[RESOLVED] Blue Screens on XP Part 4
Dear computer experts,
I'm on a 10 year old Dell XPS 400 desktop running Windows XP. I have not had major errors or problems with it for a while, probably since 2014, and would like to solve this issue to at least use it long enough to transfer my music files to CD. I understand that it will need to be replaced soon. Luckily, I also have a tablet for internet access.
After coming back from a week vacation, my computer started showing blue screen of death error messages, many times, and sometimes with slightly different messages. I can and have used it for short periods at a time, up to a few hours. After being on the computer for a while, it displays the BSOD and I have to manually power down after that. Sometimes the computer cannot be started up manually, usually the first button press after an error, and the other times (2nd try etc) it starts up ok but after loading the home screen, or after a few minutes online, the BSOD appears again. I recently chose some of the options from the F8 screen like Last Good Configuration and System Restore to see if they gave it more time, and I have gotten more screen time, but the error messages eventually pop up again.they haven't solved it. I have no idea if this problem is related to spyware or malware, or just some old computer tricks have to be performed...
The BSOD have included the STOP: 0x000....numbers as well as lines on the top like BAD_POOL_HEADER_ and [RQL_NOT_LESS_OR_EQUAL
I tried running the mrt Microsoft removal scan tool, but the computer shut down in the middle of my full scan. I have AVG which has detected and removed a trojan horse in the past 2 days, and some Win32 stuff in July. I have Ad-Aware and Spybot, which I haven't done manual scans recently, but have used plenty in the past. Most recent scans done with them came up with no problems to remove or repair. I don't download Windows monthly updates anymore, I haven't done so for at least a year, but possibly longer, since the last time I did, doing so changed the order/layout of some of my file folders, and I don't want them reordered. Sometime between the Apr 2014 XP support drop and 1 year ago I stopped doing those updates.
Please let me know how I can use the computer without BSOD interruption for a little longer! I did back up my documents and pictures on a flash drive, so I'm prepared for the worst, but hope with your guidance there is something that can be done. What steps can I take to fix this issue, if any?
Look forward to finding out more when you have the chance.
Jennifer
Malware Recovery for XP Dell part 1
Dear Broni or other experts,
I followed the steps you suggested, and know that I was supposed to reply with my logs in the Malware Removal forum. I couldn't find a forum topic called Malware Removal, so I'll paste my results here until I'm directed otherwise.
My computer has remained on since I wrote you yesterday without any sudden shutdowns. Very good behavior compared to the last 48 hrs. I think I had started it in the "Debugging mode". Before I could follow your steps, automatic scans caught and removed a trojan horse and another example of Win32. I confirmed the firewall on and ran my anti-virus, which didn't show further concerns.
Here's my log from FRST, and the Additional one in a separate message:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2016
Ran by Jennifer Klausner (administrator) on JENDESKTOP (09-08-2016 02:34:28)
Running from C:\
Loaded Profiles: Jennifer Klausner (Available Profiles: Julius Klausner & Dorothy Klausner & Jennifer Klausner & Michelle Klausner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CtHelper.exe
(Creative Technology Ltd) C:\WINDOWS\system32\Ctxfihlp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTxfispi.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(AOL Inc.) C:\Program Files\Common Files\AOL\1169873283\ee\aolsoftware.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Primax Electronics Ltd.) C:\WINDOWS\system32\ico.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
(SMART Technologies ULC) C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Joyent, Inc) C:\Program Files\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Spotify Ltd) C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify\SpotifyWebHelper.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Akamai\netsession_win.exe
() C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Akamai\netsession_win.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.0\waol.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Matsu****a Electric Industrial Co., Ltd.) C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Dropbox, Inc.) C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\Dropbox.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
(SMART Technologies) C:\Program Files\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.8.0\shellmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1169873283\ee\aolupdates.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [19456 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] => C:\WINDOWS\system32\CTXFIHLP.EXE [20480 2006-12-12] (Creative Technology Ltd)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-07-06] (Intel Corporation)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [CTDVDDET] => C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [45056 2003-06-18] (Creative Technology Ltd)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [122880 2005-10-14] (Creative Technology Ltd)
HKLM\...\Run: [AudioDrvEmulator] => C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [49152 2005-11-04] (Creative Technology Ltd.)
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [ISUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [205480 2007-08-30] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
HKLM\...\Run: [MSKDetectorExe] => C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [70760 2014-02-06] (AOL Inc.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1169873283\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [PMX Daemon] => C:\WINDOWS\system32\ICO.EXE [47104 2006-06-09] (Primax Electronics Ltd.)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe [106496 2006-02-09] (Corel, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SMART Floating Tools] => C:\Program Files\SMART Technologies\Education Software\FloatingTools.exe [9221424 2013-08-22] (SMART Technologies ULC)
HKLM\...\Run: [SMARTNotification] => C:\Program Files\SMART Technologies\Education Software\SMARTNotification.exe [208688 2013-08-22] (SMART Technologies)
HKLM\...\Run: [SMART Tray Tools] => C:\Program Files\SMART Technologies\Education Software\SMARTTrayIcon.exe [754992 2013-08-22] (SMART Technologies)
HKLM\...\Run: [sbsdk-server] => C:\Program Files\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
HKLM\...\Run: [SMART Ink] => C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [186640 2016-07-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5351184 2016-07-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe [8063200 2016-07-18] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-24] (Google Inc.)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [205480 2007-08-30] (Macrovision Corporation)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [Spotify Web Helper] => C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify\SpotifyWebHelper.exe [2346096 2016-01-23] (Spotify Ltd)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [AmazonMP3DownloaderHelper] => C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [Dropbox Update] => C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [Spotify] => C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify\Spotify.exe [8316528 2016-01-23] (Spotify Ltd)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.8.0\AOL.EXE [73584 2015-09-08] (AOL Inc.)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\MountPoints2: {5beff83a-b20b-11de-94f6-00038a000015} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssflwbox.scr [393216 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-24] (Google Inc.)
HKU\S-1-5-18\...\Run: [AOL Fast Start] => C:\Program Files\AOL 9.1\aol.exe [50528 2008-06-03] (AOL, LLC.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk [2013-01-26]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-03-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk [2009-08-22]
ShortcutTarget: LUMIX Simple Viewer.lnk -> C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsu****a Electric Industrial Co., Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk [2006-06-02]
ShortcutTarget: Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Jennifer Klausner\Start Menu\Programs\Startup\Dropbox.lnk [2016-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0927C98D-4C4E-4754-8D08-5D727E0A3D84}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
URLSearchHook: HKLM - AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 - AOL Messaging Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
SearchScopes: HKLM -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110318031341234&tb_oid=18-03-2011&tb_mrud=18-03-2011
SearchScopes: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> {072bd52f-b0b3-4c27-8c30-c471fddaaefa} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=bu10aiminstabie7
SearchScopes: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110318031341234&tb_oid=18-03-2011&tb_mrud=18-03-2011
SearchScopes: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> {64E63331-229C-40EE-B596-A279CE1B5FA5} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110206,6901,0,8,0
SearchScopes: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: No Name -> {28FE24D4-50EB-4B48-A416-582B910AFDDE} -> No File
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll => No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08] (Sonic Solutions)
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files\SMART Technologies\Education Software\NotebookPlugin.dll [2013-08-22] (SMART Technologies ULC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-28] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
BHO: AOL Messaging Toolbar Loader -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} -> C:\Program Files\AIM Toolbar\aimtb.dll [2011-01-14] (AOL Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> c:\Program Files\BAE\BAE.dll [2006-02-22] (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-28] (Oracle Corporation)
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM - AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll [2011-01-14] (AOL Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKU\S-1-5-21-2952040898-4172286553-4130697486-1008 -> AOL Messaging Toolbar - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll [2011-01-14] (AOL Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} hxxp://aolsvc.aol.com/onlinegames/free-trial-big-island-blends/gamehouseplayer.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} hxxp://167.206.78.84/forms/jinitiator/jinit.exe
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} hxxp://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Filter: text/html - {0b4ec5a7-aa30-428e-b79f-7492b9a36e59} - C:\WINDOWS\msvideo.dll No File
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jennifer Klausner\Application Data\Mozilla\Firefox\Profiles\qwso2m83.default-1428637936437
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2009-09-02] (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks\plugins\npqmp071505000010.dll [2009-10-21] (Move Networks)
FF Plugin: @nbc.com/DirectPlayer -> C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2952040898-4172286553-4130697486-1008: @movenetworks.com/Quantum Media Player -> C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks\plugins\npqmp071505000010.dll [2009-10-21] (Move Networks)
FF Extension: WOT - C:\Documents and Settings\Jennifer Klausner\Application Data\Mozilla\Firefox\Profiles\qwso2m83.default-1428637936437\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-02] [not signed]
FF HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\Jennifer Klausner\Application Data\Move Networks [2009-10-21] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Google\Chrome\User Data\Default
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46184 2014-02-06] (AOL Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4093696 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [906512 2016-07-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [594904 2016-07-22] (AVG Technologies CZ, s.r.o.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2013-10-30] (Flexera Software LLC)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-09-28] (Oracle Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [664040 2016-07-18] ()
R2 MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [9150464 2005-05-04] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [73728 2005-05-03] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel(R) Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SMART Board Service; C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [1937200 2013-08-22] (SMART Technologies)
S2 SMART Display Controller; C:\Program Files\SMART Technologies\Education Software\UCService.exe [810800 2013-08-22] (SMART Technologies)
S3 SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [323584 2005-05-03] (Microsoft Corporation) [File not signed]
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243456 2016-06-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [201472 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 AvgLdx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 AvgMfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [191744 2016-06-02] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [217344 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\WINDOWS\System32\DRIVERS\avgunivx.sys [65280 2016-06-01] (AVG Technologies CZ, s.r.o.)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36624 2006-10-18] (Sonic Solutions) [File not signed]
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [428832 2016-04-28] (BitDefender S.R.L.)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 bvrp_pci; no ImagePath
S3 catchme; \??\C:\DOCUME~1\JENNIF~1\LOCALS~1\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-09 02:34 - 2016-08-09 02:35 - 00034483 _____ C:\FRST.txt
2016-08-09 02:34 - 2016-08-09 02:34 - 00000000 ____D C:\FRST
2016-08-09 02:33 - 2016-08-09 02:33 - 01743872 _____ (Farbar) C:\FRST.exe
2016-08-09 02:32 - 2016-08-09 02:32 - 02393600 _____ (Farbar) C:\FRST64.exe
2016-08-08 17:34 - 2016-08-08 17:35 - 51658464 _____ (Microsoft Corporation) C:\Windows-KB890830-V5.38.exe
2016-08-08 16:05 - 2016-08-08 16:05 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-05.dmp
2016-08-08 15:29 - 2016-08-08 15:29 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-04.dmp
2016-08-08 14:14 - 2016-08-08 14:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-03.dmp
2016-08-08 13:36 - 2016-08-08 13:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-02.dmp
2016-08-08 11:16 - 2016-08-08 11:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini080816-01.dmp
2016-08-08 00:28 - 2016-08-08 00:28 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Start Menu\Programs\Dropbox
2016-08-07 23:52 - 2016-08-07 23:52 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-05.dmp
2016-08-07 23:49 - 2016-08-07 23:49 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-04.dmp
2016-08-07 23:40 - 2016-08-07 23:39 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-03.dmp
2016-08-07 22:13 - 2016-08-07 22:12 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-02.dmp
2016-08-07 17:29 - 2016-08-07 23:55 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Start Menu\Programs\Dropbox(2)
2016-08-07 17:12 - 2016-08-07 17:12 - 00106496 _____ C:\WINDOWS\Minidump\Mini080716-01.dmp
2016-08-07 16:39 - 2016-08-07 16:39 - 00000000 __SHD C:\found.000
2016-07-21 13:52 - 2016-07-29 12:07 - 00000502 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2016-07-21 13:52 - 2016-07-21 13:52 - 00000564 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2016-07-21 13:52 - 2016-07-21 13:52 - 00000478 _____ C:\WINDOWS\Tasks\PCDDataUploadTask.job
2016-07-21 13:52 - 2016-07-21 13:52 - 00000000 ____D C:\Program Files\Dell Support Center
2016-07-19 18:03 - 2016-08-08 16:11 - 00002051 _____ C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2016-07-19 18:03 - 2016-07-19 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
2016-07-19 17:59 - 2016-07-19 17:59 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-09 02:35 - 2010-05-11 18:52 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Local Settings\temp
2016-08-09 02:33 - 2012-03-31 09:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-09 02:29 - 2010-09-28 21:52 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-08-09 02:26 - 2015-06-12 22:15 - 00001036 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2952040898-4172286553-4130697486-1008UA.job
2016-08-09 01:42 - 2010-02-02 20:34 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-08 23:26 - 2015-06-12 22:15 - 00000984 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2952040898-4172286553-4130697486-1008Core.job
2016-08-08 22:46 - 2015-12-16 07:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-08-08 22:42 - 2010-02-02 20:34 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-08 22:26 - 2004-08-11 18:20 - 00032612 _____ C:\WINDOWS\SchedLgU.Txt
2016-08-08 19:32 - 2006-06-18 22:46 - 00000000 ___RD C:\Documents and Settings\Jennifer Klausner\My Documents
2016-08-08 17:38 - 2006-06-20 13:57 - 141983760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 16:48 - 2011-08-17 21:40 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\Spotify
2016-08-08 16:39 - 2011-08-17 21:40 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Application Data\Spotify
2016-08-08 16:16 - 2007-01-17 00:00 - 19223846 _____ C:\VETlog.txt
2016-08-08 16:16 - 2007-01-17 00:00 - 00082779 _____ C:\VETlog.dmp
2016-08-08 16:12 - 2012-08-07 01:42 - 00000000 ___RD C:\Documents and Settings\Jennifer Klausner\My Documents\Dropbox
2016-08-08 16:08 - 2004-08-11 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-08-08 16:06 - 2006-06-02 15:31 - 00043522 _____ C:\WINDOWS\system32\nvapps.xml
2016-08-08 16:06 - 2006-06-02 15:31 - 00004176 _____ C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2016-08-08 16:05 - 2014-03-09 21:07 - 00000246 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-08 16:05 - 2008-01-16 05:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-08 16:05 - 2004-08-11 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-08 00:28 - 2012-08-07 01:39 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Application Data\Dropbox
2016-08-08 00:13 - 2015-12-16 07:41 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2016-08-08 00:13 - 2015-12-16 07:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2016-08-07 23:56 - 2006-06-20 13:55 - 00000000 ____D C:\Documents and Settings\Dorothy Klausner
2016-08-07 23:56 - 2006-06-19 10:38 - 00000000 ____D C:\Documents and Settings\Michelle Klausner
2016-08-07 23:56 - 2006-06-18 22:46 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner
2016-08-07 23:56 - 2006-06-18 15:20 - 00000000 ____D C:\Documents and Settings\Julius Klausner
2016-08-07 23:56 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-08-07 23:56 - 2004-08-11 18:20 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-08-07 23:56 - 2004-08-11 18:20 - 00000000 ____D C:\Documents and Settings\Administrator
2016-08-07 23:56 - 2004-08-11 18:11 - 00000000 ____D C:\WINDOWS\Registration
2016-08-07 23:54 - 2004-08-11 18:20 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2016-08-07 23:53 - 2010-05-05 01:00 - 00254702 _____ C:\WINDOWS\ntbtlog.txt
2016-08-07 20:20 - 2006-06-18 22:46 - 00000000 ___RD C:\Documents and Settings\Jennifer Klausner\My Documents\My Music
2016-07-30 03:49 - 2013-10-19 20:58 - 00339264 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-07-30 03:49 - 2013-10-16 19:16 - 00458752 _____ C:\WINDOWS\system32\config\SMART Pr.evt
2016-07-30 03:49 - 2013-01-26 16:41 - 00064980 _____ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2016-07-30 03:49 - 2013-01-26 16:41 - 00054788 _____ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2016-07-30 03:49 - 2013-01-26 16:41 - 00054788 _____ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2016-07-30 03:49 - 2013-01-26 16:41 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2016-07-30 03:49 - 2013-01-26 16:41 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2016-07-30 03:49 - 2012-12-08 15:58 - 00282770 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-07-29 12:14 - 2013-01-26 14:57 - 00000000 ____D C:\Documents and Settings\Jennifer Klausner\Application Data\PCDr
2016-07-28 18:59 - 2006-06-18 22:46 - 00000278 ___SH C:\Documents and Settings\Jennifer Klausner\ntuser.ini
2016-07-27 10:11 - 2004-08-11 18:02 - 00000000 ___HD C:\WINDOWS\inf
2016-07-23 14:40 - 2010-07-13 21:51 - 00000486 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2016-07-21 21:09 - 2011-06-04 04:54 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-07-21 13:52 - 2006-06-02 15:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2016-07-21 13:49 - 2013-01-26 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2016-07-16 10:33 - 2012-03-31 09:18 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-07-16 10:33 - 2011-05-18 17:42 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-07-12 13:33 - 2004-08-11 18:12 - 00000000 ____D C:\WINDOWS\system32\Macromed
==================== Files in the root of some directories =======
2010-05-05 07:21 - 2010-05-11 17:55 - 3686521 ____R () C:\Program Files\ComboFix.exe
2010-05-05 00:37 - 2010-05-05 00:37 - 0284915 _____ () C:\Program Files\gmer.zip
2010-05-07 01:02 - 2010-05-07 01:02 - 0000511 _____ () C:\Program Files\Printflush-1.3 Printer Help.zip
2010-05-08 11:34 - 2010-05-08 11:34 - 0000668 _____ () C:\Program Files\ResetTeaTimer.zip
2010-06-16 22:25 - 2010-06-16 22:25 - 0976273 _____ () C:\Program Files\tempCleaner_3.0.4.exe.zip
2010-06-16 22:21 - 2010-06-16 22:21 - 0080014 _____ () C:\Program Files\TFC-Temp-File-Cleaner-OldTimer-file187.html
2010-06-16 22:30 - 2010-06-16 22:30 - 0272384 _____ (OldTimer Tools) C:\Program Files\TFC.exe
2008-01-19 02:15 - 2008-01-19 02:15 - 31332844 ____C () C:\Program Files\Three Dog Night- live at the Forum 1.rar
2008-01-19 02:22 - 2008-01-19 02:22 - 58369340 ____C () C:\Program Files\Three Dog Night- live at the Forum 2.rar
2008-01-19 02:12 - 2008-01-19 02:12 - 0000138 ____C () C:\Program Files\Three Dog Night- live at the Forum.rar
2008-01-19 00:35 - 2008-01-19 00:36 - 12727648 ____C () C:\Program Files\winzip111.exe
2011-10-12 03:57 - 2011-10-12 03:57 - 0995328 _____ () C:\Program Files\WOT-20110704-en-US.msi
2008-02-14 22:06 - 2012-11-09 23:24 - 0007680 ____C () C:\Documents and Settings\Jennifer Klausner\Application Data\dvd.bmk
2007-10-25 06:36 - 2007-10-25 06:36 - 0002219 ____C () C:\Documents and Settings\Jennifer Klausner\Application Data\evpro32.prf
2008-02-03 04:08 - 2014-07-27 12:48 - 0006144 ____C () C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-06-18 22:46 - 2007-10-07 15:52 - 0000140 ____N () C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\fusioncache.dat
2010-04-19 19:57 - 2010-04-19 19:57 - 0000036 _____ () C:\Documents and Settings\Jennifer Klausner\Local Settings\Application Data\housecall.guid.cache
2012-03-28 17:56 - 2012-03-28 18:16 - 0000753 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Some files in TEMP:
====================
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\924e5959-aba1-4f00-b142-78e3ca572663.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\AcsInstall.dll
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\aol-messaging_toolbar8C0.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081004609481.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081175382792.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081498343587.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081545812382.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081985558452.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_081998758767.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_08432538696.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_08692099664.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\avguirn_08930005468.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyd3azw.dll
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\SHFOLDER.DLL
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\SMARTProductUpdate.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\SpotifyUpgrader.exe
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\Stp70C_TMP.EXE
C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\swt-win32-3349.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Please let me know the next step when you can. Thank you so much for responding quickly and with details.
Jennifer
Blue Screens on XP Part 2- from Nif1025's other name
Dear Broni,
This is Jennifer, who had the username Nif1025. I'm the one who posted the original Blue Screens of Death messages. After I followed all your steps, I tried logging into the forums again to post my reply. My password no longer worked. When I clicked to reset/get a new password, it said it would email me a new password. It's 2 hours later, and I didn't get any email. Finally, I decided to create another account because I don't know another way to get on here. I can't even private message you, at least not the ways I tried. So here are my logs from the previous thread:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/12/2016
Scan Time: 1:04:42 AM
Logfile:
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.08.12.02
Rootkit Database: v2016.08.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Jennifer Klausner
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 493420
Time Elapsed: 2 hr, 17 min, 12 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2481032, Quarantined, [250d55f5eeac3105fda68011c043cb35],
PUP.Optional.W3i, HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64E63331-229C-40EE-B596-A279CE1B5FA5}, Quarantined, [34fe0149e9b18aac78a07f3cc63de61a],
PUP.Optional.Conduit, HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, Quarantined, [5fd3ac9e6634c670e6d6dcc07a899c64],
Registry Values: 2
PUP.Optional.W3i, HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{64E63331-229C-40EE-B596-A279CE1B5FA5}|URL, http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110206,6901,0,8,0, Quarantined, [34fe0149e9b18aac78a07f3cc63de61a]
PUP.Optional.Conduit, HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481032, Quarantined, [5fd3ac9e6634c670e6d6dcc07a899c64]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
Trojan.Kovter, C:\Documents and Settings\Jennifer Klausner\Local Settings\temp\7t9Ar4p4.exe.part, Quarantined, [f93959f11a801a1cc90cbda2b64afa06],
Physical Sectors: 0
(No malicious items detected)
(end)
# AdwCleaner v5.201 - Logfile created 12/08/2016 at 11:21:31
# Updated 30/06/2016 by ToolsLib
# Database : 2016-08-12.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Jennifer Klausner - JENDESKTOP
# Running from : C:\adwcleaner_5.201.exe
# Option : Scan
# Support : https://toolslib.net/forum
***** [ Services ] *****
Service Found : Viewpoint Manager Service
***** [ Folders ] *****
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Program Files\Coupons
Folder Found : C:\Program Files\SearchAssist
Folder Found : C:\Program Files\Viewpoint
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Found : HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\AIM Toolbar
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\Viewpoint
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AIM Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AIM Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKU\.DEFAULT\Software\Viewpoint
Key Found : HKU\.DEFAULT\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\AIM Toolbar
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Bitberry
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Viewpoint
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\YahooPartnerToolbar
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\AppDataLow\Software\adawarebp
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\Viewpoint
Key Found : HKU\S-1-5-18\Software\Yahoo\Companion
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{072bd52f-b0b3-4c27-8c30-c471fddaaefa}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\SearchScopes\{072bd52f-b0b3-4c27-8c30-c471fddaaefa}
Key Found : HKU\S-1-5-21-2952040898-4172286553-4130697486-1008\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\metrolyrics.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mmotraffic.com
***** [ Web browsers ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [8064 bytes] - [12/08/2016 11:21:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8137 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Microsoft Windows XP x86
Ran by Jennifer Klausner (Administrator) on Fri 08/12/2016 at 11:41:10.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 31
Successfully deleted: C:\Documents and Settings\Jennifer Klausner\Application Data\freefileviewer (Folder)
Successfully deleted: C:\Documents and Settings\Jennifer Klausner\Application Data\Microsoft\Internet Explorer\Quick Launch\play games.lnk (Shortcut)
Successfully deleted: C:\Documents and Settings\Jennifer Klausner\Application Data\viewpoint (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3YXQQBSE (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6V4B5M5H (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8WTH1AIB (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CAKQCP95 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GDC9U5FL (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HZUF297R (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\L0YDJHPV (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P37I5X08 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\R2C3HHX2 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TSG0VSQF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W79PLFI2 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WIM73ORT (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\prefetch\ENABLETOOLBARW32.EXE-2556CFBE.pf (File)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3YXQQBSE (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6V4B5M5H (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8WTH1AIB (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CAKQCP95 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GDC9U5FL (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HZUF297R (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\L0YDJHPV (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P37I5X08 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\R2C3HHX2 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TSG0VSQF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W79PLFI2 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WIM73ORT (Temporary Internet Files Folder)
Registry: 7
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28FE24D4-50EB-4B48-A416-582B910AFDDE} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{61539ECD-CC67-4437-A03C-9AACCBD14326} (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 08/12/2016 at 11:46:06.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks,
Jennifer
Blue Screens on XP Part 3- from Nif1025's other name
Hi Broni,
The message board doesn't allow me (under my new/current username) to reply to any posts on the original thread. It says I don't have permission to do so. My reply from the last post is that downloading RogueKiller still has the same issue, and nothing happens after I select the language for installation. Tried twice and deleted between the 2 attempts. I even went into the properties of the file and told it to unblock any components it may have hidden for security reasons. That wasn't successful.
Thanks,
Jennifer