000000 ____D C:\Documents and Settings\Justin\Local Settings\Application Data\MFAData
2013-10-31 13:19 - 2013-10-31 13:19 - 00000000 ____D C:\Documents and Settings\Justin\Local Settings\Application Data\Avg2014
2013-10-31 13:10 - 2004-08-19 16:04 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-26 21:09 - 2012-07-10 18:07 - 00000000 ____D C:\Program Files\stinger
2013-10-26 17:36 - 2012-07-10 18:08 - 00014664 _____ (McAfee, Inc.) C:\WINDOWS\stinger.sys
2013-10-26 17:13 - 2004-08-19 15:49 - 00001172 _____ C:\WINDOWS\win.ini
2013-10-26 17:01 - 2013-10-26 17:02 - 00094208 _____ C:\WINDOWS\Minidump\Mini102613-01.dmp
2013-10-26 02:12 - 2009-11-12 14:08 - 00000000 ____D C:\WINDOWS\pss
 
Some content of TEMP:
====================
C:\Documents and Settings\Justin\Local Settings\Temp\AcsInstall.dll
C:\Documents and Settings\Justin\Local Settings\Temp\insmac2k.dll
C:\Documents and Settings\Justin\Local Settings\Temp\ocpchk.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 26 November 2013 - 04:27 PM

Hello,

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 

Regards,
Georgi


cXfZ4wS.png


#7 eremesu

eremesu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 27 November 2013 - 10:22 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-11-2013
Ran by Justin at 2013-11-27 10:17:56 Run:1
Running from J:\
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
S4 DefaultTabSearch; C:\Program Files\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
S4 DefaultTabUpdate; C:\Documents and Settings\paris1975\Application Data\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-12-25] ()
S2 5629; \??\C:\DOCUME~1\PARIS1~1\LOCALS~1\Temp\5629.sys [x]
C:\Documents and Settings\paris1975\Application Data\DefaultTab
C:\Program Files\DefaultTab
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5707544 2013-10-10] (SUPERAntiSpyware)
AppInit_DLLs: ymjmbe.dll [ ] ()
Lsa: [Authentication Packages] msv1_0 C:\WINDOWS\system32\rqRKDurs
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: OneTab Add-on - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Documents and Settings\paris1975\Application Data\OneTab\OneTab.dll No File
C:\Documents and Settings\paris1975\Application Data\OneTab
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\paris1975\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
Toolbar: HKLM - No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll No File
Toolbar: HKLM - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
2013-10-31 13:19 - 2013-10-31 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-10-31 13:19 - 2013-10-31 13:19 - 00000000 ____D C:\Documents and Settings\Justin\Local Settings\Application Data\MFAData
2013-10-31 13:19 - 2013-10-31 13:19 - 00000000 ____D C:\Documents and Settings\Justin\Local Settings\Application Data\Avg2014
cmd: netsh winsock reset
cmd: ipconfig /flushdns
C:\Documents and Settings\Justin\Local Settings\Temp
exit
 
 
 
*****************
 
DefaultTabSearch => Service deleted successfully.
DefaultTabUpdate => Service deleted successfully.
5629 => Service deleted successfully.
C:\Documents and Settings\paris1975\Application Data\DefaultTab => Moved successfully.
C:\Program Files\DefaultTab => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\System\CurrentControlSet\Control\Lsa\\Authentication Packages => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} => Key deleted successfully.
HKCR\CLSID\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0} => Key deleted successfully.
"C:\Documents and Settings\paris1975\Application Data\OneTab" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} => Value deleted successfully.
HKCR\CLSID\{BA52B914-B692-46c4-B683-905236F6F655} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => Value deleted successfully.
HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Value deleted successfully.
HKCR\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Value deleted successfully.
HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Key not found.
C:\Documents and Settings\All Users\Application Data\MFAData => Moved successfully.
C:\Documents and Settings\Justin\Local Settings\Application Data\MFAData => Moved successfully.
C:\Documents and Settings\Justin\Local Settings\Application Data\Avg2014 => Moved successfully.
 
=========  netsh winsock reset =========
 
 
WARNING: Could not obtain host information from machine: [FAMILY]. Some commands may not be available.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
 
Windows IP Configuration
 
 
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
 
 
========= End of CMD: =========
 
C:\Documents and Settings\Justin\Local Settings\Temp => Moved successfully.
 
==== End of Fixlog ====

Edited by eremesu, 27 November 2013 - 10:23 AM.


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 28 November 2013 - 04:25 AM

Hello,

 

 

Let's check a few things to see if we can fix the network issue. Do you have an installation CD?

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

 

STEP 2

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

 

STEP 3

 

 

 

 

  • Please download MiniToolBox.exe by Farbar save it to your desktop and run it.
  • Checkmark all boxes.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Note: When using "Reset FF Proxy Settings" option Firefox should be closed!

 

 

and about the BSOD messages please zip and upload the files from the following folder: C:\WINDOWS\Minidump\ and then upload the archive here and post the link to the log in your next reply.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 28 November 2013 - 04:28 AM.

cXfZ4wS.png


#9 eremesu

eremesu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 30 November 2013 - 02:26 PM

i dont have an installation disk. instead i got a card saying that my operating system can re-install itself without the disk. i have a disk for the drivers and utilities. that was one of the first things i ran. nothing useful seemed to happen.
i ran rkill before and it did not terminate any processes. i ran it again today and it did terminate one process.
i had uninstalled mcafee before i ran rkill today.

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/30/2013 01:52:32 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\DOCUME~1\Justin\LOCALS~1\Temp\mcupdate_1385836544.exe (PID: 1308) [T-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * System Restore Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Disabled
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Disabled
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Disabled
 
 * Network Connections (Netman) is not Running.
   Startup Type set to: Disabled
 
 * Plug and Play (PlugPlay) is not Running.
   Startup Type set to: Disabled
 
 * System Restore Service (srservice) is not Running.
   Startup Type set to: Disabled
 
 * Windows Management Instrumentation (winmgmt) is not Running.
   Startup Type set to: Disabled
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Disabled
 
 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
 
Farbar Service Scanner Version: 23-11-2013
Ran by Justin (administrator) on 30-11-2013 at 13:56:42
Running from "J:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.
 
netman Service is not running. Checking service configuration:
The start type of netman service is set to Disabled. The default start type is 3.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.
 
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is set to Disabled. The default start type is Auto.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.
 
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is set to Disabled. The default start type is Auto.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".
 
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is set to Disabled. The default start type is Auto.
The ImagePath of winmgmt service is OK.
The ServiceDll of winmgmt service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is 3.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is set to Disabled. The default start type is Auto.
The ImagePath of PlugPlay service is OK.
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****
 
Program finished at: 11/30/2013 01:53:49 PM
Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s)


MiniToolBox by Farbar  Version: 13-07-2013
Ran by Justin (administrator) on 30-11-2013 at 14:07:16
Running from "J:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
 
WARNING: Could not obtain host information from machine: [FAMILY]. Some commands may not be available.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/11/2013 02:24:32 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033641finstallx865.1.2600.2.3.0.2560
 
Error: (10/11/2013 02:23:32 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2863239, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.
 
Error: (10/11/2013 02:22:59 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2840629, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.
 
Error: (10/11/2013 02:11:09 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2833940, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.
 
Error: (10/11/2013 02:09:42 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2861697, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.
 
Error: (10/11/2013 02:07:37 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/11/2013 02:07:37 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (10/11/2013 02:01:57 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb2861189, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.
 
Error: (10/11/2013 02:01:42 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2844285, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.
 
Error: (10/11/2013 02:01:26 AM) (Source: HotFixInstaller) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb2832411, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.
 
 
System errors:
=============
Error: (11/25/2013 09:24:28 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (10/11/2013 02:24:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (10/11/2013 02:24:38 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070641: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition.
 
Error: (10/11/2013 02:24:38 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
 
Error: (10/11/2013 02:24:35 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (10/11/2013 02:24:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (10/11/2013 02:24:13 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070641: Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition.
 
Error: (10/11/2013 02:24:07 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (10/11/2013 02:23:58 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition.
 
Error: (10/11/2013 02:23:54 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
 
Microsoft Office Sessions:
=========================
Error: (10/11/2013 02:24:32 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033641finstallx865.1.2600.2.3.0.2560
 
Error: (10/11/2013 02:23:32 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb286323910331601msif9.0.40215.0installx86xp0
 
Error: (10/11/2013 02:22:59 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 3.5-kb284062910331601msif9.0.40215.0installx86xp0
 
Error: (10/11/2013 02:11:09 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb283394010331601msif9.0.40215.0installx86xp0
 
Error: (10/11/2013 02:09:42 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 3.5-kb286169710331601msif9.0.40215.0installx86xp0
 
Error: (10/11/2013 02:07:37 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (10/11/2013 02:07:37 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (10/11/2013 02:01:57 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 3.0-kb286118910331601msif9.0.40215.0installx86xp0
 
Error: (10/11/2013 02:01:42 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb284428510331601msif9.0.40215.0installx86xp0
 
Error: (10/11/2013 02:01:26 AM) (Source: HotFixInstaller)(User: )
Description: visualstudio8setupmicrosoft .net framework 3.0-kb283241110331601msif9.0.40215.0installx86xp0
 
 
=========================== Installed Programs ============================
 
32 Bit HP CIO Components Installer (Version: 2.1.0)
Ad-Aware
Ad-Aware (Version: 9.0.1)
Adobe AIR (Version: 2.5.0.16600)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader 9.4.4 (Version: 9.4.4)
AIO_Scan (Version: 90.0.189.000)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Uninstaller
AOL You've Got Pictures Screensaver
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.008.0731.2321)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.522-080731a-067975C-ATI)
AudibleManager (Version: 2089882838.2089882900.2090328352.2089882858)
Black & White® 2 (Version: 1.00.0000)
Bonjour (Version: 2.0.1.2)
Browse For Change
BufferChm (Version: 90.0.146.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0731.2322.39992)
Catalyst Control Center Graphics Full Existing (Version: 2008.0731.2322.39992)
Catalyst Control Center Graphics Full New (Version: 2008.0731.2322.39992)
Catalyst Control Center Graphics Light (Version: 2008.0731.2322.39992)
Catalyst Control Center Graphics Previews Common (Version: 2008.0731.2322.39992)
CCC Help English (Version: 2008.0731.2321.39992)
ccc-core-preinstall (Version: 2008.0731.2322.39992)
ccc-core-static (Version: 2008.0731.2322.39992)
ccc-utility (Version: 2008.0731.2322.39992)
CCleaner (remove only)
Copy (Version: 90.0.146.000)
Creative MediaSource
CustomerResearchQFolder (Version: 1.00.0000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Picture Studio v3.0 (Version: 3.0.0)
Dell ResourceCD
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.192.000)
DeviceManagementQFolder (Version: 1.00.0000)
D-Fend Reloaded 1.1.0 (deinstall) (Version: 1.1.0)
Digital Content Portal (Version: 1.00.0000)
DocProc (Version: 9.0.0.0)
DocProcQFolder (Version: 1.00.0000)
EducateU (Version: 1.00.0000)
eMusic Download Manager 4.1.4 (Version: 4.1.4)
ESPNMotion (Version: 2.1.6.0011)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 90.0.146.000)
GearDrvs (Version: 1.00.0000)
GIF Construction Set Professional 4 (Version: 4.0.0.19)
GIF Construction Set Tutorial Installer (Version: 4.0.0.1)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (Version: 10.0)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 11.14.0001)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.20.0000)
Internet Explorer Default Page (Version: 1.00.03)
iTunes (Version: 9.1.1.12)
Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Learn2 Player (Uninstall Only)
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 90.0.146.000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Games for Windows - LIVE Redistributable (Version: 1.1.0324)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 - English (Version: 14.0.5114.5002)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
Musicmatch® Jukebox (Version: 9.00.2028)
NetDeviceManager (Version: 100.0.170.000)
Network Play System (Patching)
PanoStandAlone (Version: 90.0.146.000)
PowerDVD 5.5
PS_AIO_02_ProductContext (Version: 90.0.189.000)
PS_AIO_02_Software (Version: 90.0.189.000)
PS_AIO_02_Software_Min (Version: 100.0.206.000)
PS_AIO_02_Software_min (Version: 90.0.189.000)
PSSWCORE (Version: 2.01.0000)
Pure Networks Port Magic (Version: 1.2.1393.0)
QuickTime (Version: 7.68.75.0)
RealPlayer Basic
Rosetta Stone Version 3 (Version: 3.4.7.0)
Scan (Version: 10.1.0.0)
ScummVM Git
Shared C Run-time for x86 (Version: 10.0.0)
Skins (Version: 2008.0731.2322.39992)
SMPlayer 0.6.9 (Version: 0.6.9)
SolutionCenter (Version: 90.0.146.000)
Sonic DLA (Version: 4.95)
Sonic Encoders (Version: 1.00)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Sound Blaster Live! 24-bit
Status (Version: 90.0.146.000)
SUPERAntiSpyware (Version: 5.6.1040)
The Sims Hot Date
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 90.0.146.000)
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoToolkit01 (Version: 90.0.146.000)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Viva Pinata (Version: 1.00.0000)
Viva Piñata (Version: 1.00.0000)
WebCyberCoach 3.2 Dell
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 90.0.146.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.01)
Zip Motion Block Video codec (Remove Only)
 
=========================
Windows Management Instrumentation service is not running. Could not scan devices
=========================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 16%
Total physical RAM: 2046.07 MB
Available physical RAM: 1701.25 MB
Total Pagefile: 3938.98 MB
Available Pagefile: 3784.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1984.79 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:228.13 GB) (Free:162.63 GB) NTFS
8 Drive j: (UDISK) (Removable) (Total:7.63 GB) (Free:3.45 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\
 
Administrator            ASPNET                   Guest                    
HelpAssistant            Justin                   Owner                    
SUPPORT_388945a0         
 
========================= Minidump Files ==================================
 
C:\WINDOWS\Minidump\Mini101413-01.dmp
C:\WINDOWS\Minidump\Mini101713-01.dmp
C:\WINDOWS\Minidump\Mini102313-01.dmp
C:\WINDOWS\Minidump\Mini102613-01.dmp
C:\WINDOWS\Minidump\Mini111013-01.dmp
C:\WINDOWS\Minidump\Mini113013-01.dmp
 
**** End of log ****


the link for the minidump files is :   <a href=http://www.filedropper.com/minidump><img src=http://www.filedropper.com/download_button.png width=127 height=145 border=0/></a><br /><div style=font-size:9px;font-family:Arial, Helvetica, sans-serif;width:127px;font-color:#44a854;> <a href=http://www.filedropper.com >online backup</a></div>

the link does not look quite right.  i hope it works
 


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 30 November 2013 - 05:36 PM

Hello,

 

You have a lot of services disabled. Please download and run the following tool.

 

I needed to run Rkill (not for killing processes but to check the system integrity instead).

You ran an outdated version of Rkill - could you please download and run the latest version 2.6.3 from the link below:

http://www.bleepingcomputer.com/download/rkill/

Also please rerun FSS (Farbar Service Scanner) and attach the log as well.

 

Also it seem that you ran a script for The Avenger on your own - this is dangerous practice if you don't know what you are doing.

 

As for the BSODs -  These crashes were caused by memory corruption (or driver conflict).

 

I noticed some errors that may indicate RAM corruptions.
Please download MemTest86+ from here
Burn that ISO to a CD as an IMAGE FILE. If you are unsure how to do this, please see the tutorial here.
Perform these steps on the problem machine.
Put your CD in the drive and configure your machine to boot to the CD. This is different on all machines, but it's usually by pressing F12 or F10 as your system boots, and selecting either "CDROM" or your cdrom drive. If you are unable to force a CDRom boot, reply with the make and model of your machine and I should be able to get you exact instructions.
If you've done it correctly, MemTest86+ will start to run automatically.
If you want to be reasonably your RAM is OK, then allow MemTest to run until you see this message:
memtestFinished.png
# On the other hand, if you want to be completely sure your RAM is OK, allow MemTest to run overnight. Memtest will run forever until power is pulled on the machine.
# Check the MemTest screen for any reported errors. Errors will appear as RED warnings at the bottom of the screen, similar to the following screenshot:
memtestFail.png
Hard-Reset the machine, removing the MemTest disk, and post your results back here.

 

We can try Driver Verifier as well to see if there are unstable drivers.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 eremesu

eremesu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 01 December 2013 - 01:44 PM

i did not run a program called "the avenger" and i have never heard of it. pretty much everything i have tried is in my first post. 
i have a question about running memtest.
i have it on cd, burnt by img, and it seems i can run it whenever i want. do i still have to go through the boot sequence? because i tried that. i was in the boot sequence and i moved the cd option to boot first. restarted my computer and the cd did not run automatically. it just started up like normal. but i can run it normally if i want.

i have a dell dimesion e510, 
windows xp media center edition

version 2002
service pack 3

32 bits

2gb of ram
dell dimension DM051
 

 

Rkill 2.6.3 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/30/2013 06:21:16 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * System Restore Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual
 
 * Plug and Play (PlugPlay) is not Running.
   Startup Type set to: Automatic
 
 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic
 
 * Windows Management Instrumentation (winmgmt) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic
 
 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Automatic
 
 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
 
Program finished at: 11/30/2013 06:21:46 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
 

Attached Files

  • Attached File  FSS.txt   3.02KB   2 downloads


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 02 December 2013 - 05:12 AM

Hello,

 

i have a question about running memtest.
i have it on cd, burnt by img, and it seems i can run it whenever i want. do i still have to go through the boot sequence? because i tried that. i was in the boot sequence and i moved the cd option to boot first. restarted my computer and the cd did not run automatically. it just started up like normal. but i can run it normally if i want.

 

Are you sure you burnt the img as it should? Make sure that you extract the zip archive first and then you can use Burnaware to burn the image as bootable:

FoXIo71.png

Next in BIOS you should indeed put CD/DVD as first boot device and try again.

Also I found this topic and it could be hardware issue with the CD drive:

http://en.community.dell.com/support-forums/desktop/f/3514/p/19452197/20119639.aspx

 

 

I have a question - you ran the tools from drive J ?!?

 

Running from "J:\"

 

But I can see that you have Windows on drive C:\ as well...

 

Can you please elaborate the situation here? Is this a dual-boot configuration?

 

Thanks! smile.png

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 02 December 2013 - 05:13 AM.

cXfZ4wS.png


#13 eremesu

eremesu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 02 December 2013 - 11:31 AM

i cannot explain a j drive. i did not know such a drive existed. i do not dual boot. i only have 1 operating system.
i have run the memtest and it says there are no errors. i will attach a photo of the screen.

 

Attached Files



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:53 AM

Posted 03 December 2013 - 06:48 AM

Hi,

 

Maybe drive "J" is your flash drive or?

 

Ok, please now download the following file and save it to your desktop.

 

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Now reboot the computer.

 

Next please download the Crisis Aversion Tool and save it to your desktop

  • Double click on CAT.exe to run it
  • On the "Fixes" tab, check the "Reset Permissions" check box.
  • Click the "Apply Checked Fixes" button and wait for the tool to finish
  • Once complete, click on the "Detailed Log" tab > copy and attach the content of that log to your next reply.
  • Then restart the computer again and post new log from Farbar Service Scanner (FSS) amd rkill.

Regards,

Georgi


cXfZ4wS.png


#15 eremesu

eremesu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 03 December 2013 - 09:54 AM

the detailed log for the cat program is actually quite terse. the log it put in my c drive is much much more detailed. but i attached the one you asked for

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users