Page 4 of 4 FirstFirst ... 234
Results 46 to 53 of 53
  1. #46
    Star Lounger
    Join Date
    May 2013
    Posts
    80
    Thanks
    32
    Thanked 0 Times in 0 Posts
    Thank you so very much for all of your invaluable assistance here.

    1) I have been working off of Hiren's Mini-XP for a day or two, including its ancient Opera browser, without any BSOD or frozen pointers. If I have hardware issues, why don't they show up here?

    2) Not 100% sure about this: "Disable every port/channel/device in the BIOS that you don't need...for testing". You lose me when you say "...in the BIOS..." Also, I don't have a firewire. I have a regular connection to the cable company-supplied modem. I have an installed graphics card that came with the computer.

    3) I've vacuumed inside the box a few times, checked the caps, and the other items mentioned but not for awhile. I will do so again noting the precautions you stated.

    4) If this helps you assess my issues, I finally ran Malwarebytes (free version, v2017.09.02.08) successfully (in Safe Mode). The 9th time was the charm. The first 8 times I ran it, it ran anywhere from 6 seconds to 2 minutes 15 seconds before it crashed, i.e., frozen pointer, forcing a cold reboot. I had 26 of these error messages: pup.optional.malware protection and pup.optional browser extension. I deleted them and clicked on "re-start" and it tried to take me to normal mode and I got the same result I got every time I tried to boot up in normal mode as described in my previous posts.

    Thank you again.

  2. #47
    Administrator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    5,035
    Thanks
    407
    Thanked 662 Times in 557 Posts
    Compared to Windows OS and drivers, generic/boot/live CDs such as Hiren's don't use the hardware to their full capacity, they may not enable all hardware attached either. They will bypass most malware infections though, so get the PC cleaned of all malware/adware, etc. before going any further. Attach the Malwarebytes log, we might be able to gain some clues from it.

    To access the BIOS: http://www.makeuseof.com/tag/enter-bios-computer/ An explanation of the BIOS and how to make some basic changes and navigate around in it: http://www.makeuseof.com/tag/the-bio...m-defaults-si/
    1394/Firewire is enabled in the BIOS, drivers are loaded and resources are being used for it in Windows. Similar for the Floppy drive, Serial and Parallel ports, etc. If you don't use them or have anything connected to them, disable them and free up some resources for hardware that you do need, it should also cut the time taken to boot into Windows.

    I'm unsure which good anti-malware tools will still work on XP but I'd start by using Hitman Pro, AdwCleaner and
    Junkware Removal Tool (the last two are from Malwarebytes) and please attach the resulting logs from them.

  3. The Following User Says Thank You to satrow For This Useful Post:

    BlueNumber (2017-09-11)

  4. #48
    Star Lounger
    Join Date
    May 2013
    Posts
    80
    Thanks
    32
    Thanked 0 Times in 0 Posts
    Here is the Malwarebytes log. Thank you.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/2/2017
    Scan Time: 6:40:15 PM
    Logfile: MB.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2017.09.02.08
    Rootkit Database: v2017.08.02.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Administrator

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 262676
    Time Elapsed: 7 min, 51 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 3
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\quarantine, , [0f918c23e0c9a6902c04f58b9868956b],

    Files: 23
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\MalwareProtectionClien t.exe, , [c3dd2f801e8bd85e18f96c25a15f9e62],
    PUP.Optional.MalwareProtection, C:\WINDOWS\Tasks\MPLClient.job, , [217f3679faafb87e8059dd9c3bc515eb],
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions\Uninstall.exe, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions\BEHelper.exe, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions\Button.exe, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions\Button64.exe, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions\ButtonWrap.dll, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions\ButtonWrap64.dll, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions\Coupons.dll, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.BrowserExtensions, C:\Documents and Settings\Owner\Application Data\BrowserExtensions\Coupons64.dll, , [4759713e66437eb8f2ec8212887aad53],
    PUP.Optional.MalwareProtection, C:\Documents and Settings\Owner\Start Menu\Programs\Malware Protection Live.lnk, , [8a167e31dfcaa591aa0a4275e71b32ce],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\domains, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\DotNetCheck.exe, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\DotNetCheck.exe.config , , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\MalwareProtectionClien t.exe.config, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\MPLSettings.dll, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\uninstall.exe, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\userinfo.dat, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\x86helper.dll, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.MalwareProtection, C:\Program Files\MalwareProtectionLive\x86inject.dll, , [0f918c23e0c9a6902c04f58b9868956b],
    PUP.Optional.Spigot, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\nha7bzmf.default-1492835834687\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://imp.ytdwld.com/impression.do?source=395337&sub_id=20170612&user_i d=220&traffic_source=update&event=ro_adr_search&im plementation_id=ytdau&redir=https%3A,[cbd5377882279e98f55d0208b84b0df3]F,[cbd5377882279e98f55d0208b84b0df3]Fsearch.yahoo.com,[cbd5377882279e98f55d0208b84b0df3]Fsearch%3Ffr%3Dgreentree_ff1%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st="), %5
    PUP.Optional.Spigot, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yu2c9lnu.default-1412296388296\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://imp.ytdwld.com/impression.do?source=395337&sub_id=20170612&user_i d=220&traffic_source=update&event=ro_adr_search&im plementation_id=ytdau&redir=https%3A,[bee2af00b4f5fb3b7dd532d8a2614cb4]F,[bee2af00b4f5fb3b7dd532d8a2614cb4]Fsearch.yahoo.com,[bee2af00b4f5fb3b7dd532d8a2614cb4]Fsearch%3Ffr%3Dgreentree_ff1%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st="), %5
    PUP.Optional.Spigot, C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yu2c9lnu.default-1412296388296\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "http://imp.ytdwld.com/impression.do?source=395337&sub_id=20170612&user_i d=220&traffic_source=update&event=ro_homepage&impl ementation_id=ytdau&redir=https%3A,[eab68e2142672115b71498769b6830d0]F,[eab68e2142672115b71498769b6830d0]Fsearch.yahoo.com,[eab68e2142672115b71498769b6830d0]F%3Ftype%3D395337%26fr%3Dspigot-), %5

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  5. #49
    Administrator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    5,035
    Thanks
    407
    Thanked 662 Times in 557 Posts
    Not so bad, run the other tools and see if they pick up anything else.

  6. #50
    Star Lounger
    Join Date
    May 2013
    Posts
    80
    Thanks
    32
    Thanked 0 Times in 0 Posts
    Here is the Junk Removal Tool log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Microsoft Windows XP x86
    Ran by (Limited) on 2017-10-08 at 11:08:28.79
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
    File System: 1

    Successfully deleted: X:\Documents and Settings\All Users\Start Menu\Programs\ytd video downloader (Folder)
    Registry: 0
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
    Scan was completed on 2017-10-08 at 11:08:54.62
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~


    Here is HitmanPro log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
    HitmanPro 3.7.20.286
    www.hitmanpro.com

    Computer name . . . . : MiniXP-566
    Windows . . . . . . . : 5.1.0.2600.X86/1
    User name . . . . . . : NT AUTHORITY\SYSTEM
    License . . . . . . . : Free

    Scan date . . . . . . : 2017-10-08 11:24:39
    Scan mode . . . . . . : Normal
    Scan duration . . . . : 26s
    Disk access mode . . : Direct disk access (FsdHigh)
    Cloud . . . . . . . . : Internet
    Reboot . . . . . . . : No

    Threats . . . . . . . : 0
    Traces . . . . . . . : 3

    Objects scanned . . . : 55,149
    Files scanned . . . . : 448
    Remnants scanned . . : 0 files / 54,701 keys

    Suspicious files __________________________________________________ __________

    X:\i386\system32\keybtray.exe
    Size . . . . . . . : 10,064 bytes
    Age . . . . . . . : 1796.5 days (2012-11-07 00:00:00)
    Entropy . . . . . : 7.9
    SHA-256 . . . . . : A6803C7B00FF3CFAFB371FAC53344DA905FE6174219CFE8CFA 605661628B4924
    Running processes : 1792
    Fuzzy . . . . . . : 34.0
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    Program contains PE structure anomalies. This is not typical for most programs.
    Program is running but currently exposes no human-computer interface (GUI).
    Authors name is missing in version info. This is not common to most programs.
    Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    The file is in use by one or more active processes.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.


    Repairs __________________________________________________ ___________________

    Repair Winsock
    HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~

    Please note that these activities were run on MiniXP on a Hiren's disk using an old version of Opera.
    Thank you very much for your assistance.
    Last edited by BlueNumber; 2017-10-09 at 14:10.

  7. #51
    Administrator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    5,035
    Thanks
    407
    Thanked 662 Times in 557 Posts
    Have you tried a repair install of XP yet?

  8. The Following User Says Thank You to satrow For This Useful Post:

    BlueNumber (2017-10-20)

  9. #52
    Star Lounger
    Join Date
    May 2013
    Posts
    80
    Thanks
    32
    Thanked 0 Times in 0 Posts
    No, I have not tried a repair install of XP yet. I've done it a few times years ago and it was a nightmare, especially having to download all the Microsoft updates and then getting the BSOD in the middle of the Microsoft updating and then having to do the repair install over again. I don't even know if the Microsoft updates are still available. Before I do that again, I would really like to do an sfc /scannow but I can't do it, as explained in my previous posts to this thread.

  10. #53
    Star Lounger
    Join Date
    May 2013
    Posts
    80
    Thanks
    32
    Thanked 0 Times in 0 Posts
    Please don't give up on me yet. Thanks.

Page 4 of 4 FirstFirst ... 234

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •