Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

arbitrary shut down/core dumps [Solved]


  • This topic is locked This topic is locked

#46
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Further to my last post.

 

I have to go out shortly for a few hours. I will check in as soon as I get back. :)


  • 0

Advertisements


#47
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
22:00 houston time and I give in to the insanity of trying to log in. The prior quarantine log txt was copied to flash drive prior to exiting said program. Safe mode is useless also.
  • 0

#48
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
I don't know what's going on with your machine. In the past when FRST quarantine couldn't be deleted it was just that, it didn't delete and was left. To me this is new. I guess you could say it is an interesting challenge. Not so good for you though. Hopefully we can solve the problem soon.
 
We now are faced with having to access your machine through the Recovery Environment. We will do that and run a scan to see if it tells us anything. After that we can see about removing the quarantine file and anything else that might need attending to.
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#49
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
...still trying...insanity prevails...black screen or Blu screen... Lots of time In between being rejected...
  • 0

#50
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

 

...still trying...insanity prevails...black screen or Blu screen... Lots of time In between being rejected...

 

Are you saying that even when you restart you computer and tap F8 you can't get into Advanced Boot Options and choose to go to Repair Computer and then System Recovery Options menu?

 

And if so, do you have an installation disc for that computer?


  • 0

#51
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Yes. I can't get to safe mode, gets hung up on driver script. I can't find my installation disk from 4 years ago. Where can I get one ??
  • 0

#52
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Okay, here is another way to access your computer.

 

This is a way to access your computer using a CD that we will create.

Before starting you might like to print these instruction out so that you know what you are doing. The instructions need to be followed exactly.

You will need a blank CD and a USB stick/flash drive.

Now
 

  • Download OTLPE.iso from here and save it somewhere you can get it.
  • Insert a writable blank CD/DVD in your CD drive and click on the OTPLE.iso to burn a CD.

    Next
  • connect the USB Flash Drive
  • Download FRST and save it to the root of the USB Flash Drive.

After that


  • Reboot the infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • When you see a message with Starting REATOGO-X-PE connect the USB Flash Drive
  • The CD needs to detect your hardware and load the operating system... it can take a bit of time, just be patient  :)
  • After it has fully loaded your system should display a REATOGO-X-PE desktop.
  • Double click the My Computer icon and open the drive corresponding to your flash drive
  • Double-click on FRST to run it.  FRSTicon.jpg
    When the Tool opens click Yes to the disclaimer.

FRSTconsole-1.jpg


  • Press Scan button.
  • It will produce a log called (FRST.txt) on the flash drive.
  • Open the Start Menu and click Shutdown to close the REATOGO-X-PE
  • Insert the Flash Drive on the working computer, then locate and open the FRST.txt log
  • Please copy and paste the log contents back here.

  • 0

#53
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

g'day !!

been a long weekend of utter insanity. Back to work to now relax.... :prop:   Tore up the house looking for a perceived Microsoft 7 installation disk. I downloaded it from the web 4 years ago, dont believe i received one via snail mail, called around to find they've been discontinued which is fine, for i cant find my registration key neither. :smashcomp:

i'll get back in ~24 hours to post from work with some hopefully useful info....

 

thnX Em


  • 0

#54
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

:thumbsup:


  • 0

#55
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by SYSTEM on REATOGO on 11-08-2014 20:29:24
Running from D:\
Platform: Windows 7 Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

(UPDATE/EDIT)

 

In my haste of closing down Internet Explorer warning pop-ups, I was able to cut & paste F I N A L L Y,  (What the...) 

Perhaps I am TOO eager to log in ??

 

 

HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [360448 2009-07-13] (Microsoft Corporation)
HKU\koosk\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
S2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC)
S2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\koosk\AppData\Local\Temp\catchme.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; No ImagePath
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 22:06 - 2014-08-10 22:06 - 00137736 _____ () C:\Windows\Minidump\081014-19390-01.dmp
2014-08-10 20:56 - 2014-08-10 20:56 - 00005120 ____N () C:\bootex.log
2014-08-10 09:34 - 2014-08-10 09:35 - 00140096 _____ () C:\Windows\Minidump\081014-17815-01.dmp
2014-08-10 08:47 - 2014-08-10 08:47 - 00140096 _____ () C:\Windows\Minidump\081014-16567-01.dmp
2014-08-10 08:45 - 2014-08-10 08:45 - 00003476 _____ () C:\Users\koosk\Desktop\FRST.txt
2014-08-10 08:40 - 2014-08-10 08:41 - 00151096 _____ () C:\Windows\Minidump\081014-17643-01.dmp
2014-08-09 13:12 - 2014-08-09 13:12 - 00137640 _____ () C:\Windows\Minidump\080914-20654-01.dmp
2014-08-08 23:52 - 2014-08-08 23:52 - 00135472 _____ () C:\Windows\Minidump\080814-19656-01.dmp
2014-08-07 19:15 - 2014-08-07 19:15 - 00135472 _____ () C:\Windows\Minidump\080714-21918-01.dmp
2014-08-07 08:29 - 2014-08-07 08:29 - 00135472 _____ () C:\Windows\Minidump\080714-21559-01.dmp
2014-08-06 20:12 - 2014-08-06 17:19 - 00000019 _____ () C:\Users\koosk\Desktop\fixlist.txt
2014-08-06 19:27 - 2014-08-06 19:27 - 00135248 _____ () C:\Windows\Minidump\080614-25537-01.dmp
2014-08-06 19:18 - 2014-08-06 19:18 - 00000000 __SHD () C:\found.009
2014-08-05 20:17 - 2014-08-05 20:17 - 00150856 _____ () C:\Windows\Minidump\080514-45973-01.dmp
2014-08-03 23:39 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2014-08-03 23:39 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2014-08-03 23:39 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2014-08-03 23:39 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2014-08-03 23:38 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2014-08-03 23:38 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2014-08-03 23:38 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2014-08-03 23:37 - 2014-05-14 10:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2014-08-03 23:36 - 2014-05-14 10:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2014-08-03 13:04 - 2014-08-03 13:04 - 00159320 _____ () C:\Windows\Minidump\080314-33243-01.dmp
2014-08-03 12:31 - 2014-08-03 12:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\koosk\Desktop\tdsskiller.exe
2014-08-02 23:30 - 2014-08-02 23:30 - 00015363 _____ () C:\ComboFix.txt
2014-08-01 19:20 - 2014-08-01 19:22 - 00000000 ____D () C:\5457daf1e66826d73f8d782581
2014-08-01 19:17 - 2014-08-05 19:29 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-01 19:13 - 2014-08-01 19:18 - 00000000 ____D () C:\58845617bc3da4c0b2
2014-07-30 21:31 - 2014-07-30 21:31 - 00000000 ____D () C:\found.008
2014-07-30 18:25 - 2014-07-30 18:25 - 00000000 ____D () C:\found.007
2014-07-29 18:20 - 2014-07-29 18:20 - 00000000 ____D () C:\found.006
2014-07-28 19:00 - 2014-07-28 19:01 - 00151096 _____ () C:\Windows\Minidump\072814-18610-01.dmp
2014-07-28 18:04 - 2014-07-28 18:05 - 00151096 _____ () C:\Windows\Minidump\072814-20779-01.dmp
2014-07-28 18:02 - 2014-07-28 18:02 - 00150856 _____ () C:\Windows\Minidump\072814-19734-01.dmp
2014-07-28 11:47 - 2014-07-28 11:47 - 00000000 ____D () C:\found.005
2014-07-26 07:32 - 2014-07-26 07:32 - 00151096 _____ () C:\Windows\Minidump\072614-41933-01.dmp
2014-07-26 07:12 - 2014-07-26 07:12 - 00150856 _____ () C:\Windows\Minidump\072614-40045-01.dmp
2014-07-25 19:24 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-25 19:24 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-25 19:24 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-25 19:24 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-25 19:24 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-25 19:24 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-25 19:24 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-25 19:24 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-25 19:23 - 2014-08-02 23:30 - 00000000 ____D () C:\Qoobox
2014-07-25 19:16 - 2014-08-02 07:07 - 05566616 ____R (Swearware) C:\Users\koosk\Desktop\ComboFix.exe
2014-07-24 21:34 - 2014-07-25 07:19 - 00002360 _____ () C:\Users\koosk\Desktop\FSS.txt
2014-07-24 21:32 - 2014-07-24 21:33 - 00415232 _____ (Farbar) C:\Users\koosk\Downloads\FSS.exe
2014-07-24 20:19 - 2014-07-27 21:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-24 20:17 - 2014-07-24 20:17 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 20:17 - 2014-05-12 08:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-07-24 20:17 - 2014-05-12 08:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-24 20:17 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-07-24 09:10 - 2014-07-24 09:10 - 00000000 ____D () C:\found.004
2014-07-23 01:55 - 2014-07-23 01:56 - 00022914 _____ () C:\Users\koosk\Downloads\FRST.txt
2014-07-23 01:53 - 2014-07-23 01:53 - 00151288 _____ () C:\Windows\Minidump\072314-31325-01.dmp
2014-07-23 01:47 - 2014-07-23 01:47 - 00151096 _____ () C:\Windows\Minidump\072314-45770-01.dmp
2014-07-22 21:01 - 2014-08-06 20:14 - 00000000 ____D () C:\Users\koosk\Desktop\ad_fix_jrt200713
2014-07-22 20:58 - 2014-07-22 20:59 - 00150856 _____ () C:\Windows\Minidump\072214-38407-01.dmp
2014-07-22 19:54 - 2014-07-22 19:54 - 00151992 _____ () C:\Windows\Minidump\072214-20576-01.dmp
2014-07-22 19:52 - 2014-07-22 19:52 - 00037448 ____N () C:\bootsqm.dat
2014-07-22 19:01 - 2014-07-22 18:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koosk\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-22 18:20 - 2014-07-22 18:20 - 00151704 _____ () C:\Windows\Minidump\072214-16567-01.dmp
2014-07-22 07:29 - 2014-07-22 07:29 - 00131072 _____ () C:\Windows\Minidump\072214-17846-01.dmp
2014-07-21 22:49 - 2014-07-21 22:49 - 01016261 _____ (Thisisu) C:\Users\koosk\Downloads\JRT.exe
2014-07-21 22:41 - 2010-08-30 09:34 - 00536576 _____ (SQLite Development Team) C:\Windows\System32\sqlite3.dll
2014-07-21 22:40 - 2014-07-21 22:44 - 00000000 ____D () C:\AdwCleaner
2014-07-21 22:40 - 2014-07-21 22:40 - 01354223 _____ () C:\Users\koosk\Downloads\AdwCleaner.exe
2014-07-21 19:06 - 2014-07-21 19:06 - 00151096 _____ () C:\Windows\Minidump\072114-23431-01.dmp
2014-07-20 16:45 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-20 16:45 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-20 16:45 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-20 16:45 - 2014-06-18 19:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-20 16:45 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-20 16:45 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-20 16:45 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-20 16:45 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-20 16:45 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-20 16:45 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-20 16:45 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-20 16:45 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-20 16:45 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-20 16:45 - 2014-06-18 19:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-20 16:45 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-20 16:45 - 2014-06-18 19:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-20 16:45 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-20 16:45 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-20 16:45 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-20 16:45 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-20 16:45 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-20 16:45 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-20 16:45 - 2014-06-18 18:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-20 16:45 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-20 16:45 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-20 16:45 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-20 16:45 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-20 16:45 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-20 16:45 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-20 16:45 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-20 13:57 - 2014-07-24 20:06 - 01084416 _____ (Farbar) C:\Users\koosk\Desktop\FRST.exe
2014-07-20 13:57 - 2014-07-24 20:06 - 00000000 ____D () C:\Users\koosk\Downloads\FRST-OlderVersion
2014-07-19 22:42 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-19 22:42 - 2014-06-17 20:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-19 22:37 - 2014-07-19 22:37 - 00000000 ____D () C:\Windows\CheckSur
2014-07-19 21:43 - 2014-07-23 01:56 - 00024836 _____ () C:\Users\koosk\Downloads\Addition.txt
2014-07-19 21:25 - 2014-08-10 08:45 - 00000000 ____D () C:\FRST
2014-07-18 20:28 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-18 20:27 - 2014-05-30 02:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-18 20:23 - 2014-06-29 21:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-07-18 20:23 - 2014-06-29 21:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-07-18 20:23 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-07-18 20:23 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-07-18 20:23 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-07-18 20:23 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-07-18 20:23 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-07-18 20:23 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-07-18 20:23 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-07-18 20:21 - 2014-06-05 10:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-18 18:06 - 2014-07-18 18:06 - 00151496 _____ () C:\Windows\Minidump\071814-19624-01.dmp
2014-07-18 08:46 - 2014-07-18 08:46 - 00151096 _____ () C:\Windows\Minidump\071814-26161-01.dmp
2014-07-18 07:58 - 2014-07-18 07:58 - 00152736 _____ () C:\Windows\Minidump\071814-27658-01.dmp
2014-07-17 20:09 - 2014-07-17 20:10 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:39 - 2014-07-17 19:39 - 00140096 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 19:37 - 2014-07-17 19:38 - 00152056 _____ () C:\Windows\Minidump\071714-30139-01.dmp
2014-07-17 18:16 - 2014-07-17 18:16 - 04755832 _____ (AVG Technologies) C:\Users\koosk\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-07-17 17:55 - 2014-08-10 22:06 - 196151818 _____ () C:\Windows\MEMORY.DMP
2014-07-17 17:55 - 2014-07-17 17:55 - 00151096 _____ () C:\Windows\Minidump\071714-33384-01.dmp
2014-07-15 21:24 - 2014-07-17 19:52 - 00000000 ____D () C:\found.003
2014-07-15 20:13 - 2014-07-17 19:52 - 00000000 ____D () C:\found.002
2014-07-15 07:04 - 2014-07-15 07:04 - 00000000 ____D () C:\found.001
2014-07-15 05:37 - 2014-07-15 06:15 - 00000000 ____D () C:\found.000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 22:06 - 2014-08-10 22:06 - 00137736 _____ () C:\Windows\Minidump\081014-19390-01.dmp
2014-08-10 22:06 - 2014-07-17 17:55 - 196151818 _____ () C:\Windows\MEMORY.DMP
2014-08-10 22:06 - 2013-08-23 04:13 - 00007692 _____ () C:\Windows\setupact.log
2014-08-10 22:06 - 2011-06-18 11:44 - 00000000 ____D () C:\Windows\Minidump
2014-08-10 20:56 - 2014-08-10 20:56 - 00005120 ____N () C:\bootex.log
2014-08-10 09:35 - 2014-08-10 09:34 - 00140096 _____ () C:\Windows\Minidump\081014-17815-01.dmp
2014-08-10 08:47 - 2014-08-10 08:47 - 00140096 _____ () C:\Windows\Minidump\081014-16567-01.dmp
2014-08-10 08:45 - 2014-08-10 08:45 - 00003476 _____ () C:\Users\koosk\Desktop\FRST.txt
2014-08-10 08:45 - 2014-07-19 21:25 - 00000000 ____D () C:\FRST
2014-08-10 08:41 - 2014-08-10 08:40 - 00151096 _____ () C:\Windows\Minidump\081014-17643-01.dmp
2014-08-09 13:12 - 2014-08-09 13:12 - 00137640 _____ () C:\Windows\Minidump\080914-20654-01.dmp
2014-08-09 04:59 - 2010-08-17 18:26 - 01608515 _____ () C:\Windows\WindowsUpdate.log
2014-08-09 00:01 - 2009-07-14 00:34 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 00:01 - 2009-07-14 00:34 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 23:52 - 2014-08-08 23:52 - 00135472 _____ () C:\Windows\Minidump\080814-19656-01.dmp
2014-08-07 19:15 - 2014-08-07 19:15 - 00135472 _____ () C:\Windows\Minidump\080714-21918-01.dmp
2014-08-07 08:29 - 2014-08-07 08:29 - 00135472 _____ () C:\Windows\Minidump\080714-21559-01.dmp
2014-08-06 20:14 - 2014-07-22 21:01 - 00000000 ____D () C:\Users\koosk\Desktop\ad_fix_jrt200713
2014-08-06 19:27 - 2014-08-06 19:27 - 00135248 _____ () C:\Windows\Minidump\080614-25537-01.dmp
2014-08-06 19:27 - 2010-08-25 15:51 - 00397498 _____ () C:\Windows\PFRO.log
2014-08-06 19:18 - 2014-08-06 19:18 - 00000000 __SHD () C:\found.009
2014-08-06 17:19 - 2014-08-06 20:12 - 00000019 _____ () C:\Users\koosk\Desktop\fixlist.txt
2014-08-05 20:17 - 2014-08-05 20:17 - 00150856 _____ () C:\Windows\Minidump\080514-45973-01.dmp
2014-08-05 19:29 - 2014-08-01 19:17 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-05 18:40 - 2010-08-18 14:37 - 00000000 ____D () C:\Users\koosk\AppData\Local\Adobe
2014-08-03 13:04 - 2014-08-03 13:04 - 00159320 _____ () C:\Windows\Minidump\080314-33243-01.dmp
2014-08-03 12:31 - 2014-08-03 12:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\koosk\Desktop\tdsskiller.exe
2014-08-03 00:00 - 2011-12-23 01:50 - 00000000 ____D () C:\Bovada
2014-08-02 23:30 - 2014-08-02 23:30 - 00015363 _____ () C:\ComboFix.txt
2014-08-02 23:30 - 2014-07-25 19:23 - 00000000 ____D () C:\Qoobox
2014-08-02 23:30 - 2009-07-13 22:37 - 00000000 __RHD () C:\users\Default
2014-08-02 23:30 - 2009-07-13 22:37 - 00000000 ___RD () C:\users\Public
2014-08-02 23:24 - 2010-10-16 15:14 - 00000000 ____D () C:\Windows\ERDNT
2014-08-02 23:19 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2014-08-02 07:07 - 2014-07-25 19:16 - 05566616 ____R (Swearware) C:\Users\koosk\Desktop\ComboFix.exe
2014-08-01 19:22 - 2014-08-01 19:20 - 00000000 ____D () C:\5457daf1e66826d73f8d782581
2014-08-01 19:18 - 2014-08-01 19:13 - 00000000 ____D () C:\58845617bc3da4c0b2
2014-07-30 21:31 - 2014-07-30 21:31 - 00000000 ____D () C:\found.008
2014-07-30 18:25 - 2014-07-30 18:25 - 00000000 ____D () C:\found.007
2014-07-29 18:20 - 2014-07-29 18:20 - 00000000 ____D () C:\found.006
2014-07-28 19:01 - 2014-07-28 19:00 - 00151096 _____ () C:\Windows\Minidump\072814-18610-01.dmp
2014-07-28 18:05 - 2014-07-28 18:04 - 00151096 _____ () C:\Windows\Minidump\072814-20779-01.dmp
2014-07-28 18:02 - 2014-07-28 18:02 - 00150856 _____ () C:\Windows\Minidump\072814-19734-01.dmp
2014-07-28 11:47 - 2014-07-28 11:47 - 00000000 ____D () C:\found.005
2014-07-27 21:53 - 2014-07-24 20:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-26 07:32 - 2014-07-26 07:32 - 00151096 _____ () C:\Windows\Minidump\072614-41933-01.dmp
2014-07-26 07:12 - 2014-07-26 07:12 - 00150856 _____ () C:\Windows\Minidump\072614-40045-01.dmp
2014-07-26 03:35 - 2009-07-13 22:03 - 55836672 _____ () C:\Windows\System32\config\software.bak
2014-07-26 03:35 - 2009-07-13 22:03 - 20447232 _____ () C:\Windows\System32\config\system.bak
2014-07-26 03:35 - 2009-07-13 22:03 - 00524288 _____ () C:\Windows\System32\config\default.bak
2014-07-26 03:35 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\System32\config\security.bak
2014-07-26 03:35 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\System32\config\sam.bak
2014-07-25 18:36 - 2011-04-10 17:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 07:19 - 2014-07-24 21:34 - 00002360 _____ () C:\Users\koosk\Desktop\FSS.txt
2014-07-24 21:33 - 2014-07-24 21:32 - 00415232 _____ (Farbar) C:\Users\koosk\Downloads\FSS.exe
2014-07-24 20:17 - 2014-07-24 20:17 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 20:06 - 2014-07-20 13:57 - 01084416 _____ (Farbar) C:\Users\koosk\Desktop\FRST.exe
2014-07-24 20:06 - 2014-07-20 13:57 - 00000000 ____D () C:\Users\koosk\Downloads\FRST-OlderVersion
2014-07-24 09:10 - 2014-07-24 09:10 - 00000000 ____D () C:\found.004
2014-07-23 01:56 - 2014-07-23 01:55 - 00022914 _____ () C:\Users\koosk\Downloads\FRST.txt
2014-07-23 01:56 - 2014-07-19 21:43 - 00024836 _____ () C:\Users\koosk\Downloads\Addition.txt
2014-07-23 01:53 - 2014-07-23 01:53 - 00151288 _____ () C:\Windows\Minidump\072314-31325-01.dmp
2014-07-23 01:47 - 2014-07-23 01:47 - 00151096 _____ () C:\Windows\Minidump\072314-45770-01.dmp
2014-07-22 20:59 - 2014-07-22 20:58 - 00150856 _____ () C:\Windows\Minidump\072214-38407-01.dmp
2014-07-22 20:54 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Resources
2014-07-22 19:54 - 2014-07-22 19:54 - 00151992 _____ () C:\Windows\Minidump\072214-20576-01.dmp
2014-07-22 19:52 - 2014-07-22 19:52 - 00037448 ____N () C:\bootsqm.dat
2014-07-22 18:51 - 2014-07-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koosk\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-22 18:20 - 2014-07-22 18:20 - 00151704 _____ () C:\Windows\Minidump\072214-16567-01.dmp
2014-07-22 07:29 - 2014-07-22 07:29 - 00131072 _____ () C:\Windows\Minidump\072214-17846-01.dmp
2014-07-21 22:49 - 2014-07-21 22:49 - 01016261 _____ (Thisisu) C:\Users\koosk\Downloads\JRT.exe
2014-07-21 22:44 - 2014-07-21 22:40 - 00000000 ____D () C:\AdwCleaner
2014-07-21 22:40 - 2014-07-21 22:40 - 01354223 _____ () C:\Users\koosk\Downloads\AdwCleaner.exe
2014-07-21 19:06 - 2014-07-21 19:06 - 00151096 _____ () C:\Windows\Minidump\072114-23431-01.dmp
2014-07-20 18:44 - 2010-08-17 14:43 - 00000000 ____D () C:\users\koosk
2014-07-20 18:39 - 2010-08-17 14:52 - 00797890 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-07-20 13:39 - 2009-07-14 00:33 - 00377824 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-07-19 22:37 - 2014-07-19 22:37 - 00000000 ____D () C:\Windows\CheckSur
2014-07-19 04:21 - 2014-05-06 04:03 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-07-19 04:21 - 2009-07-14 03:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 18:06 - 2014-07-18 18:06 - 00151496 _____ () C:\Windows\Minidump\071814-19624-01.dmp
2014-07-18 08:46 - 2014-07-18 08:46 - 00151096 _____ () C:\Windows\Minidump\071814-26161-01.dmp
2014-07-18 07:58 - 2014-07-18 07:58 - 00152736 _____ () C:\Windows\Minidump\071814-27658-01.dmp
2014-07-17 20:10 - 2014-07-17 20:09 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 20:10 - 2014-06-27 18:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 20:09 - 2010-08-17 17:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-17 19:52 - 2014-07-15 21:24 - 00000000 ____D () C:\found.003
2014-07-17 19:52 - 2014-07-15 20:13 - 00000000 ____D () C:\found.002
2014-07-17 19:52 - 2011-03-23 20:11 - 00000000 ____D () C:\Program Files\Steam
2014-07-17 19:39 - 2014-07-17 19:39 - 00140096 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 19:38 - 2014-07-17 19:37 - 00152056 _____ () C:\Windows\Minidump\071714-30139-01.dmp
2014-07-17 18:16 - 2014-07-17 18:16 - 04755832 _____ (AVG Technologies) C:\Users\koosk\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-07-17 17:55 - 2014-07-17 17:55 - 00151096 _____ () C:\Windows\Minidump\071714-33384-01.dmp
2014-07-16 21:10 - 2010-08-19 15:35 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-16 21:06 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\System32\wfp
2014-07-16 20:54 - 2010-12-19 00:25 - 00000000 ____D () C:\Users\koosk\AppData\Local\Western_Digital
2014-07-16 20:54 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-16 20:53 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-07-15 07:04 - 2014-07-15 07:04 - 00000000 ____D () C:\found.001
2014-07-15 06:15 - 2014-07-15 05:37 - 00000000 ____D () C:\found.000

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-07-16 20:36:10
Restore point made on: 2014-07-17 19:46:30
Restore point made on: 2014-07-17 20:00:14
Restore point made on: 2014-07-18 18:15:11
Restore point made on: 2014-07-18 20:28:34
Restore point made on: 2014-07-19 04:01:10
Restore point made on: 2014-07-19 22:37:17
Restore point made on: 2014-07-20 09:01:21
Restore point made on: 2014-07-21 04:01:47
Restore point made on: 2014-07-25 00:37:54
Restore point made on: 2014-07-25 04:04:06
Restore point made on: 2014-07-30 19:48:50
Restore point made on: 2014-08-01 09:54:09
Restore point made on: 2014-08-03 23:36:11
Restore point made on: 2014-08-04 22:01:07
Restore point made on: 2014-08-05 18:11:54
Restore point made on: 2014-08-05 18:15:57
Restore point made on: 2014-08-05 18:18:36
Restore point made on: 2014-08-05 18:22:17
Restore point made on: 2014-08-05 18:25:45
Restore point made on: 2014-08-05 18:37:17

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 1021.98 MB
Available physical RAM: 778.98 MB
Total Pagefile: 905.67 MB
Available Pagefile: 842.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.56 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:149.04 GB) (Free:22.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (STORE N GO) (Removable) (Total:7.46 GB) (Free:7.44 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 5D6A7BAF)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2014-07-28 20:14

==================== End Of Log ============================


Edited by polloq, 11 August 2014 - 06:46 PM.

  • 0

Advertisements


#56
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello polloq,

There are malware problems and I am thinking maybe other things happening on this machine. Corruption and possible hardware problems.

When I look back on your logs it looks to me that TDSSKiller didn't run properly and you have had problems with other tools. If you had an installation disk I would be recommending a reformat and reinstallation as the best solution. However, you don't have the disk so we need to see if we can make some progress in other ways.

I think the first thing we can try is to remove the quarantine file that ESET is so upset with.

After that we can try a restart and see whether the machine will boot up. Once that is achieved maybe we should look at uninstalling anything that might be causing conflict or introducing foistware. After that try running TDSSKiller again to see if it will fully check your machine.

SOoo...

Download the attached fixlist.txt file and save it to the flashdrive you are using.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt). Please post it to your reply.

Try restarting your machine and tell me how it went.
 


  • 0

#57
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Premature excitement...:(
Crashes before completing, within moments, even in safe mode w/command prompt.
  • 0

#58
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

 

Crashes before completing, within moments, even in safe mode w/command prompt.

 

So I am thinking that you are referring to attempted restart.

 

Going back to the fix, did you run that and did you get a fixlog.txt on the flash drive. If so please copy and paste it back here.  :) 


  • 0

#59
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by koosk (administrator) on KOOSK-PC on 11-08-2014 21:43:19
Running from i:\
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [360448 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1128992775-539344384-568557328-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @ptc.com/ProductViewLite -> C:\Program Files\Common Files\PTC\np6_pvapplite9.dll (PTC)

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION


  • 0

#60
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

That is another FRST scan (albeit incomplete - which in itself is a worry) not the Fixlog.txt showing the result of the fix you would have carried out when you followed the instruction at post #56.

 

Do you have the Fixlog.txt one?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP