Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ASUS Laptop N61JQ Freezing Multiple Times


  • Please log in to reply
28 replies to this topic

#1 tscoca

tscoca

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 13 April 2013 - 03:30 PM

Hello,

 

I am in need of assistance with my laptop freezing up consistent. Below are my DDS logs. Any assistance would be greatly appreciated, thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.17.2
Run by Admin at 16:19:03 on 2013-04-13
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4020.2597 [GMT -4:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\archive\PeerBlock_r518__x64_Release_(Vista)[1]\peerblock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN36420516793046416&UM=2&ctid=CT3269511
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3DC0BFC0-FFA9-436D-9C12-5036AAAAC04E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
x64-Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1kzzzp6u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-12 17:08; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1kzzzp6u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-5-11 15928]
R1 pxrts;pxrts;C:\Windows\System32\drivers\pxrts.sys [2013-4-12 65736]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-5-11 359552]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-18 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-5-11 14904]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-11 2314240]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-10-15 117760]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-11 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-4 62464]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 pbfilter;pbfilter;D:\archive\PeerBlock_r518__x64_Release_(Vista)[1]\pbfilter.sys [2010-11-6 24176]
R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-19 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-21 42184]
.
=============== Created Last 30 ================
.
2013-04-13 19:52:08    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Malwarebytes
2013-04-13 19:51:51    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-13 19:51:51    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-04-13 19:51:51    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-13 19:51:43    --------    d-----w-    C:\Users\Admin\AppData\Local\Programs
2013-04-13 19:40:32    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-04-12 23:52:17    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-04-12 21:28:26    98816    ----a-w-    C:\Windows\sed.exe
2013-04-12 21:28:26    256000    ----a-w-    C:\Windows\PEV.exe
2013-04-12 21:28:26    208896    ----a-w-    C:\Windows\MBR.exe
2013-04-12 21:26:06    --------    d-----w-    C:\FRST
2013-04-12 21:08:07    --------    d-----w-    C:\Users\Admin\AppData\Local\Mozilla
2013-04-12 21:08:00    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-12 17:25:03    173504    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2013-04-12 16:38:34    65736    ----a-w-    C:\Windows\System32\drivers\pxrts.sys
2013-04-12 16:38:19    --------    d-----w-    C:\ProgramData\PrevxCSI
2013-04-12 02:45:57    --------    d-----w-    C:\Program Files\Core Temp
2013-04-12 02:44:59    --------    d-----w-    C:\ProgramData\APN
2013-04-11 16:41:25    --------    d-----w-    C:\Windows\PCHEALTH
2013-04-11 16:32:50    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2013-04-11 16:32:42    --------    d-----w-    C:\Users\Admin\AppData\Local\Microsoft Help
2013-04-10 14:45:33    --------    d-----w-    C:\Windows\pss
2013-04-09 22:33:48    --------    d-----w-    C:\Users\Admin\AppData\Local\Avg2013
2013-04-09 21:25:10    --------    d-----w-    C:\Users\Admin\AppData\Roaming\TuneUp Software
2013-04-09 21:21:30    --------    d-----w-    C:\Users\Admin\AppData\Roaming\HTML Executable
2013-04-09 21:21:13    --------    d--h--w-    C:\ProgramData\Common Files
2013-04-09 21:21:12    --------    d-----w-    C:\Users\Admin\AppData\Local\MFAData
2013-04-09 21:21:12    --------    d-----w-    C:\ProgramData\MFAData
2013-04-01 15:55:30    --------    d-----w-    C:\Users\Admin\AppData\Local\Apple Computer
2013-04-01 15:55:06    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-04-01 15:54:39    --------    d-----w-    C:\Program Files\iPod
2013-04-01 15:54:38    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-01 15:54:38    --------    d-----w-    C:\Program Files\iTunes
2013-04-01 15:54:38    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-04-01 15:54:00    --------    d-----w-    C:\Program Files\Bonjour
2013-04-01 15:54:00    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-03-29 00:37:52    --------    d-----w-    C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2013-03-25 21:27:14    --------    d-----w-    C:\Users\Admin\AppData\Roaming\IObit
2013-03-25 21:27:14    --------    d-----w-    C:\ProgramData\IObit
2013-03-25 21:27:10    --------    d-----w-    C:\Program Files (x86)\IObit
2013-03-24 18:41:08    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-03-24 18:41:08    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-03-24 18:41:08    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-03-24 18:41:08    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-03-24 18:41:08    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-03-24 18:41:08    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-03-24 18:41:08    159744    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-03-24 18:40:32    --------    d-----w-    C:\Users\Admin\AppData\Local\Apple
2013-03-24 16:15:23    --------    d-----w-    C:\Users\Admin\AppData\Local\CutePDF Writer
2013-03-24 16:14:53    --------    d-----w-    C:\Program Files (x86)\GPLGS
2013-03-24 16:14:37    87152    ----a-w-    C:\Windows\System32\cpwmon64.dll
2013-03-24 16:14:36    --------    d-----w-    C:\Program Files (x86)\Acro Software
2013-03-23 00:56:59    --------    d-----w-    C:\ProgramData\ASUS
2013-03-23 00:56:57    --------    d-----w-    C:\Users\Admin\AppData\Local\ASUS
2013-03-22 23:43:40    --------    d-----w-    C:\Users\Admin\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2013-03-20 16:46:49    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-20 16:46:49    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-03-20 16:46:42    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-20 02:18:02    --------    d-----w-    C:\Program Files\VideoLAN
2013-03-19 18:32:02    --------    d-----w-    C:\Windows\System32\log
2013-03-19 17:01:01    142336    ----a-w-    C:\Windows\System32\poqexec.exe
2013-03-19 17:01:01    123904    ----a-w-    C:\Windows\SysWow64\poqexec.exe
2013-03-19 16:44:53    182272    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-03-19 16:44:53    1462784    ----a-w-    C:\Windows\System32\crypt32.dll
2013-03-19 16:44:53    140288    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-03-19 16:44:53    139264    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-03-19 16:44:53    1157632    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-03-19 16:44:53    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-03-19 16:26:55    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Hotspot Shield
2013-03-19 16:26:22    --------    d-----w-    C:\Users\Admin\AppData\Local\Trend Micro
2013-03-19 16:25:37    --------    d-----w-    C:\components
2013-03-19 16:19:50    --------    d-----w-    C:\Users\Admin\AppData\Roaming\OpenCandy
2013-03-19 16:19:27    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-03-19 16:19:26    --------    d-----w-    C:\Users\Admin\AppData\Local\Conduit
2013-03-19 16:16:44    --------    d-----w-    C:\Users\Admin\AppData\Roaming\BitTorrent
2013-03-19 16:14:02    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-03-19 16:14:02    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-03-19 15:59:42    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-03-19 15:55:05    --------    d-----w-    C:\Users\Admin\AppData\Local\Google
2013-03-19 15:50:38    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4B07C0C6-A1A6-484C-B589-09B270B6AD89}\mpengine.dll
2013-03-19 15:50:38    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-03-19 15:46:17    --------    d-----w-    C:\Users\Admin\AppData\Local\Adobe
2013-03-19 15:45:05    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Asus WebStorage
2013-03-19 15:45:00    --------    d-----w-    C:\Users\Admin\AppData\Local\SRS Labs
2013-03-19 15:44:54    --------    d-----w-    C:\Users\Admin\AppData\Local\ATI
2013-03-19 15:40:55    61792    ----a-w-    C:\Windows\System32\drivers\fssfltr.sys
2013-03-19 15:39:47    4398360    ----a-w-    C:\Windows\System32\d3dx9_32.dll
2013-03-19 15:39:47    3426072    ----a-w-    C:\Windows\SysWow64\d3dx9_32.dll
2013-03-19 15:39:34    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-03-19 15:38:45    --------    d-----w-    C:\Program Files (x86)\Microsoft
2013-03-19 15:38:23    --------    d-----w-    C:\Program Files (x86)\Windows Live SkyDrive
2013-03-19 15:37:19    4865408    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\a40c73fa1ce24b7\Silverlight.2.0.exe
2013-03-19 15:37:03    74520    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\9acbfaca1ce24b7\DSETUP.dll
2013-03-19 15:37:03    484632    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\9acbfaca1ce24b7\DXSETUP.exe
2013-03-19 15:37:03    1670936    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\9acbfaca1ce24b7\dsetup32.dll
2013-03-19 15:36:10    140779848    ----a-w-    C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc3E39.tmp
2013-03-19 15:36:00    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2013-03-19 15:35:20    --------    d-----w-    C:\Users\Admin\AppData\Local\Power2Go
2013-03-19 15:35:17    --------    d-----w-    C:\Users\Admin\AppData\Local\VirtualStore
2013-03-19 15:34:37    --------    d-----w-    C:\ASUS.DAT
2013-03-19 15:34:10    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
.
==================== Find3M  ====================
.
2013-02-22 01:53:00    42184    ----a-w-    C:\Windows\System32\drivers\taphss6.sys
2013-02-22 01:43:20    46280    ----a-w-    C:\Windows\System32\drivers\hssdrv6.sys
2009-04-08 17:31:56    106496    ----a-w-    C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20    155648    ----a-w-    C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 16:19:44.89 ===============
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 15 April 2013 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 tscoca

tscoca
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 15 April 2013 - 07:02 PM

Hi Nasdaq,

Below are the logs. Combofix stopped due to laptop/screen freeze several times. Finally worked in Safe mode w/o Networking.

 

ComboFix 13-04-15.01 - Admin 04/15/2013  19:44:15.3.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4020.2919 [GMT -4:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-15 to 2013-04-15  )))))))))))))))))))))))))))))))
.
.
2013-04-15 23:49 . 2013-04-15 23:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-15 14:51 . 2013-04-15 14:58    --------    d-----w-    c:\programdata\Digsby
2013-04-15 14:51 . 2013-04-15 14:51    --------    d-----w-    c:\program files (x86)\Digsby
2013-04-13 19:51 . 2013-04-13 19:51    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-13 19:51 . 2013-04-13 19:51    --------    d-----w-    c:\programdata\Malwarebytes
2013-04-13 19:51 . 2013-04-04 18:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-12 23:52 . 2013-04-12 23:52    --------    d-----w-    c:\program files (x86)\VideoLAN
2013-04-12 21:26 . 2013-04-12 21:26    --------    d-----w-    C:\FRST
2013-04-12 21:08 . 2013-04-14 15:35    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2013-04-12 17:25 . 2012-07-27 02:02    173504    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2013-04-12 16:38 . 2013-04-12 16:38    65736    ----a-w-    c:\windows\system32\drivers\pxrts.sys
2013-04-12 16:38 . 2013-04-12 16:38    --------    d-----w-    c:\programdata\PrevxCSI
2013-04-12 02:45 . 2013-04-12 17:16    --------    d-----w-    c:\program files\Core Temp
2013-04-11 16:41 . 2013-04-11 16:41    --------    d-----w-    c:\windows\PCHEALTH
2013-04-11 16:32 . 2013-04-11 16:32    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2013-04-09 21:29 . 2013-04-09 21:29    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-04-09 21:21 . 2013-04-09 21:21    --------    d--h--w-    c:\programdata\Common Files
2013-04-09 21:21 . 2013-04-09 22:34    --------    d-----w-    c:\programdata\MFAData
2013-04-01 15:55 . 2012-08-21 17:01    33240    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-01 15:54 . 2013-04-01 15:54    --------    d-----w-    c:\program files\iPod
2013-04-01 15:54 . 2013-04-01 15:55    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-01 15:54 . 2013-04-01 15:55    --------    d-----w-    c:\program files\iTunes
2013-04-01 15:54 . 2013-04-01 15:55    --------    d-----w-    c:\program files (x86)\iTunes
2013-04-01 15:54 . 2013-04-01 15:54    --------    d-----w-    c:\program files\Common Files\Apple
2013-04-01 15:54 . 2013-04-01 15:54    --------    d-----w-    c:\program files\Bonjour
2013-03-24 18:40 . 2013-03-24 18:40    --------    d-----w-    c:\program files (x86)\Apple Software Update
2013-03-24 16:14 . 2013-03-24 16:14    --------    d-----w-    c:\program files (x86)\GPLGS
2013-03-24 16:14 . 2012-10-04 23:49    87152    ----a-w-    c:\windows\system32\cpwmon64.dll
2013-03-24 16:14 . 2013-03-24 16:14    --------    d-----w-    c:\program files (x86)\Acro Software
2013-03-23 00:56 . 2013-03-23 00:56    --------    d-----w-    c:\programdata\ASUS
2013-03-20 16:47 . 2013-03-20 16:47    --------    d-----w-    c:\windows\Sun
2013-03-20 16:46 . 2013-03-20 16:46    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-03-20 16:46 . 2013-03-20 16:46    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-20 16:46 . 2013-03-20 16:46    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-20 16:46 . 2013-03-20 16:46    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-20 16:46 . 2013-03-20 16:46    --------    d-----w-    c:\program files (x86)\Java
2013-03-20 16:46 . 2013-03-20 16:46    --------    d-----w-    c:\programdata\McAfee
2013-03-20 13:53 . 2013-03-20 13:53    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-03-20 13:41 . 2013-03-20 13:41    --------    d-----w-    c:\program files\Microsoft Silverlight
2013-03-20 13:41 . 2013-03-20 13:41    --------    d-----w-    c:\program files (x86)\Microsoft Silverlight
2013-03-20 02:18 . 2013-03-20 02:18    --------    d-----w-    c:\program files\VideoLAN
2013-03-19 18:32 . 2013-03-19 18:32    --------    d-----w-    c:\windows\system32\log
2013-03-19 17:01 . 2011-04-09 06:58    142336    ----a-w-    c:\windows\system32\poqexec.exe
2013-03-19 17:01 . 2011-04-09 05:56    123904    ----a-w-    c:\windows\SysWow64\poqexec.exe
2013-03-19 16:44 . 2012-06-02 05:25    182272    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-03-19 16:44 . 2012-06-02 05:25    1462784    ----a-w-    c:\windows\system32\crypt32.dll
2013-03-19 16:44 . 2012-06-02 05:25    140288    ----a-w-    c:\windows\system32\cryptnet.dll
2013-03-19 16:44 . 2012-06-02 04:45    139264    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-03-19 16:44 . 2012-06-02 04:45    1157632    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-03-19 16:44 . 2012-06-02 04:45    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-03-19 16:25 . 2013-03-19 16:25    --------    d-----w-    C:\components
2013-03-19 16:14 . 2011-11-19 15:07    77312    ----a-w-    c:\windows\system32\packager.dll
2013-03-19 16:14 . 2011-11-19 14:06    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2013-03-19 15:59 . 2013-04-14 01:00    --------    d-----w-    c:\program files (x86)\Trend Micro
2013-03-19 15:50 . 2013-02-19 08:57    9162192    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B07C0C6-A1A6-484C-B589-09B270B6AD89}\mpengine.dll
2013-03-19 15:50 . 2013-01-17 05:28    273840    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-19 15:40 . 2013-04-01 15:55    --------    dc----w-    c:\windows\system32\DRVSTORE
2013-03-19 15:40 . 2008-12-08 21:35    61792    ----a-w-    c:\windows\system32\drivers\fssfltr.sys
2013-03-19 15:40 . 2013-03-19 15:40    --------    d-----w-    c:\program files\Windows Live
2013-03-19 15:40 . 2013-03-19 15:40    --------    d-----w-    c:\program files (x86)\Microsoft Sync Framework
2013-03-19 15:39 . 2006-11-29 17:06    4398360    ----a-w-    c:\windows\system32\d3dx9_32.dll
2013-03-19 15:39 . 2006-11-29 17:06    3426072    ----a-w-    c:\windows\SysWow64\d3dx9_32.dll
2013-03-19 15:39 . 2013-03-19 15:39    --------    d-----w-    c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-03-19 15:38 . 2013-04-09 22:32    --------    d-----w-    c:\program files (x86)\Microsoft
2013-03-19 15:38 . 2013-03-19 15:38    --------    d-----w-    c:\program files (x86)\Windows Live SkyDrive
2013-03-19 15:38 . 2013-03-20 14:43    --------    d-----w-    c:\program files (x86)\Windows Live
2013-03-19 15:36 . 2013-03-19 15:36    --------    d-----w-    c:\program files (x86)\Common Files\Windows Live
2013-03-19 15:34 . 2013-03-19 15:44    --------    d-----w-    C:\ASUS.DAT
2013-03-19 15:34 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2013-03-19 15:34 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2013-03-19 15:34 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2013-03-19 15:34 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2013-03-19 15:33 . 2013-04-15 15:35    --------    d-----w-    c:\users\Admin
2013-03-19 15:33 . 2012-06-02 22:19    38424    ----a-w-    c:\windows\system32\wups.dll
2013-03-19 15:33 . 2012-06-02 22:19    701976    ----a-w-    c:\windows\system32\wuapi.dll
2013-03-19 15:33 . 2012-06-02 22:15    99840    ----a-w-    c:\windows\system32\wudriver.dll
2013-03-19 15:33 . 2012-06-02 19:19    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2013-03-19 15:33 . 2012-06-02 19:15    36864    ----a-w-    c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-22 01:53 . 2013-02-22 01:53    42184    ----a-w-    c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:43 . 2013-02-22 01:43    46280    ----a-w-    c:\windows\system32\drivers\hssdrv6.sys
2009-04-08 17:31 . 2009-04-08 17:31    106496    ----a-w-    c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45    155648    ----a-w-    c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   IME File    REG_SZ             IMSC12.IME
.
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2013-04-12 65736]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
R3 pbfilter;pbfilter;d:\archive\PeerBlock_r518__x64_Release_(Vista)[1]\pbfilter.sys [2013-03-19 16:12 24176]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-21 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-21 177152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 15:30]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 15:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 20:31    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 20:31    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 20:31    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 20:31    776144    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [BU]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1kzzzp6u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-04-12 17:08; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1kzzzp6u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
.
.
"ImagePath"="\??\d:\archive\PeerBlock_r518__x64_Release_(Vista)
[1]\pbfilter.sys"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\pbfilter]
"ImagePath"="\??\d:\archive\PeerBlock_r518__x64_Release_(Vista)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-15  19:51:45
ComboFix-quarantined-files.txt  2013-04-15 23:51
ComboFix2.txt  2013-04-13 19:29
ComboFix3.txt  2013-04-12 21:36
.
Pre-Run: 39,472,324,608 bytes free
Post-Run: 39,491,796,992 bytes free
.
- - End Of File - - 9B9752A74089FF55F3FE9A35A0559468

 

 Results of screen317's Security Check version 0.99.62  
 Windows 7  x64 (UAC is disabled!)  
 [/b]
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 17  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

 

# AdwCleaner v2.200 - Logfile created 04/15/2013 at 18:52:12
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Admin - _
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Admin\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Admin\AppData\Local\Conduit
Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Admin\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3269511
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN36420516793046416&UM=2&ctid=CT3269511

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1kzzzp6u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2375 octets] - [15/04/2013 18:52:12]

########## EOF - C:\AdwCleaner[R1].txt - [2435 octets] ##########
 

 

Then I ran it again to Delete.

 

# AdwCleaner v2.200 - Logfile created 04/15/2013 at 19:27:44
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium  (64 bits)
# User : Admin - _
# Boot Mode : Normal
# Running from : C:\Users\Admin\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\ProgramData\APN
Deleted on reboot : C:\ProgramData\Partner
Deleted on reboot : C:\Users\Admin\AppData\Local\Conduit
Deleted on reboot : C:\Users\Admin\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Admin\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\Admin\AppData\Roaming\OpenCandy
File Deleted : C:\END

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3269511
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN36420516793046416&UM=2&ctid=CT3269511 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1kzzzp6u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

x[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2500 octets] - [15/04/2013 18:52:12]
AdwCleaner[S1].txt - [2520 octets] - [15/04/2013 19:27:44]

########## EOF - C:\AdwCleaner[S1].txt - [2580 octets] ##########
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 16 April 2013 - 08:22 AM

Your logs are clean. Is the issue persisting?

Take care of this when all is well.

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#5 tscoca

tscoca
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 17 April 2013 - 05:25 PM

Thank you for the reply. For some reason, I've been having this freezing issue more frequently. On startup repair, I would like to note that the diagnosis log reports backs all tests successful except for this one:

 

"System files integrity check and repair". Result: Failed

Error code = 0x490

Time Taken = 873949ms

 

Any thoughts would be greatly appreciated.

 

Thank you.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 18 April 2013 - 07:20 AM

I would recommend to run Startup Repair again, 3 seperate times with re-boots each time.

How to Run a Startup Repair in Windows 7
http://www.sevenforums.com/tutorials/681-startup-repair.html

===

To be sure there is no more system errors run
SFC /SCANNOW Command - System File Checker
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Keep me posted.

#7 tscoca

tscoca
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 19 April 2013 - 12:02 PM

Thanks. Yes ran the startup diagnosis 3 times with same results. The freezing now occurs on boot, several times from the post screen. It freezes on random screens. As mentioned when its booting on the post screen, on starting windows screen and inside windows os. Could this be my hardware over heating and how can I verify that? I notice the laptop fan racing up and slowing down just before it freezes, again on any boot window or windows os screen. Thanks in advance.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 20 April 2013 - 07:02 AM

If you have the Vista Installation disk to continue, it not let me know.

Go to this page: http://answers.microsoft.com/en-us/windows/forum/windows_vista-system/vista-will-not-boot-system-files-integrity-check/6bd18dba-f60d-4ab0-b141-4df4c9de0fd6

Follow the instructions to repair you boot files under this heading
 

If that doesn't work, we may need to reapair your boot files (you need a Vista Installation Disk to do this step - if you don't have one and can't borrow one, then check the last paragraph for another option which may work).


It's under the reply dated replied on April 22, 2010.

Keep me posted. If you need information before proceeding let me know.

#9 tscoca

tscoca
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 21 April 2013 - 11:28 AM

Thanks. I ran the boot fix according to the directions on that site. This issue with freezing is getting worse (by the day).

 

I recall this issue happened like a year ago. I brought it into a Microcenter since it was under warrenty and they blow it out with compressed air. Later, they performed tests and suggested the hard drive was bad and needed to be replaced. I disagreed at the time and asked to bring the laptop home, since I was sure the hard drive was fine. It worked well the whole year without freezing until recently this year, once in a while in past few months, now more frequently, like every damn day.

 

Do you suggest restore windows with Win 7 DVD restore discs?

 

Thanks again.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 21 April 2013 - 12:57 PM

First check the integrity of your Hard Disk.

Do a Check disk.

How to here.
http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/using-windows-7-how-do-i-run-chkdsk/a68b3e4d-1a42-e011-9767-d8d385dcbb12

Keep me posted of the results.

#11 tscoca

tscoca
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 22 April 2013 - 03:02 PM

Here are results from chkdsk.

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xf2f03 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0xb393 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 45971.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xe8a17 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1a513 is already in use.
Deleting corrupt attribute record (128, "")
from file record segment 107795.
  225280 file records processed.                                          File verification completed.
  241 large file records processed.                                      0 bad file records processed.                                        0 EA records processed.                                              43 reparse records processed.                                       CHKDSK is verifying indexes (stage 2 of 5)...
  276478 index entries processed.                                         Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file ASL150~1.LOG (35052) into directory file 12195.
Recovering orphaned file asl.150036_22Apr13.log (35052) into directory file 12195.
Recovering orphaned file ~WRS{0~1.TMP (35057) into directory file 195501.
Recovering orphaned file ~WRS{05C51154-9AEE-48B3-A761-F1E984A09ADA}.tmp (35057) into directory file 195501.
  5 unindexed files scanned.                                         CHKDSK is recovering remaining unindexed files.
  3 unindexed files recovered.                                       CHKDSK is verifying security descriptors (stage 3 of 5)...
  225280 file SDs/SIDs processed.                                         Cleaning up 281 unused index entries from index $SII of file 0x9.
Cleaning up 281 unused index entries from index $SDH of file 0x9.
Cleaning up 281 unused security descriptors.
Security descriptor verification completed.
Inserting data attribute into file 45971.
Inserting data attribute into file 107795.
  25602 data files processed.                                            CHKDSK is verifying Usn Journal...
  9021320 USN bytes processed.                                             Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  225264 files processed.                                                 File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  9574091 free clusters processed.                                         Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

  78142463 KB total disk space.
  39430272 KB in 93079 files.
    112112 KB in 25602 indexes.
         0 KB in bad sectors.
    303715 KB in use by the system.
     65536 KB occupied by the log file.
  38296364 KB available on disk.

      4096 bytes in each allocation unit.
  19535615 total allocation units on disk.
   9574091 allocation units available on disk.

Internal Info:
00 70 03 00 a6 cf 01 00 9b 65 03 00 00 00 00 00  .p.......e......
fc 54 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  .T..+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 23 April 2013 - 07:16 AM

Has the performance of the computer improved?

#13 tscoca

tscoca
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 23 April 2013 - 10:32 AM

Thanks. On restart after chkdsk laptop was loading more smoothly. I'll keep you posted on any freezing issues.



#14 tscoca

tscoca
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 24 April 2013 - 08:53 AM

Hey, I recently had the freezing occur. I was about to login to bleeping computer forum and say that its been one day of no freezing, then I opened up this page and a script box poped up: (On last attempt I accepted the script and the laptop crashed. On 2nd attempt (now), I stopped the script and no issue. Odd stuff.)

 

Script: http://cdn.ip.inpwrd.com/atvcmsm7siqb/atvcmw59c1n1/41/featured_stories_3_up.html?site=ns.bleepingcomputer#http%3A%2F%2Fwww.bleepingcomputer.com%2Fforums%2Ft%2F491626%2Fasus-laptop-n61jq-freezing-multiple-times%2F:474

 

 

Any thoughts?


Edited by tscoca, 24 April 2013 - 08:53 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:22 AM

Posted 24 April 2013 - 12:01 PM

I cannot see the page in the link your posted.

It could very well be that you have some hardware issue, hard disk etc...

Make sure you have a good backup of your important files.

p.s.
What script are you talking about?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users