Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

arbitrary shut down/core dumps [Solved]


  • This topic is locked This topic is locked

#61
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by koosk (administrator) on KOOSK-PC on 12-08-2014 19:47:11
Running from C:\Users\koosk\Desktop
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1128992775-539344384-568557328-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @ptc.com/ProductViewLite -> C:\Program Files\Common Files\PTC\np6_pvapplite9.dll (PTC)

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2009-11-13] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2009-07-13] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\koosk\AppData\Local\Temp\catchme.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; No ImagePath
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 19:47 - 2014-08-12 19:47 - 00006500 _____ () C:\Users\koosk\Desktop\FRST.txt
2014-08-12 19:41 - 2014-08-11 21:05 - 00000017 _____ () C:\Users\koosk\Desktop\fixlist.txt
2014-08-12 19:27 - 2014-08-12 19:46 - 00000000 ____D () C:\Users\koosk\Desktop\FRST-OlderVersion
2014-08-12 18:21 - 2014-08-12 18:21 - 00140096 _____ () C:\Windows\Minidump\081214-18252-01.dmp
2014-08-12 18:13 - 2014-08-12 18:13 - 00151096 _____ () C:\Windows\Minidump\081214-24975-01.dmp
2014-08-12 17:51 - 2014-08-12 17:51 - 00151096 _____ () C:\Windows\Minidump\081214-21824-01.dmp
2014-08-12 17:43 - 2014-08-12 17:43 - 00150856 _____ () C:\Windows\Minidump\081214-19000-01.dmp
2014-08-11 21:25 - 2014-08-11 21:25 - 00151096 _____ () C:\Windows\Minidump\081114-21231-01.dmp
2014-08-11 21:20 - 2014-08-11 21:20 - 00135424 _____ () C:\Windows\Minidump\081114-20264-01.dmp
2014-08-11 21:08 - 2014-08-11 21:08 - 00137640 _____ () C:\Windows\Minidump\081114-19578-01.dmp
2014-08-11 19:12 - 2014-08-12 19:47 - 00000000 ____D () C:\Users\koosk\Desktop\aug
2014-08-10 21:06 - 2014-08-10 21:06 - 00137736 _____ () C:\Windows\Minidump\081014-19390-01.dmp
2014-08-10 08:34 - 2014-08-10 08:35 - 00140096 _____ () C:\Windows\Minidump\081014-17815-01.dmp
2014-08-10 07:47 - 2014-08-10 07:47 - 00140096 _____ () C:\Windows\Minidump\081014-16567-01.dmp
2014-08-10 07:40 - 2014-08-10 07:41 - 00151096 _____ () C:\Windows\Minidump\081014-17643-01.dmp
2014-08-09 12:12 - 2014-08-09 12:12 - 00137640 _____ () C:\Windows\Minidump\080914-20654-01.dmp
2014-08-08 22:52 - 2014-08-08 22:52 - 00135472 _____ () C:\Windows\Minidump\080814-19656-01.dmp
2014-08-07 18:15 - 2014-08-07 18:15 - 00135472 _____ () C:\Windows\Minidump\080714-21918-01.dmp
2014-08-07 07:29 - 2014-08-07 07:29 - 00135472 _____ () C:\Windows\Minidump\080714-21559-01.dmp
2014-08-06 18:27 - 2014-08-06 18:27 - 00135248 _____ () C:\Windows\Minidump\080614-25537-01.dmp
2014-08-06 18:18 - 2014-08-06 18:18 - 00000000 __SHD () C:\found.009
2014-08-05 19:17 - 2014-08-05 19:17 - 00150856 _____ () C:\Windows\Minidump\080514-45973-01.dmp
2014-08-03 22:39 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 22:39 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 22:39 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 22:39 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 22:38 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 22:38 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 22:38 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 22:37 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 22:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 12:04 - 2014-08-03 12:04 - 00159320 _____ () C:\Windows\Minidump\080314-33243-01.dmp
2014-08-03 11:31 - 2014-08-03 11:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\koosk\Desktop\tdsskiller.exe
2014-08-02 22:30 - 2014-08-02 22:30 - 00015363 _____ () C:\ComboFix.txt
2014-08-01 18:20 - 2014-08-01 18:22 - 00000000 ____D () C:\5457daf1e66826d73f8d782581
2014-08-01 18:17 - 2014-08-05 18:29 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-01 18:13 - 2014-08-01 18:18 - 00000000 ____D () C:\58845617bc3da4c0b2
2014-07-30 20:31 - 2014-07-30 20:31 - 00000000 ____D () C:\found.008
2014-07-30 17:25 - 2014-07-30 17:25 - 00000000 ____D () C:\found.007
2014-07-30 17:15 - 2014-07-30 17:32 - 00000000 ____D () C:\ProgramData\RegistryReviver.exe
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\ProgramData\ReviverSoft
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2014-07-29 17:20 - 2014-07-29 17:20 - 00000000 ____D () C:\found.006
2014-07-28 18:00 - 2014-07-28 18:01 - 00151096 _____ () C:\Windows\Minidump\072814-18610-01.dmp
2014-07-28 17:04 - 2014-07-28 17:05 - 00151096 _____ () C:\Windows\Minidump\072814-20779-01.dmp
2014-07-28 17:02 - 2014-07-28 17:02 - 00150856 _____ () C:\Windows\Minidump\072814-19734-01.dmp
2014-07-28 10:47 - 2014-07-28 10:47 - 00000000 ____D () C:\found.005
2014-07-26 06:32 - 2014-07-26 06:32 - 00151096 _____ () C:\Windows\Minidump\072614-41933-01.dmp
2014-07-26 06:12 - 2014-07-26 06:12 - 00150856 _____ () C:\Windows\Minidump\072614-40045-01.dmp
2014-07-25 18:24 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-25 18:24 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-25 18:24 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-25 18:24 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-25 18:24 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-25 18:24 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-25 18:24 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-25 18:24 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-25 18:23 - 2014-08-02 22:30 - 00000000 ____D () C:\Qoobox
2014-07-25 18:16 - 2014-08-02 06:07 - 05566616 ____R (Swearware) C:\Users\koosk\Desktop\ComboFix.exe
2014-07-24 20:32 - 2014-07-24 20:33 - 00415232 _____ (Farbar) C:\Users\koosk\Downloads\FSS.exe
2014-07-24 19:19 - 2014-07-27 20:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 19:17 - 2014-07-24 19:17 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 19:17 - 2014-07-24 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 19:17 - 2014-07-24 19:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 19:17 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-24 19:17 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-24 19:17 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-24 08:10 - 2014-07-24 08:10 - 00000000 ____D () C:\found.004
2014-07-23 00:55 - 2014-07-23 00:56 - 00022914 _____ () C:\Users\koosk\Downloads\FRST.txt
2014-07-23 00:53 - 2014-07-23 00:53 - 00151288 _____ () C:\Windows\Minidump\072314-31325-01.dmp
2014-07-23 00:47 - 2014-07-23 00:47 - 00151096 _____ () C:\Windows\Minidump\072314-45770-01.dmp
2014-07-22 20:01 - 2014-08-11 21:11 - 00000000 ____D () C:\Users\koosk\Desktop\ad_fix_jrt200713
2014-07-22 19:58 - 2014-07-22 19:59 - 00150856 _____ () C:\Windows\Minidump\072214-38407-01.dmp
2014-07-22 18:54 - 2014-07-22 18:54 - 00151992 _____ () C:\Windows\Minidump\072214-20576-01.dmp
2014-07-22 18:52 - 2014-07-22 18:52 - 00040672 ____N () C:\bootsqm.dat
2014-07-22 18:01 - 2014-07-22 17:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koosk\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-22 17:20 - 2014-07-22 17:20 - 00151704 _____ () C:\Windows\Minidump\072214-16567-01.dmp
2014-07-22 06:29 - 2014-07-22 06:29 - 00131072 _____ () C:\Windows\Minidump\072214-17846-01.dmp
2014-07-21 21:49 - 2014-07-21 21:49 - 01016261 _____ (Thisisu) C:\Users\koosk\Downloads\JRT.exe
2014-07-21 21:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-21 21:40 - 2014-07-21 21:44 - 00000000 ____D () C:\AdwCleaner
2014-07-21 21:40 - 2014-07-21 21:40 - 01354223 _____ () C:\Users\koosk\Downloads\AdwCleaner.exe
2014-07-21 18:06 - 2014-07-21 18:06 - 00151096 _____ () C:\Windows\Minidump\072114-23431-01.dmp
2014-07-20 15:45 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 15:45 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 15:45 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 15:45 - 2014-06-18 18:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 15:45 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 15:45 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 15:45 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 15:45 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 15:45 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 15:45 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 15:45 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 15:45 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 15:45 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 15:45 - 2014-06-18 18:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 15:45 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 15:45 - 2014-06-18 18:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 15:45 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 15:45 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 15:45 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 15:45 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 15:45 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 15:45 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 15:45 - 2014-06-18 17:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 15:45 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 15:45 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 15:45 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 15:45 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 15:45 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 15:45 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 15:45 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 12:57 - 2014-08-12 19:46 - 01092096 _____ (Farbar) C:\Users\koosk\Desktop\FRST.exe
2014-07-20 12:57 - 2014-07-24 19:06 - 00000000 ____D () C:\Users\koosk\Downloads\FRST-OlderVersion
2014-07-19 21:42 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-19 21:42 - 2014-06-17 19:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-19 21:37 - 2014-07-19 21:37 - 00000000 ____D () C:\Windows\CheckSur
2014-07-19 20:43 - 2014-07-23 00:56 - 00024836 _____ () C:\Users\koosk\Downloads\Addition.txt
2014-07-19 20:25 - 2014-08-12 19:48 - 00000000 ____D () C:\FRST
2014-07-18 19:28 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 19:27 - 2014-05-30 01:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-18 19:23 - 2014-06-29 20:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-18 19:23 - 2014-06-29 20:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-18 19:23 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-18 19:21 - 2014-06-05 09:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 17:06 - 2014-07-18 17:06 - 00151496 _____ () C:\Windows\Minidump\071814-19624-01.dmp
2014-07-18 07:46 - 2014-07-18 07:46 - 00151096 _____ () C:\Windows\Minidump\071814-26161-01.dmp
2014-07-18 06:58 - 2014-07-18 06:58 - 00152736 _____ () C:\Windows\Minidump\071814-27658-01.dmp
2014-07-17 19:10 - 2014-07-17 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 19:09 - 2014-07-17 19:10 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:09 - 2014-07-17 19:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 19:00 - 2014-07-17 19:00 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-17 18:39 - 2014-07-17 18:39 - 00140096 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 18:37 - 2014-07-17 18:38 - 00152056 _____ () C:\Windows\Minidump\071714-30139-01.dmp
2014-07-17 17:16 - 2014-07-17 17:16 - 04755832 _____ (AVG Technologies) C:\Users\koosk\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-07-17 16:55 - 2014-08-12 18:21 - 161485630 _____ () C:\Windows\MEMORY.DMP
2014-07-17 16:55 - 2014-07-17 16:55 - 00151096 _____ () C:\Windows\Minidump\071714-33384-01.dmp
2014-07-15 20:24 - 2014-07-17 18:52 - 00000000 ____D () C:\found.003
2014-07-15 19:13 - 2014-07-17 18:52 - 00000000 ____D () C:\found.002
2014-07-15 06:04 - 2014-07-15 06:04 - 00000000 ____D () C:\found.001
2014-07-15 04:37 - 2014-07-15 05:15 - 00000000 ____D () C:\found.000

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-12 19:58 - 2014-08-12 19:47 - 00006500 _____ () C:\Users\koosk\Desktop\FRST.txt
2014-08-12 19:48 - 2014-07-19 20:25 - 00000000 ____D () C:\FRST
2014-08-12 19:47 - 2014-08-11 19:12 - 00000000 ____D () C:\Users\koosk\Desktop\aug
2014-08-12 19:46 - 2014-08-12 19:27 - 00000000 ____D () C:\Users\koosk\Desktop\FRST-OlderVersion
2014-08-12 19:46 - 2014-07-20 12:57 - 01092096 _____ (Farbar) C:\Users\koosk\Desktop\FRST.exe
2014-08-12 19:22 - 2009-07-13 23:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 19:22 - 2009-07-13 23:34 - 00013760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 19:10 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 19:09 - 2013-08-23 03:13 - 00008028 _____ () C:\Windows\setupact.log
2014-08-12 19:09 - 2011-02-12 11:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-12 18:25 - 2010-08-17 17:26 - 01636380 _____ () C:\Windows\WindowsUpdate.log
2014-08-12 18:21 - 2014-08-12 18:21 - 00140096 _____ () C:\Windows\Minidump\081214-18252-01.dmp
2014-08-12 18:21 - 2014-07-17 16:55 - 161485630 _____ () C:\Windows\MEMORY.DMP
2014-08-12 18:21 - 2011-06-18 10:44 - 00000000 ____D () C:\Windows\Minidump
2014-08-12 18:13 - 2014-08-12 18:13 - 00151096 _____ () C:\Windows\Minidump\081214-24975-01.dmp
2014-08-12 17:51 - 2014-08-12 17:51 - 00151096 _____ () C:\Windows\Minidump\081214-21824-01.dmp
2014-08-12 17:43 - 2014-08-12 17:43 - 00150856 _____ () C:\Windows\Minidump\081214-19000-01.dmp
2014-08-11 21:25 - 2014-08-11 21:25 - 00151096 _____ () C:\Windows\Minidump\081114-21231-01.dmp
2014-08-11 21:20 - 2014-08-11 21:20 - 00135424 _____ () C:\Windows\Minidump\081114-20264-01.dmp
2014-08-11 21:11 - 2014-07-22 20:01 - 00000000 ____D () C:\Users\koosk\Desktop\ad_fix_jrt200713
2014-08-11 21:08 - 2014-08-11 21:08 - 00137640 _____ () C:\Windows\Minidump\081114-19578-01.dmp
2014-08-11 21:05 - 2014-08-12 19:41 - 00000017 _____ () C:\Users\koosk\Desktop\fixlist.txt
2014-08-11 19:29 - 2010-08-17 13:43 - 00000000 ____D () C:\Users\koosk
2014-08-10 21:06 - 2014-08-10 21:06 - 00137736 _____ () C:\Windows\Minidump\081014-19390-01.dmp
2014-08-10 08:35 - 2014-08-10 08:34 - 00140096 _____ () C:\Windows\Minidump\081014-17815-01.dmp
2014-08-10 07:47 - 2014-08-10 07:47 - 00140096 _____ () C:\Windows\Minidump\081014-16567-01.dmp
2014-08-10 07:41 - 2014-08-10 07:40 - 00151096 _____ () C:\Windows\Minidump\081014-17643-01.dmp
2014-08-09 12:12 - 2014-08-09 12:12 - 00137640 _____ () C:\Windows\Minidump\080914-20654-01.dmp
2014-08-08 22:56 - 2009-07-13 23:53 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-08 22:52 - 2014-08-08 22:52 - 00135472 _____ () C:\Windows\Minidump\080814-19656-01.dmp
2014-08-07 18:15 - 2014-08-07 18:15 - 00135472 _____ () C:\Windows\Minidump\080714-21918-01.dmp
2014-08-07 07:29 - 2014-08-07 07:29 - 00135472 _____ () C:\Windows\Minidump\080714-21559-01.dmp
2014-08-06 18:27 - 2014-08-06 18:27 - 00135248 _____ () C:\Windows\Minidump\080614-25537-01.dmp
2014-08-06 18:27 - 2010-08-25 14:51 - 00397498 _____ () C:\Windows\PFRO.log
2014-08-06 18:18 - 2014-08-06 18:18 - 00000000 __SHD () C:\found.009
2014-08-05 19:17 - 2014-08-05 19:17 - 00150856 _____ () C:\Windows\Minidump\080514-45973-01.dmp
2014-08-05 18:29 - 2014-08-01 18:17 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-05 17:41 - 2010-08-18 13:38 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-05 17:40 - 2010-08-18 13:37 - 00000000 ____D () C:\Users\koosk\AppData\Local\Adobe
2014-08-03 12:04 - 2014-08-03 12:04 - 00159320 _____ () C:\Windows\Minidump\080314-33243-01.dmp
2014-08-03 11:31 - 2014-08-03 11:31 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\koosk\Desktop\tdsskiller.exe
2014-08-02 23:00 - 2011-12-23 00:50 - 00000000 ____D () C:\Bovada
2014-08-02 22:30 - 2014-08-02 22:30 - 00015363 _____ () C:\ComboFix.txt
2014-08-02 22:30 - 2014-07-25 18:23 - 00000000 ____D () C:\Qoobox
2014-08-02 22:30 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-08-02 22:30 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-08-02 22:24 - 2010-10-16 14:14 - 00000000 ____D () C:\Windows\ERDNT
2014-08-02 22:19 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-08-02 06:07 - 2014-07-25 18:16 - 05566616 ____R (Swearware) C:\Users\koosk\Desktop\ComboFix.exe
2014-08-01 18:22 - 2014-08-01 18:20 - 00000000 ____D () C:\5457daf1e66826d73f8d782581
2014-08-01 18:18 - 2014-08-01 18:13 - 00000000 ____D () C:\58845617bc3da4c0b2
2014-07-30 20:31 - 2014-07-30 20:31 - 00000000 ____D () C:\found.008
2014-07-30 17:32 - 2014-07-30 17:15 - 00000000 ____D () C:\ProgramData\RegistryReviver.exe
2014-07-30 17:25 - 2014-07-30 17:25 - 00000000 ____D () C:\found.007
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\ProgramData\ReviverSoft
2014-07-30 17:15 - 2014-07-30 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2014-07-29 17:20 - 2014-07-29 17:20 - 00000000 ____D () C:\found.006
2014-07-28 18:01 - 2014-07-28 18:00 - 00151096 _____ () C:\Windows\Minidump\072814-18610-01.dmp
2014-07-28 17:05 - 2014-07-28 17:04 - 00151096 _____ () C:\Windows\Minidump\072814-20779-01.dmp
2014-07-28 17:02 - 2014-07-28 17:02 - 00150856 _____ () C:\Windows\Minidump\072814-19734-01.dmp
2014-07-28 10:47 - 2014-07-28 10:47 - 00000000 ____D () C:\found.005
2014-07-27 20:53 - 2014-07-24 19:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 06:32 - 2014-07-26 06:32 - 00151096 _____ () C:\Windows\Minidump\072614-41933-01.dmp
2014-07-26 06:12 - 2014-07-26 06:12 - 00150856 _____ () C:\Windows\Minidump\072614-40045-01.dmp
2014-07-26 02:35 - 2009-07-13 21:03 - 55836672 _____ () C:\Windows\system32\config\software.bak
2014-07-26 02:35 - 2009-07-13 21:03 - 20447232 _____ () C:\Windows\system32\config\system.bak
2014-07-26 02:35 - 2009-07-13 21:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-07-26 02:35 - 2009-07-13 21:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-07-26 02:35 - 2009-07-13 21:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-07-25 17:36 - 2011-04-10 16:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 03:15 - 2011-04-10 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 20:33 - 2014-07-24 20:32 - 00415232 _____ (Farbar) C:\Users\koosk\Downloads\FSS.exe
2014-07-24 19:17 - 2014-07-24 19:17 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 19:17 - 2014-07-24 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 19:17 - 2014-07-24 19:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 19:06 - 2014-07-20 12:57 - 00000000 ____D () C:\Users\koosk\Downloads\FRST-OlderVersion
2014-07-24 08:10 - 2014-07-24 08:10 - 00000000 ____D () C:\found.004
2014-07-23 00:56 - 2014-07-23 00:55 - 00022914 _____ () C:\Users\koosk\Downloads\FRST.txt
2014-07-23 00:56 - 2014-07-19 20:43 - 00024836 _____ () C:\Users\koosk\Downloads\Addition.txt
2014-07-23 00:53 - 2014-07-23 00:53 - 00151288 _____ () C:\Windows\Minidump\072314-31325-01.dmp
2014-07-23 00:47 - 2014-07-23 00:47 - 00151096 _____ () C:\Windows\Minidump\072314-45770-01.dmp
2014-07-22 19:59 - 2014-07-22 19:58 - 00150856 _____ () C:\Windows\Minidump\072214-38407-01.dmp
2014-07-22 19:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Resources
2014-07-22 18:54 - 2014-07-22 18:54 - 00151992 _____ () C:\Windows\Minidump\072214-20576-01.dmp
2014-07-22 18:52 - 2014-07-22 18:52 - 00040672 ____N () C:\bootsqm.dat
2014-07-22 17:51 - 2014-07-22 18:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\koosk\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-22 17:36 - 2010-10-16 15:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 17:20 - 2014-07-22 17:20 - 00151704 _____ () C:\Windows\Minidump\072214-16567-01.dmp
2014-07-22 06:29 - 2014-07-22 06:29 - 00131072 _____ () C:\Windows\Minidump\072214-17846-01.dmp
2014-07-21 21:49 - 2014-07-21 21:49 - 01016261 _____ (Thisisu) C:\Users\koosk\Downloads\JRT.exe
2014-07-21 21:44 - 2014-07-21 21:40 - 00000000 ____D () C:\AdwCleaner
2014-07-21 21:40 - 2014-07-21 21:40 - 01354223 _____ () C:\Users\koosk\Downloads\AdwCleaner.exe
2014-07-21 18:06 - 2014-07-21 18:06 - 00151096 _____ () C:\Windows\Minidump\072114-23431-01.dmp
2014-07-20 17:39 - 2010-08-17 13:52 - 00797890 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-20 12:39 - 2009-07-13 23:33 - 00377824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-19 21:37 - 2014-07-19 21:37 - 00000000 ____D () C:\Windows\CheckSur
2014-07-19 03:21 - 2014-05-06 03:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-19 03:21 - 2009-07-14 02:49 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 17:06 - 2014-07-18 17:06 - 00151496 _____ () C:\Windows\Minidump\071814-19624-01.dmp
2014-07-18 07:46 - 2014-07-18 07:46 - 00151096 _____ () C:\Windows\Minidump\071814-26161-01.dmp
2014-07-18 06:58 - 2014-07-18 06:58 - 00152736 _____ () C:\Windows\Minidump\071814-27658-01.dmp
2014-07-17 19:10 - 2014-07-17 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-17 19:10 - 2014-07-17 19:09 - 00000000 ____D () C:\Program Files\iPod
2014-07-17 19:10 - 2014-06-27 17:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-17 19:09 - 2014-07-17 19:09 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-17 19:09 - 2010-08-17 16:02 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-17 19:00 - 2014-07-17 19:00 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-17 18:52 - 2014-07-15 20:24 - 00000000 ____D () C:\found.003
2014-07-17 18:52 - 2014-07-15 19:13 - 00000000 ____D () C:\found.002
2014-07-17 18:52 - 2011-03-23 19:11 - 00000000 ____D () C:\Program Files\Steam
2014-07-17 18:46 - 2011-03-23 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-17 18:39 - 2014-07-17 18:39 - 00140096 _____ () C:\Windows\Minidump\071714-21606-01.dmp
2014-07-17 18:38 - 2014-07-17 18:37 - 00152056 _____ () C:\Windows\Minidump\071714-30139-01.dmp
2014-07-17 17:16 - 2014-07-17 17:16 - 04755832 _____ (AVG Technologies) C:\Users\koosk\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-07-17 16:55 - 2014-07-17 16:55 - 00151096 _____ () C:\Windows\Minidump\071714-33384-01.dmp
2014-07-16 20:10 - 2010-08-19 14:35 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-07-16 20:06 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-16 19:54 - 2010-12-18 23:25 - 00000000 ____D () C:\Users\koosk\AppData\Local\Western_Digital
2014-07-16 19:54 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-16 19:53 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-07-15 06:04 - 2014-07-15 06:04 - 00000000 ____D () C:\found.001
2014-07-15 05:15 - 2014-07-15 04:37 - 00000000 ____D () C:\found.000

Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-28 19:14

==================== End Of Log ============================


  • 0

Advertisements


#62
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Looks like you managed to run that scan in Normal Mode.

 

Please tell me if you ran the fix I posted number 56.

 

You haven't posted the Fixlog.txt so does that mean you didn't find it?

 

The reason I am asking is because before we try other things, I need to know if the reason you were able to run the scan in your last post, was because the fix to remove the quarantine file worked.


  • 0

#63
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I swear I saved fixlist (from post 56) to desktop, I run desktop FRST and the text file is saved as a frst.txt to desktop??!? There is NO fixlist.txt
R e a l s l o w performance.

Edited by polloq, 12 August 2014 - 08:35 PM.

  • 0

#64
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

 

is saved as a frst.txt to desktop??!? There is NO fixlist.txt

 

Ah ha, I think I know what is happening. :)

 

No, when you run a fix the log is not saved as fixlist.txt.

 

When you run a fix, as requested at post number 56 the log is saved a Fixlog.txt


  • 0

#65
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by koosk at 2014-08-13 20:54:16 Run:4
Running from C:\Users\koosk\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
DeleteQuarantine:
*****************

"C:\FRST\Quarantine" => removed successfully.

==== End of Fixlog ====
  • 0

#66
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Excellent, we can see the fix worked. :thumbsup:
 

Now


Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.

Note: rKill.txt log can also be found on your desktop.


  • 0

#67
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 08/14/2014 06:12:55 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 08/14/2014 06:17:07 AM
Execution time: 0 hours(s), 4 minute(s), and 11 seconds(s)

 

(querqy still, like HAL in space odyssey 2000)


Edited by polloq, 14 August 2014 - 02:22 PM.

  • 0

#68
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Well I am not seeing any malware there.
 
I think you have got software or hardware problems that are not related to infection.
 
Could be some conflict with programs going on. You could try uninstalling any programs that you installed at or around the time these problems began.
 
Maybe check for updates to your systems drivers.
 
How to update drivers.

  • On you keyboard press the Windows key and R at the same time. A Run box will open.
  • Type: devmgmt.msc .
  • Press OK, now Device Manager should open.
  • Expand a heading and highlight any item. Click Action (at the top of the window next to "File"). Press Update Driver Software.
     

Another thing you might try is this:

 

Download Windows Repair (All In One) from here.

It will allow you to repair common issues with your computer.  When using this tool you can select the particular fixes you would like to launch and start the repair process.

Please download the tool to somewhere you can find it.

Double click to open and follow the prompts to install.

Once installed click on the tab Step 3 and proceed from there. Run Chkdsk and System File Checker (if you have done this before move to the next action). When that is finished move to the Start Repairs tab.

At Start Repairs press the button Start

If a pop up asks you whether you want create a restore point or back up your registry press yes and follow the backup registry option.

After that is complete press Start again:

At the list that presents put a check (tick) in the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair WMI
• Repair Internet Explorer
• Repair MDAC & MS Jet
• Repair Hosts File
• Remove Policies Set By Infections
• Repair Winsock & DNS Cache
• Remove Temp Files

Also put a check in the Restart/Shutdown System When Finished (lower right) box.

and in Restart System

Then click on the Start button if it doesn't do it automatically

When it is finished check how your computer is running and if your machines problems have gone.

Come back and tell me how it went. :)


  • 0

#69
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

amazingly real time, BUT, still get  'Internet Explorer has stopped working' pop up window.

 

i am IMPRESSED.... :D


Edited by polloq, 15 August 2014 - 07:47 AM.

  • 0

#70
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello polloq,

 

Looks like some progress being made. :)

 

BUT, still get  'Internet Explorer has stopped working' pop up window.


Please go to support Microsoft for instructions on how to repair/reinstall your Internet Explorer.

Follow the directions there.

Come back and tell me if there is a change.
  • 0

Advertisements


#71
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

still getting 'Internet Explorer has stopped working' pop up window, after all above applied, working around those annoying pop-ups...


  • 0

#72
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

 

working around those annoying pop-ups...

 

I take it that the pop ups you are referring to there are the ones saying that IE isn't working?

 

In other words they are Windows saying IE isn't working not something else?


  • 0

#73
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Exact error in quotes in prior message, IF I can get past the endless loop of it rebooting on its own from onset. Right before log in of system I get :: Memory address line failure at 1334C058, read CBCBCBFF expecting CBCBCBCB Decreasing available
Memory
  • 0

#74
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hmm... we did try to run this earlier but without success.

Let's try again, it might give us some more information.

If you haven't already got this on your machine please download Farbar Service Scanner and run.

If you do have it on your computer please double click to run it.
 

  • Make sure the following options are checked:
     
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
  • Press Scan
  • A log (FSS.txt) will be created in the same directory the tool is run.
  • Copy and paste the log back here.

 
 

 


  • 0

#75
polloq

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

@#$%&*#%#......inhale / exhale.....

IF i didnt have any family pics I want to retrieve, i would just give up trying, but, id love to find out who is behind this 'foistware' & fill their head full of pop knots....

 

PLEASE stay tuned....

 

thnx


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP