Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezing comp


  • Please log in to reply
30 replies to this topic

#1 Mick_R

Mick_R

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 13 October 2012 - 04:16 AM

My computer keeps freezing even in safe mode. I have tried to run super anti spyware, malware bytes and even my own antivirus but after about 3-4 mins it still locks up and I have to restart the computer. Have checked for updates on all programmes and tried again still doing same. Don't know what to do next.

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 13 October 2012 - 11:02 AM

You say that the machine is freezing even in safemode have you ever opened the side of your machine and cleaned it with a can of compressed air heat will cause freezing and slowness.

#3 Mick_R

Mick_R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 13 October 2012 - 12:05 PM

I always keep the inside clean, I have noticed that whilst on the Internet the window goes black an cant even close the page. Won't even let me shut down properly just locks every thing up.

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 13 October 2012 - 01:24 PM

I would like you to re-seat all of your hardware inside and let me know when you are done then we will move on to a few scans



#5 Mick_R

Mick_R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 14 October 2012 - 03:58 AM

Ok done all that

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 14 October 2012 - 08:17 AM

Boot into safemode with networking.......

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

#7 Mick_R

Mick_R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 14 October 2012 - 09:51 AM

Ok so started the scan and after 2 mins and 8 seconds comp frozen again. Restarted and now getting a blue screen saying fatal system error

Stop: c000021a (fatal system error)
The initial session process or system process terminated unexpectedly.
Tus of 0x00000000 (c0x00000001 0x00100650)
The system has been shut down

Collecting data for crash dump
Initialising disk for crash dump
Beginning dump of physical memory.
Dumping physical memory to disk: %


Comp restarted again and i selected start windows repair as soon as cursor apeared the comp shut down cmpleteley and now no longer gets to login screen

Switched off at mains for 5 mins and tried again and got the same results as before. Now looking for sledge hammer haha

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 14 October 2012 - 02:10 PM

I have notified A member who can assist you further.
Good info to know do you have your xp disk?

#9 Mick_R

Mick_R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 14 October 2012 - 03:19 PM

Ok thanks, don't have xp disk but running vista and have no disk for that either

#10 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:49 PM

Posted 17 October 2012 - 10:39 PM

Hi Mick,

I do not suspect that this is malware related but we can try a few things.

Let me know if you are still there as it has been a few days.

#11 Mick_R

Mick_R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 18 October 2012 - 12:43 AM

I'm still here

#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:49 PM

Posted 18 October 2012 - 12:54 AM

First I have a few of questions so I can better understand your situation.

  • Do you have another computer (preferably Windows Vista) where you can create a bootable CD? We may need to create a couple in the future.
  • If you press the F8 key continuously while the computer is attempting to startup, do you get to the Advanced Boot Options menu, and does it have a "Repair Your Computer" option listed like the below?


    Posted Image
  • Does the computer freeze or restart on its own while you are idle in BIOS? Try this if you haven't yet. We want to determine if this is truly a hardware issue or not.

Edited by thisisu, 18 October 2012 - 12:57 AM.


#13 Mick_R

Mick_R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 18 October 2012 - 01:04 PM

Sorry don't have another computer. When trying to load in safe mode pressing f8 I do get the repair comp option but cannot get the computer to load into bios. it just sits with a cursor in the top left corner

#14 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:49 PM

Posted 18 October 2012 - 01:08 PM

Do you have a flash drive?

Try this if you do:

Posted Image Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the computer with the issue.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply.


#15 Mick_R

Mick_R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 18 October 2012 - 03:50 PM

ok scan done here is the log


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2012
Ran by SYSTEM at 18-10-2012 21:18:36
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe [319488 2008-10-01] ()
HKLM\...\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot [323584 2008-10-01] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [eRecoveryService] [x]
HKLM\...\Run: [Setresolution] C:\ACER\config\1366x768.cmd [x]
HKLM\...\Run: [MontiorGeo] c:\Acer\MonitorGeo.cmd [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278648 2012-09-12] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\Default User\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\michael\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [135680 2008-07-02] (Microsoft Corporation)
HKU\michael\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
HKU\michael\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\michael\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4762496 2012-10-18] (SUPERAntiSpyware.com)
HKU\michael\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\TEMP\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\TEMP\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
HKU\UpdatusUser\...\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\UpdatusUser\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard..lnk
ShortcutTarget: NETGEAR WG111v2 Smart Wizard..lnk -> C:\Program Files\Common Files\VistaRunApp.exe ()

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-09-08] (SUPERAntiSpyware.com)
2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
4 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-05-20] (CyberLink)
4 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
4 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-10-01] ()
4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] ()
4 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-06-17] (Google)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-10] (McAfee, Inc.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-10] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-10] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-10] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-10] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [279048 2012-09-10] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-10] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200816 2012-06-21] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [168368 2012-06-21] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [166320 2012-06-21] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files\McAfee Online Backup\MOBKbackup.exe" [229688 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-10] (McAfee, Inc.)
4 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] ()
4 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-20] (NVIDIA Corporation)
4 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [241734 2008-06-12] ()
4 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [186760 2011-05-22] ()
2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]

==================== Drivers (Whitelisted) ====================

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-06-21] (McAfee, Inc.)
3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [15360 2002-11-28] (Elaborate Bytes AG)
2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30376 2010-09-30] (Elaborate Bytes AG)
0 ElbyVCD; C:\Windows\System32\DRIVERS\ElbyVCD.sys [22016 2002-11-28] (Elaborate Bytes AG)
3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-10-14] (Malwarebytes Corporation)
0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [64832 2012-09-14] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [127992 2012-06-21] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [230224 2012-06-21] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [61912 2012-06-21] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [360792 2012-06-21] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [554048 2012-06-21] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-06-21] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-06-21] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [288768 2007-12-25] (NETGEAR Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-18] (Windows ® Codename Longhorn DDK provider)
1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 mfeavfk01; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-18 21:18 - 2012-10-18 21:18 - 00000000 ____D C:\FRST
2012-10-18 11:53 - 2012-10-18 11:53 - 00906326 ____A (Farbar) C:\Users\michael\Downloads\FRST.exe
2012-10-18 11:51 - 2012-10-18 11:51 - 00135208 ____A C:\Windows\Minidump\Mini101812-02.dmp
2012-10-18 10:16 - 2012-10-18 10:17 - 01458573 ____A (Farbar) C:\Users\michael\Downloads\FRST64.exe
2012-10-18 02:18 - 2012-10-18 02:18 - 00135208 ____A C:\Windows\Minidump\Mini101812-01.dmp
2012-10-16 23:27 - 2012-10-16 23:27 - 00135176 ____A C:\Windows\Minidump\Mini101712-01.dmp
2012-10-16 05:30 - 2012-10-16 05:30 - 00135208 ____A C:\Windows\Minidump\Mini101612-02.dmp
2012-10-16 01:41 - 2012-10-16 01:41 - 00135208 ____A C:\Windows\Minidump\Mini101612-01.dmp
2012-10-15 05:57 - 2012-10-15 05:57 - 00135208 ____A C:\Windows\Minidump\Mini101512-02.dmp
2012-10-14 23:04 - 2012-10-14 23:04 - 00135208 ____A C:\Windows\Minidump\Mini101512-01.dmp
2012-10-14 11:19 - 2012-10-14 11:19 - 00135208 ____A C:\Windows\Minidump\Mini101412-01.dmp
2012-10-14 06:28 - 2012-10-18 11:51 - 135410250 ____A C:\Windows\MEMORY.DMP
2012-10-13 00:34 - 2012-10-14 06:20 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-10-10 17:03 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-10 17:03 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-10 17:03 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-10 17:03 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-10 17:03 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-10 17:02 - 2012-08-29 03:27 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-10 17:02 - 2012-08-29 03:27 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-09-26 06:57 - 2012-09-14 07:26 - 00064832 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2012-09-26 06:57 - 2012-04-20 07:40 - 00146872 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2012-09-22 23:15 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-22 23:15 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-22 23:15 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-22 23:15 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-22 23:15 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-22 23:15 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-22 23:15 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-22 23:15 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-22 23:15 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-22 23:15 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-22 23:15 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-22 23:15 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-22 23:15 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-22 23:15 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-22 23:15 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-22 23:15 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-18 10:11 - 2012-09-18 10:11 - 00999696 ____A (Solid State Networks) C:\Users\michael\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-09-18 10:11 - 2012-09-18 10:11 - 00999696 ____A (Solid State Networks) C:\Users\michael\Downloads\install_flashplayer11x32_mssd_aih(1).exe

==================== 3 Months Modified Files ==================

2012-10-18 11:53 - 2012-10-18 11:53 - 00906326 ____A (Farbar) C:\Users\michael\Downloads\FRST.exe
2012-10-18 11:53 - 2006-11-02 05:01 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-18 11:53 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-18 11:51 - 2012-10-18 11:51 - 00135208 ____A C:\Windows\Minidump\Mini101812-02.dmp
2012-10-18 11:51 - 2012-10-14 06:28 - 135410250 ____A C:\Windows\MEMORY.DMP
2012-10-18 11:51 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-18 11:51 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-18 10:17 - 2012-10-18 10:16 - 01458573 ____A (Farbar) C:\Users\michael\Downloads\FRST64.exe
2012-10-18 10:17 - 2006-10-10 00:45 - 01259603 ____A C:\Windows\WindowsUpdate.log
2012-10-18 06:44 - 2012-03-28 21:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-18 02:18 - 2012-10-18 02:18 - 00135208 ____A C:\Windows\Minidump\Mini101812-01.dmp
2012-10-16 23:27 - 2012-10-16 23:27 - 00135176 ____A C:\Windows\Minidump\Mini101712-01.dmp
2012-10-16 05:30 - 2012-10-16 05:30 - 00135208 ____A C:\Windows\Minidump\Mini101612-02.dmp
2012-10-16 01:41 - 2012-10-16 01:41 - 00135208 ____A C:\Windows\Minidump\Mini101612-01.dmp
2012-10-15 05:57 - 2012-10-15 05:57 - 00135208 ____A C:\Windows\Minidump\Mini101512-02.dmp
2012-10-14 23:04 - 2012-10-14 23:04 - 00135208 ____A C:\Windows\Minidump\Mini101512-01.dmp
2012-10-14 11:19 - 2012-10-14 11:19 - 00135208 ____A C:\Windows\Minidump\Mini101412-01.dmp
2012-10-14 06:20 - 2012-10-13 00:34 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-10-13 00:34 - 2012-05-06 06:43 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-13 00:07 - 2009-08-20 11:21 - 00139776 ____A C:\Users\michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-10 18:01 - 2006-11-02 02:24 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-10-09 04:44 - 2012-03-28 21:58 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 04:44 - 2011-11-15 09:50 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-09 02:37 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-26 11:48 - 2008-01-20 18:47 - 06723900 ____A C:\Windows\PFRO.log
2012-09-18 10:11 - 2012-09-18 10:11 - 00999696 ____A (Solid State Networks) C:\Users\michael\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-09-18 10:11 - 2012-09-18 10:11 - 00999696 ____A (Solid State Networks) C:\Users\michael\Downloads\install_flashplayer11x32_mssd_aih(1).exe
2012-09-16 00:22 - 2012-09-16 00:22 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-16 00:22 - 2012-09-16 00:22 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-16 00:22 - 2012-09-16 00:22 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-16 00:22 - 2012-09-16 00:22 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-09-16 00:22 - 2012-05-10 12:03 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-16 00:22 - 2010-04-27 22:51 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-14 07:26 - 2012-09-26 06:57 - 00064832 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\McPvDrv.sys
2012-09-13 05:28 - 2012-10-10 17:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-09 10:42 - 2012-09-09 10:42 - 00000218 ____A C:\Users\michael\AppData\Local\recently-used.xbel
2012-09-07 08:04 - 2012-05-06 06:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-29 11:20 - 2009-08-19 11:50 - 00001808 ____A C:\Users\michael\Desktop\BitLord.lnk
2012-08-29 11:18 - 2012-08-29 11:17 - 26143715 ____A C:\Users\michael\Downloads\BitLord 2.1.1 Installer.exe
2012-08-29 03:27 - 2012-10-10 17:02 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-29 03:27 - 2012-10-10 17:02 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-26 01:55 - 2012-08-26 01:55 - 00001668 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-08-24 07:53 - 2012-10-10 17:03 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-23 23:27 - 2012-09-22 23:15 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 23:03 - 2012-09-22 23:15 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 22:59 - 2012-09-22 23:15 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 22:51 - 2012-09-22 23:15 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 22:51 - 2012-09-22 23:15 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 22:51 - 2012-09-22 23:15 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 22:49 - 2012-09-22 23:15 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 22:48 - 2012-09-22 23:15 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 22:47 - 2012-09-22 23:15 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 22:47 - 2012-09-22 23:15 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 22:47 - 2012-09-22 23:15 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 22:45 - 2012-09-22 23:15 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 22:44 - 2012-09-22 23:15 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 22:44 - 2012-09-22 23:15 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 22:43 - 2012-09-22 23:15 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 22:40 - 2012-09-22 23:15 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-19 11:23 - 2011-01-09 03:00 - 00000045 ____N C:\Users\All Users\.zreglib
2012-08-16 02:44 - 2006-11-02 04:47 - 00306808 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-01 11:11 - 2010-02-26 02:33 - 00000750 ____A C:\Users\michael\AppData\Roaming\wklnhst.dat


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-10 21:58:46

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 2813.94 MB
Available physical RAM: 2514.58 MB
Total Pagefile: 2720.8 MB
Available Pagefile: 2590.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

==================== Partitions =============================

1 Drive c: (ACER) (Fixed) (Total:142.04 GB) (Free:65.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:346.01 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:142.04 GB) (Free:101.07 GB) NTFS
4 Drive f: (MICKS) (Removable) (Total:3.76 GB) (Free:0.72 GB) FAT32
7 Drive x: (PQSERVICE) (Fixed) (Total:14 GB) (Free:4.48 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1337 KB
Disk 1 Online 466 GB 0 B
Disk 2 Online 3856 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 14 GB 1024 KB
Partition 2 Primary 142 GB 14 GB
Partition 3 Primary 142 GB 156 GB

=========================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 X PQSERVICE NTFS Partition 14 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C ACER NTFS Partition 142 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E DATA NTFS Partition 142 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 32 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 466 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3856 MB 0 B

=========================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-10-16 11:32

==================== End Of Log ============================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users