Jump to content

Been getting Blue screen errors


jackpot316
 Share

Recommended Posts

ComboFix 14-06-13.01 - Administrator 06/17/2014 20:44:51.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2014-05-18 to 2014-06-18 )))))))))))))))))))))))))))))))
.
.
2014-06-14 12:44 . 2014-06-15 00:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-14 12:44 . 2014-06-14 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-06-14 12:44 . 2014-05-12 11:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 12:44 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\drivers\athuw.sys
2014-06-10 01:39 . 2013-06-28 18:49 1763584 ----a-w- c:\windows\system32\athuw.sys
2014-06-09 04:32 . 2014-06-09 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-08 13:35 . 2014-06-08 13:35 -------- d-----w- c:\program files\NirSoft
2014-06-07 00:54 . 2014-06-07 00:54 -------- d-----w- c:\program files\Logitech
2014-06-06 18:23 . 2014-06-06 18:23 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-06 17:53 . 2014-06-06 18:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-06 17:53 . 2014-06-06 17:53 -------- d-----w- c:\program files\Java
2014-06-04 22:18 . 2014-06-09 00:41 -------- d-----w- c:\windows\system32\wbem\Repository
2014-06-04 22:11 . 2014-06-04 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\NVIDIA
2014-06-04 03:11 . 2014-06-04 03:11 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2014-06-04 01:38 . 2014-05-13 19:18 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-04 01:37 . 2014-06-15 02:02 1144544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2014-06-04 01:37 . 2014-06-15 02:02 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-06-04 01:37 . 2014-06-15 02:01 1144544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-06-03 22:32 . 2014-06-11 22:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-03 22:32 . 2014-06-11 22:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-03 00:24 . 2013-04-06 01:26 1679360 ----a-w- c:\windows\system32\ac3filter.acm
2014-06-03 00:24 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3Filter
2014-06-03 00:18 . 2014-06-04 22:01 -------- d-----w- c:\program files\AC3File
2014-06-03 00:12 . 2014-06-04 22:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-06-02 00:16 . 2014-06-04 21:58 -------- d-----w- c:\program files\SlimCleaner
2014-06-01 13:20 . 2014-06-14 12:15 -------- d-----w- C:\FRST
2014-06-01 07:32 . 2014-06-01 20:33 19165360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-06-01 03:15 . 2014-05-20 09:07 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-05-31 21:19 . 2014-06-04 03:11 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2014-05-31 19:40 . 2014-05-31 19:40 -------- d-----w- c:\windows\ERUNT
2014-05-29 23:39 . 2014-05-29 23:39 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-29 23:39 . 2014-05-29 23:39 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-05-29 23:39 . 2014-05-29 23:39 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-29 23:39 . 2014-04-25 17:21 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-29 23:39 . 2014-04-25 17:21 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-05-29 23:39 . 2014-04-25 17:21 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-29 23:39 . 2014-04-25 17:21 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-29 23:39 . 2014-04-25 17:21 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-27 01:04 . 2014-05-27 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
2014-05-27 00:45 . 2014-05-27 00:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
2014-05-27 00:34 . 2009-07-15 03:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-05-27 00:32 . 2014-05-27 00:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2014-05-26 18:58 . 2014-03-09 19:31 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2014-05-26 18:58 . 2014-03-09 19:31 145352 ----a-w- c:\windows\system32\nvcolor.exe
2014-05-26 18:58 . 2014-03-09 19:31 377288 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-26 18:58 . 2014-03-09 19:31 54272 ----a-w- c:\windows\system32\nvwddi.dll
2014-05-23 00:24 . 2014-05-20 02:32 908744 ----a-w- c:\windows\system32\nvdispgenco32.dll
2014-05-23 00:24 . 2014-05-20 02:32 1056200 ----a-w- c:\windows\system32\nvdispco32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-07 00:43 . 2011-03-27 07:00 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-06-04 23:21 . 2003-03-31 11:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2014-05-12 16:14 . 2012-09-29 18:55 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-04-25 17:21 . 2014-05-29 23:39 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1401406783656
2014-04-25 17:21 . 2014-05-29 23:39 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1401406783656
2014-04-25 17:21 . 2014-04-25 17:21 43152 ----a-w- c:\windows\avastSS.scr
2014-04-25 17:21 . 2014-03-02 17:23 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-15 00:56 . 2014-04-15 00:56 53248 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-25 17:21 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-26 73832]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-06 3890208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2014-03-09 15714592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BDARemote.lnk]
backup=c:\windows\pss\BDARemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Wireless Software Upgrade Assistant.lnk]
backup=c:\windows\pss\Verizon Wireless Software Upgrade Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Canon IJ Status Monitor Canon MX700 series Printer (Copy 4).lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\ROBBY\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^ROBBY^Start Menu^Programs^Startup^TimeLeft.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdAwareLauncher" --windows-run]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dumprep 0 -k]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2012-02-04 14:22 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2013-09-27 18:46 559696 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adawarebp]
2013-09-27 18:46 559696 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM]
2013-12-21 06:04 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2010-11-03 22:13 64104 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-13 01:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsRunHelp]
2006-11-15 03:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
2006-11-15 03:25 363008 ----a-w- c:\program files\ASUS\AASP\1.00.17\AsRunHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJMyPrt]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT]
2012-12-10 04:43 392320 ----a-w- c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNSLMAIN]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopWeather]
2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadManagerService]
2011-05-18 20:52 94008 ----a-w- c:\program files\Verizon Wireless\dist\servicerunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2011-06-08 14:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-13 23:43 136176 ----atw- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleUpdate]
2012-02-13 23:43 136176 ----atw- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-05-26 23:12 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2013-01-16 03:32 43608 ----a-w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
2009-09-24 13:51 32871 ----a-w- c:\program files\TP-LINK\QSS\jswtrayutil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobsync]
2008-04-14 10:42 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 12:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMBgMonitor]
2008-01-22 15:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-04-30 18:28 2199840 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2014-03-09 19:31 15714592 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2014-03-09 19:31 377288 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2014-03-09 20:35 2593056 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask]
2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 21:24 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]
2014-02-27 02:06 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25 2781184 ----a-w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2013-10-04 16:29 20145368 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\servicerunner]
2011-05-18 20:52 94008 ----a-w- c:\program files\Verizon Wireless\dist\servicerunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint]
2014-05-19 20:35 2303256 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2000-01-01 00:00 1833576 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-03-07 02:39 5625624 ----a-w- c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 10:42 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2014-02-27 02:06 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
2010-05-21 17:55 561263 ----a-w- c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCU]
2010-08-26 20:34 4509696 ----a-w- c:\program files\Ubiquiti\UCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateChecker]
2012-11-23 08:22 307712 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBDetector]
2003-04-01 15:33 53248 ----a-w- c:\usbstorage\USBDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZWNotiAgent]
2012-12-10 04:43 392320 ----a-w- c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherMate]
2012-11-17 04:00 749658 ----a-w- c:\program files\WeatherMate\WeatherMate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2013-06-13 18:15 1743648 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon]
2006-09-20 12:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 12:35 20480 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xInsIDE]
2013-01-16 03:32 43608 ----a-w- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xRaidSetup]
2012-02-04 14:22 1953792 ----a-w- c:\windows\system32\xRaidSetup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE"/auto
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VSO\\VSO Downloader\\3\\VsoDownloader.exe"=
"c:\\Program Files\\Lavasoft\\AdAware SecureSearch Toolbar\\dtUser.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [5/29/2014 7:39 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [5/29/2014 7:39 PM 180632]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [1/23/2013 4:22 PM 13560]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [3/5/2014 7:24 PM 15808]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [5/29/2014 7:39 PM 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [5/29/2014 7:39 PM 411680]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/29/2012 2:55 PM 42784]
R1 Eve;EVE Protocol Driver;c:\windows\system32\drivers\eve.sys [5/17/2013 1:15 PM 33624]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASDIFSV.SYS [2/19/2011 1:41 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASKUTIL.SYS [2/19/2011 1:41 PM 67664]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [11/2/2013 8:28 PM 32768]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [5/31/2014 5:20 PM 3045688]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/29/2014 7:39 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/29/2014 7:39 PM 67824]
R2 jswpbapi;JumpStart Push-Button Service;c:\program files\TP-LINK\QSS\jswpbapi.exe [2/19/2011 11:27 AM 188416]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [3/27/2011 3:00 AM 10136]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [5/15/2014 8:21 PM 1617696]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [12/26/2011 1:35 AM 19072]
R2 SVNDISUIO;SV NDIS User I/O Protocol Driver;c:\windows\system32\drivers\SVNDISUIO.sys [9/2/2013 1:29 AM 40576]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/15/2013 6:38 AM 50704]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2/19/2011 11:27 AM 57440]
S3 !SASCORE;SAS Core Service;c:\documents and settings\ROBBY\Desktop\asstdownloads\SUPERAntiSpyware\SASCORE.EXE [2/19/2011 1:41 PM 116608]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [5/31/2014 5:20 PM 73728]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/23/2013 8:12 PM 1691480]
S3 AmDriver;AmDriver;c:\windows\system32\AmDriver.sys [9/2/2013 1:29 AM 8704]
S3 Amtrans;AirMagnet Analyzer Protocol;c:\windows\system32\drivers\Amtrans.sys [9/2/2013 1:29 AM 61017]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys --> c:\windows\system32\DRIVERS\lgandbus.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys --> c:\windows\system32\DRIVERS\lganddiag.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys --> c:\windows\system32\DRIVERS\lgandgps.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys --> c:\windows\system32\DRIVERS\lgandmodem.sys [?]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys --> c:\windows\system32\DRIVERS\lgandnetdiag.sys [?]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps.sys --> c:\windows\system32\DRIVERS\lgandnetgps.sys [?]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys --> c:\windows\system32\DRIVERS\lgandnetmodem.sys [?]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys --> c:\windows\system32\DRIVERS\lgandnetndis.sys [?]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [6/9/2014 9:39 PM 1763584]
S3 cpuz134;cpuz134;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 cpuz137;cpuz137;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [?]
S3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [5/19/2006 11:22 AM 15328]
S3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [5/19/2006 11:22 AM 13440]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 1:01 PM 19984]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\drivers\iSafeKrnlBoot.sys [5/31/2014 11:15 PM 38912]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\TP-LINK\QSS\jswpsapi.exe [2/19/2011 11:27 AM 360529]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [7/18/2013 4:39 PM 762192]
S3 ndiskhaz;Azzouzi HotSpot Service;c:\windows\system32\DRIVERS\ndiskhaz.sys --> c:\windows\system32\DRIVERS\ndiskhaz.sys [?]
S3 ndiskhazMP;ndiskhazMP;c:\windows\system32\DRIVERS\ndiskhaz.sys --> c:\windows\system32\DRIVERS\ndiskhaz.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/28/2013 9:48 PM 36600]
S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [6/3/2004 1:28 PM 22131]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/22/2012 8:30 PM 47360]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 4:19 PM 39056]
S3 SDScannerService;Spybot-S&D 2 Scanner Service; [x]
S3 SDUpdateService;Spybot-S&D 2 Updating Service; [x]
S3 SDWSCService;Spybot-S&D 2 Security Center Service; [x]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [1/19/2013 9:50 PM 567256]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [4/27/2014 9:57 AM 20664]
S3 xVTNameService;xVTNameService;c:\program files\AirMagnet Inc\AirMedic\xVTNameService.exe [9/2/2013 1:29 AM 24456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 07:15 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-03 22:03]
.
2014-06-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-25 17:21]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:28]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-11 17:28]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003Core.job
- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 23:43]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1767777339-839522115-1003UA.job
- c:\documents and settings\ROBBY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 23:43]
.
2014-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-09 01:59]
.
2014-06-18 c:\windows\Tasks\Opera scheduled Autoupdate 1385937182.job
- c:\program files\Opera\launcher.exe [2013-12-01 10:18]
.
2014-06-18 c:\windows\Tasks\PC Performer Manager.job
- c:\windows\system32\sc.exe [2006-02-28 10:39]
.
2014-04-05 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 20:19]
.
2014-06-16 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19]
.
2014-06-18 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-06-17 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-06-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-06-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1767777339-839522115-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2014-06-17 c:\windows\Tasks\SBWUpdateTask_Time_4897187a-74EA3A945BD0.job
- c:\program files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe [2013-07-08 07:18]
.
2014-06-17 c:\windows\Tasks\SBW_UpdateTask_Time_333533383036373032322d3755556c415a505757414a34.job
- c:\windows\system32\wscript.exe [2006-02-28 11:24]
.
2014-06-17 c:\windows\Tasks\User_Feed_Synchronization-{EAF680A9-6D9C-4F29-88B8-E522E14BB520}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
TCP: DhcpNameServer = 101.113.228.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hvdie5vl.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ARO - c:\program files\Advanced Registry Optimizer\ARO.exe
MSConfigStartUp-AROReminder - c:\program files\Advanced Registry Optimizer\ARO.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-17 21:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Administrator\My Documents\Downloads\everesthome220\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1767777339-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,cd,e7,94,4e,dc,12,48,a7,b0,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4d4efc27-38da-4e82-8645-5850461e20fe}]
@Denied: (Full) (Everyone)
"Model"=dword:00000035
"Therad"=dword:0000001d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9d,6c,1f,be,70,aa,11,bc,05,28,b3,b6,e5,d3,8f,68,ae,a6,21,8e,6f,
d2,b2,f1,cb,c0,4f,53,74,d3,83,56,fd,02,2f,a7,b8,c5,17,af,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,c5,54,91,05,28,29,46,84,b1,5d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,c5,54,91,05,28,29,46,84,b1,5d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2014-06-17 21:03:44
ComboFix-quarantined-files.txt 2014-06-18 01:03
ComboFix2.txt 2014-06-15 22:48
.
Pre-Run: 110,645,325,824 bytes free
Post-Run: 110,621,376,512 bytes free
.
- - End Of File - - 1E95D66070AB28701C2BB99BEF1A3FC1
8F558EB6672622401DA993E1E865C861

Link to comment
Share on other sites

YAC Security Protection <-- (PUP Possible Unwanted Program) have you had this on the computer?

I see a file for this application and I believe is still active?

 

c:\windows\system32\drivers\avgtpx86.sys <-- incomplete uninstall of AVG antivirus

Ad-Aware Antivirus <-- might be disabled but Ad-Aware Browsing Protection is still running

 

You have Avast antivirus you don't need 2.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Does not appear the script fix for ComboFix worked, it showed nothing as deleted.

 

We'll attempt to do it with Farbar Recovery Scan Tool.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

c:\documents and settings\Administrator\Application Data\SparkTrust

c:\documents and settings\All Users\Application Data\SparkTrust

Reg:

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MyPC Backup.lnk]

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Please post this log when finished.

 

If the machine blue screens again, try to run BlueScreenView again.

Link to comment
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-06-2014
Ran by Administrator at 2014-06-18 12:25:59 Run:2
Running from C:\Documents and Settings\Administrator\desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
c:\documents and settings\Administrator\Application Data\SparkTrust
c:\documents and settings\All Users\Application Data\SparkTrust
Reg:
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MyPC Backup.lnk]
end
*****************

"c:\documents and settings\Administrator\Application Data\SparkTrust" => File/Directory not found.
"c:\documents and settings\All Users\Application Data\SparkTrust" => File/Directory not found.

========= Reg: =========

'Reg:' is not recognized as an internal or external command,
operable program or batch file.


========= End of Reg: =========


==== End of Fixlog ====

Link to comment
Share on other sites

Mini061614-01.dmp 6/16/2014 8:00:05 PM

DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 0x0000f038 0x00000002 0x00000001 0xb60e1314 Mup.sys Mup.sys+314

Multiple UNC Provider driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6103 (xpsp_sp3_gdr.110421-1640) 32-bit ntkrnlpa.exe+6d80c Mup.sys+314 C:\WINDOWS\Minidump\Mini061614-01.dmp 2 15 2600 65,536 6/16/2014 8:03:55 PM

Mini061514-01.dmp 6/15/2014 7:14:10 PM

DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 0x0000f038 0x00000002 0x00000001 0xb60e1314 Mup.sys Mup.sys+314 Multiple UNC Provider driver Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6103 (xpsp_sp3_gdr.110421-1640) 32-bit ntoskrnl.exe+6d80c Mup.sys+314 C:\WINDOWS\Minidump\Mini061514-01.dmp 2 15 2600 65,536 6/15/2014 7:16:52 PM

Mini061414-02.dmp 6/14/2014 1:50:47 PM

IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x81fffff4 0x00000002 0x00000000 0x80522708 ntkrnlpa.exe ntkrnlpa.exe+6d80c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421) 32-bit ntkrnlpa.exe+6d80c ntkrnlpa.exe+4b708 ntkrnlpa.exe+17a364 ntkrnlpa.exe+31c14 C:\WINDOWS\Minidump\Mini061414-02.dmp 2 15 2600 65,536 6/14/2014 1:55:10 PM

Mini061414-01.dmp 6/14/2014 10:06:17 AM

DRIVER_IRQL_NOT_LESS_OR_EQUAL 0x000000d1 0x0000f038 0x00000002 0x00000001 0xb60e1314 32-bit C:\WINDOWS\Minidump\Mini061414-01.dmp 2 15 2600 65,536 6/14/2014 1:32:01 PM

Mini061314-01.dmp 6/13/2014 9:19:17 PM

IRQL_NOT_LESS_OR_EQUAL 0x0000000a 0x00000000 0x00000002 0x00000001 0x80522800 ntkrnlpa.exe ntkrnlpa.exe+6d80c NT Kernel & System Microsoft® Windows® Operating System Microsoft Corporation 5.1.2600.6419 (xpsp_sp3_qfe.130704-0421) 32-bit ntkrnlpa.exe+6d80c ntkrnlpa.exe+4b800 ntkrnlpa.exe+4bd2a ntkrnlpa.exe+499ad C:\WINDOWS\Minidump\Mini061314-01.dmp 2 15 2600 65,536 6/13/2014 9:32:03 PM

Edited by Juliet
Link to comment
Share on other sites

I know if I unplug my usb wireless device it will blue screen, and most of the time if I run A virus scans it will blue screen about 20mins into a full scan

http://answers.microsoft.com/en-us/windows/forum/windows_xp-system/xp-hangs-at-mupsys-on-startup/97c6550f-a1ef-45bb-9666-b773bacfdac0?page=2

I HAD USB mouse, which causes the error

Did you mention that when you removed your USB device, it caused a problem at that time?

 

*************************

 

I'm going to throw out troubleshooting links and fixes

 

some reasons for Blue Screens

New hardware - Software installed.

Device driver - Video driver - corrupted - faulty.

Faulty Ram - Overheating - Dying hard drive etc.

 

Bad_Pool_Caller - can relate to Ram [memory]

 

 

Last Known Good Configuration

To start your computer by using the Last Known Good Configuration feature, follow these steps:

 

Start your computer.

When you see the "Please select the operating system to start" message, press the F8 key.

When the Windows Advanced Options menu appears, use the ARROW keys to select Last Known Good Configuration (your most recent settings that worked), and then press ENTER.

If you are running other operating systems on your computer, use the ARROW keys to select Microsoft Windows XP, and then press ENTER.

 

http://support.microsoft.com/kb/314063

Link to comment
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...