Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 bsod, just ran farbar


  • This topic is locked This topic is locked
41 replies to this topic

#1 seanbriselden

seanbriselden

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 14 August 2014 - 09:12 PM

So, this is the wife's pc and she swears she didn't download anything around the time it crashed.   :)  I can only take her world on this.  ha!
 
So, it was a random lockup so she forced a hard reboot and now its stuck in bsod on boot which sends her to recovery options.  But, recovery fails and nothing will get it moving.  
 
i have thus far, rebuilt the MBR, run Windows Defender Offline (found nothing), and now Farbar (frst64.exe).  Attached is the log if anyone can take a peak and let me know if you see anything.  I looked (novice) and didn't see anything.  So i would love for someone to remind me how out of touch with this side of tech I really am.   :)
 
Thanks for anything help,
Sean
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by SYSTEM on MININT-IKTJ4OK on 14-08-2014 21:58:04
Running from f:\
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [443728 2010-12-20] (Malwarebytes Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-23] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKU\kim\...\Run: [Google Update] => C:\Users\kim\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-02] (Google Inc.)
HKU\kim\...\Run: [EPSON Stylus CX4200 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAEA.EXE [211968 2007-01-19] (SEIKO EPSON CORPORATION)
HKU\kim\...\Run: [Spotify Web Helper] => C:\Users\kim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-08-13] (Spotify Ltd)
HKU\kim\...\Run: [Spotify] => C:\Users\kim\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-08-13] (Spotify Ltd)
HKU\kim\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\kim\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKU\kim\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\kim\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Startup: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-06] (AVAST Software)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [363344 2010-12-20] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 Update BrowseSmart; "C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-06] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
S0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-06] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24152 2010-12-20] (Malwarebytes Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-05-30] (Wondershare)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 21:57 - 2014-08-14 21:58 - 00000000 ____D () C:\FRST
2014-08-14 21:51 - 2014-08-14 21:51 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-08-14 14:22 - 2014-08-14 15:16 - 363151977 _____ () C:\Windows\MEMORY.DMP
2014-08-14 08:25 - 2014-08-14 08:25 - 00003368 ____N () C:\bootsqm.dat
2014-08-13 07:15 - 2014-08-13 13:31 - 00011352 _____ () C:\Users\kim\Documents\Luau Schedule of Events.xlsx
2014-08-13 03:48 - 2014-08-13 03:48 - 00000000 ____D () C:\Users\kim\AppData\Roaming\DropboxMaster
2014-08-13 03:47 - 2014-08-13 03:48 - 00000000 ____D () C:\Users\kim\AppData\Roaming\Dropbox
2014-08-12 23:00 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-12 23:00 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 23:00 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 23:00 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-12 23:00 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-12 23:00 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-12 23:00 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 23:00 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 12:21 - 2014-07-31 15:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-12 12:21 - 2014-07-31 15:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 12:21 - 2014-07-25 06:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-12 12:21 - 2014-07-25 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-12 12:21 - 2014-07-25 06:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-12 12:21 - 2014-07-25 05:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 12:21 - 2014-07-25 05:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-12 12:21 - 2014-07-25 05:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-12 12:21 - 2014-07-25 05:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-12 12:21 - 2014-07-25 05:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-12 12:21 - 2014-07-25 05:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-12 12:21 - 2014-07-25 05:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-12 12:21 - 2014-07-25 05:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-12 12:21 - 2014-07-25 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 12:21 - 2014-07-25 05:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-12 12:21 - 2014-07-25 05:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-12 12:21 - 2014-07-25 05:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-12 12:21 - 2014-07-25 04:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-12 12:21 - 2014-07-25 04:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-12 12:21 - 2014-07-25 04:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-12 12:21 - 2014-07-25 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 12:21 - 2014-07-25 04:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 12:21 - 2014-07-25 04:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 12:21 - 2014-07-25 04:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 12:21 - 2014-07-25 04:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-12 12:21 - 2014-07-25 04:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-12 12:21 - 2014-07-25 04:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 12:21 - 2014-07-25 04:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-12 12:21 - 2014-07-25 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 12:21 - 2014-07-25 04:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-12 12:21 - 2014-07-25 04:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 12:21 - 2014-07-25 04:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 12:21 - 2014-07-25 04:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-12 12:21 - 2014-07-25 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 12:21 - 2014-07-25 04:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 12:21 - 2014-07-25 04:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 12:21 - 2014-07-25 03:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 12:21 - 2014-07-25 03:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-12 12:21 - 2014-07-25 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 12:21 - 2014-07-25 03:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-12 12:21 - 2014-07-25 03:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-12 12:21 - 2014-07-25 03:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-12 12:21 - 2014-07-25 03:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 12:21 - 2014-07-25 03:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 12:21 - 2014-07-25 03:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 12:21 - 2014-07-25 03:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-12 12:21 - 2014-07-25 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 12:21 - 2014-07-25 03:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 12:21 - 2014-07-25 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 12:21 - 2014-07-25 03:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 12:21 - 2014-07-25 02:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-12 12:21 - 2014-07-25 02:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-12 12:21 - 2014-07-25 02:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-12 12:21 - 2014-07-25 02:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 12:21 - 2014-07-25 02:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 12:21 - 2014-07-25 02:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 12:21 - 2014-07-15 19:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-08-12 12:21 - 2014-07-15 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-08-12 12:21 - 2014-07-15 18:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-12 12:21 - 2014-07-15 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 12:21 - 2014-07-15 18:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-08-12 12:21 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDYAK.DLL
2014-08-12 12:21 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDTAT.DLL
2014-08-12 12:21 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU1.DLL
2014-08-12 12:21 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDBASH.DLL
2014-08-12 12:21 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\KBDRU.DLL
2014-08-12 12:21 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 12:21 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 12:21 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 12:21 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 12:21 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 12:21 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\System32\locale.nls
2014-08-12 12:21 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 12:21 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-12 12:21 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 12:21 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-12 12:21 - 2014-06-03 02:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-08-12 12:21 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-08-12 12:21 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-08-12 12:21 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-08-12 12:21 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 12:21 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 12:21 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 12:20 - 2014-08-06 18:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-12 12:20 - 2014-08-06 18:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-12 12:20 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-08-12 12:20 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-06 04:57 - 2014-08-06 04:57 - 00448400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdisFlt.sys
2014-08-06 04:57 - 2014-08-06 04:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 04:57 - 2014-08-06 04:57 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-07-29 05:46 - 2014-07-29 05:46 - 00093804 _____ () C:\Users\kim\Downloads\Wallpapers Ying Yang Blue And Grey free download from Sexyli.com
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 21:58 - 2014-08-14 21:57 - 00000000 ____D () C:\FRST
2014-08-14 21:51 - 2014-08-14 21:51 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-08-14 18:20 - 2013-12-17 08:47 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-14 18:20 - 2012-09-25 08:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-14 18:20 - 2009-07-13 23:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-14 18:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-08-14 15:16 - 2014-08-14 14:22 - 363151977 _____ () C:\Windows\MEMORY.DMP
2014-08-14 08:25 - 2014-08-14 08:25 - 00003368 ____N () C:\bootsqm.dat
2014-08-14 08:20 - 2011-12-13 06:00 - 00000099 _____ () C:\Users\Public\LMDebug.log
2014-08-14 07:21 - 2012-01-17 07:05 - 00000000 ____D () C:\Users\kim\Documents\Outlook Files
2014-08-13 19:34 - 2011-10-02 04:54 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097743611-1758366611-4114777597-1000UA.job
2014-08-13 19:20 - 2013-02-11 12:18 - 00000000 ____D () C:\Users\kim\AppData\Roaming\Spotify
2014-08-13 17:29 - 2011-09-27 09:44 - 01787357 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 13:31 - 2014-08-13 07:15 - 00011352 _____ () C:\Users\kim\Documents\Luau Schedule of Events.xlsx
2014-08-13 10:34 - 2011-10-02 04:54 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4097743611-1758366611-4114777597-1000Core.job
2014-08-13 08:02 - 2012-12-14 09:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-13 03:48 - 2014-08-13 03:48 - 00000000 ____D () C:\Users\kim\AppData\Roaming\DropboxMaster
2014-08-13 03:48 - 2014-08-13 03:47 - 00000000 ____D () C:\Users\kim\AppData\Roaming\Dropbox
2014-08-12 23:59 - 2014-05-14 23:43 - 00000000 ____D () C:\Windows\rescache
2014-08-12 23:38 - 2009-07-13 20:45 - 00025216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 23:38 - 2009-07-13 20:45 - 00025216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 23:26 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-12 23:22 - 2013-12-23 12:27 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-12 23:22 - 2013-03-12 23:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-12 23:22 - 2013-03-12 23:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-12 23:22 - 2012-01-18 00:18 - 00834232 _____ () C:\Windows\PFRO.log
2014-08-12 23:22 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-12 23:22 - 2009-07-13 20:51 - 00050302 _____ () C:\Windows\setupact.log
2014-08-12 23:22 - 2009-07-13 20:45 - 03452352 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-12 23:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 23:06 - 2012-01-16 12:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-12 23:04 - 2013-08-14 23:00 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-12 23:02 - 2012-09-25 05:17 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-08-12 23:00 - 2014-05-06 23:00 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-06 18:06 - 2014-08-12 12:20 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-06 18:01 - 2014-08-12 12:20 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-06 04:57 - 2014-08-06 04:57 - 00448400 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdisFlt.sys
2014-08-06 04:57 - 2014-08-06 04:57 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-06 04:57 - 2014-08-06 04:57 - 00029208 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-06 04:57 - 2013-12-23 12:23 - 00092008 _____ (AVAST Software) C:\Windows\System32\Drivers\aswstm.sys
2014-08-06 04:57 - 2013-12-23 12:23 - 00001952 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-08-06 04:57 - 2013-03-27 18:14 - 00224896 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-06 04:57 - 2013-03-27 18:14 - 00065776 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-06 04:57 - 2012-12-14 09:17 - 01041168 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-06 04:57 - 2012-12-14 09:17 - 00427360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-06 04:57 - 2012-12-14 09:17 - 00307344 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-06 04:57 - 2012-12-14 09:17 - 00093568 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-08-06 04:57 - 2012-12-14 09:17 - 00079184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-06 04:57 - 2012-12-14 09:17 - 00028184 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2014-07-31 15:41 - 2014-08-12 12:21 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-31 15:16 - 2014-08-12 12:21 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-29 11:13 - 2013-02-11 12:19 - 00000000 ____D () C:\Users\kim\AppData\Local\Spotify
2014-07-29 06:27 - 2013-06-25 08:53 - 00129788 _____ () C:\Users\kim\Documents\Luau_Flyer_2013.pptx
2014-07-29 05:46 - 2014-07-29 05:46 - 00093804 _____ () C:\Users\kim\Downloads\Wallpapers Ying Yang Blue And Grey free download from Sexyli.com
2014-07-26 05:32 - 2014-05-30 12:49 - 00013099 _____ () C:\Users\kim\Desktop\sales sheet.xlsx
2014-07-25 06:52 - 2014-08-12 12:21 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-25 06:02 - 2014-08-12 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-25 06:01 - 2014-08-12 12:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 05:51 - 2014-08-12 12:21 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 05:30 - 2014-08-12 12:21 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-25 05:28 - 2014-08-12 12:21 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-25 05:28 - 2014-08-12 12:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-25 05:25 - 2014-08-12 12:21 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-25 05:25 - 2014-08-12 12:21 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-25 05:11 - 2014-08-12 12:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-25 05:10 - 2014-08-12 12:21 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-25 05:04 - 2014-08-12 12:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 05:03 - 2014-08-12 12:21 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-25 05:00 - 2014-08-12 12:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-25 05:00 - 2014-08-12 12:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-25 04:59 - 2014-08-12 12:21 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-25 04:47 - 2014-08-12 12:21 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 04:40 - 2014-08-12 12:21 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-25 04:34 - 2014-08-12 12:21 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 04:34 - 2014-08-12 12:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 04:33 - 2014-08-12 12:21 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 04:30 - 2014-08-12 12:21 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 04:28 - 2014-08-12 12:21 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-25 04:28 - 2014-08-12 12:21 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 04:21 - 2014-08-12 12:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 04:19 - 2014-08-12 12:21 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-25 04:18 - 2014-08-12 12:21 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 04:17 - 2014-08-12 12:21 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-25 04:17 - 2014-08-12 12:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 04:12 - 2014-08-12 12:21 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 04:10 - 2014-08-12 12:21 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-25 04:10 - 2014-08-12 12:21 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 04:08 - 2014-08-12 12:21 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 04:06 - 2014-08-12 12:21 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 03:52 - 2014-08-12 12:21 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 03:47 - 2014-08-12 12:21 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-25 03:43 - 2014-08-12 12:21 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 03:42 - 2014-08-12 12:21 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-25 03:39 - 2014-08-12 12:21 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-25 03:39 - 2014-08-12 12:21 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-25 03:36 - 2014-08-12 12:21 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 03:34 - 2014-08-12 12:21 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 03:29 - 2014-08-12 12:21 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 03:23 - 2014-08-12 12:21 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-25 03:13 - 2014-08-12 12:21 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 03:07 - 2014-08-12 12:21 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 03:07 - 2014-08-12 12:21 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 03:03 - 2014-08-12 12:21 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 02:52 - 2014-08-12 12:21 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-25 02:26 - 2014-08-12 12:21 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-25 02:17 - 2014-08-12 12:21 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-25 02:09 - 2014-08-12 12:21 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 02:05 - 2014-08-12 12:21 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 02:00 - 2014-08-12 12:21 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-22 05:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-07-22 05:27 - 2012-03-14 17:03 - 00000000 ____D () C:\Users\kim\AppData\Roaming\Skype
2014-07-15 19:25 - 2014-08-12 12:21 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-07-15 19:23 - 2014-08-12 12:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-07-15 18:46 - 2014-08-12 12:21 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-15 18:46 - 2014-08-12 12:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-07-15 18:12 - 2014-08-12 12:21 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
 
Some content of TEMP:
====================
C:\Users\kim\AppData\Local\Temp\38505uninstall.exe
C:\Users\kim\AppData\Local\Temp\air31D4.exe
C:\Users\kim\AppData\Local\Temp\air661.exe
C:\Users\kim\AppData\Local\Temp\airD6C5.exe
C:\Users\kim\AppData\Local\Temp\airD7F0.exe
C:\Users\kim\AppData\Local\Temp\airE6BF.exe
C:\Users\kim\AppData\Local\Temp\contentDATs.exe
C:\Users\kim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzq_5gr.dll
C:\Users\kim\AppData\Local\Temp\i4jdel0.exe
C:\Users\kim\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kim\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kim\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\kim\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\kim\AppData\Local\Temp\MSETUP4.EXE
C:\Users\kim\AppData\Local\Temp\mssinstaller.exe
C:\Users\kim\AppData\Local\Temp\readSTILog.dll
C:\Users\kim\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\kim\AppData\Local\Temp\setup.exe
C:\Users\kim\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kim\AppData\Local\Temp\Sqlite3.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 9%
Total physical RAM: 8174.29 MB
Available physical RAM: 7358.89 MB
Total Pagefile: 8172.43 MB
Available Pagefile: 7373.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:89.33 GB) (Free:11.76 GB) NTFS
Drive e: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:1.9 GB) (Free:0.14 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 89 GB) (Disk ID: A8FC7166)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=89 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: C5AD5DD2)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0B)
 
 
LastRegBack: 2014-08-06 20:18
 
==================== End Of Log ============================

Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 seanbriselden

seanbriselden
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 14 August 2014 - 09:54 PM

Well, got the camera out and shot video of the bsod.  Turns out to be PAGE_FAULT_IN_NONPAGED_AREA.

 

Went ahead and rechecked all the basics:

Reboot with last known good config

Removed sticks of memory and tried one at a time

 

What about telling windows to not use the page file?  Is that possible via command line?



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:41 AM

Posted 19 August 2014 - 06:49 PM

Greetings Sean and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Would you still like some assistance or are you all set?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 seanbriselden

seanbriselden
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 20 August 2014 - 04:06 PM

I'll take some assistance.  

 

On a side note, I am battling issues with my (this) pc as well.  I have had issues ever since (i believed) the last windows security patches, but with my wife's pc having issues as well I wonder if there is a common problem (malware/virus).  So, we can trouble shoot either one, but her's won't boot at all.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:41 AM

Posted 20 August 2014 - 05:23 PM

Greetings,

We can only deal with one computer per Topic, otherwise it gets confusing. Would you like to continue with your wife's unbootable computer?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 seanbriselden

seanbriselden
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 20 August 2014 - 05:31 PM

yes, works for me.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:41 AM

Posted 20 August 2014 - 05:42 PM

Very good.

**Changed Post**

Looking at the picture you took of the Blue Screen, can you provide the information highlighted in the bottom section of the below example? If you want you can simply attach the photo.
 

bsod_c.jpg


Edited by Oh My!, 20 August 2014 - 06:28 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 seanbriselden

seanbriselden
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 20 August 2014 - 06:59 PM

Here yah go

 

 

Attached Files



#9 seanbriselden

seanbriselden
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 20 August 2014 - 07:02 PM

oh, and I ran Memtest the other day, 8 passes over 60 hours and it came back clean, no issues.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:41 AM

Posted 20 August 2014 - 07:58 PM

Hi Sean,

I ran Memtest the other day, 8 passes over 60 hours and it came back clean, no issues.

:thumbsup2:

Please do this.

===================================================

Running chkdsk /r from Recovery Environment in Windows 7

--------------------
  • Boot your computer into the Recovery Environment (tap F8)
  • Select Command Prompt
  • Type c: and Enter
  • Type chkdsk /r and Enter
  • If you receive a message about unmounting the volume check Yes
  • If the program doesn't start automatically repeat the chkdsk /r command
  • Once the process is finished please write down any information provided on the screen
  • Attempt to reboot your computer into Normal Mode.
  • If you receive a Blue Screen of Death (BSOD) please provide that information in your post.
Note: This process may take awhile to complete. You may also notice the progress bar jumping back and forth. This is normal. Please be patient.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 seanbriselden

seanbriselden
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 20 August 2014 - 08:10 PM

came back clean, no issues found and no repairs made



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:41 AM

Posted 20 August 2014 - 08:14 PM

OK, next step please.

===================================================

Running sfc /scannow in Windows 7/Vista Recovery Environment

-----------------
  • Restart the computer
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • Once you are in the System Recovery Options menu you will get the following options

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter (if you receive an error message replace C:\ with D:\)

SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=C:\WINDOWS

  • Attempt to boot your computer into Normal Mode or, if unsuccessful, Safe Mode and monitor the performance
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 seanbriselden

seanbriselden
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 20 August 2014 - 10:17 PM

No Integrity Violations found.  Had to run it using:

SFC /SCANNOW /OFFBOOTDIR=D:\ /OFFWINDIR=D:\WINDOWS\



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:41 AM

Posted 20 August 2014 - 10:22 PM

Thanks Sean, now this.

This will be my last post for this evening but I will be back at it bright and early in the morning. Thanks for all your work.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 Update BrowseSmart; "C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe" [X]
C:\Users\kim\AppData\Local\Temp\38505uninstall.exe
C:\Users\kim\AppData\Local\Temp\air31D4.exe
C:\Users\kim\AppData\Local\Temp\air661.exe
C:\Users\kim\AppData\Local\Temp\airD6C5.exe
C:\Users\kim\AppData\Local\Temp\airD7F0.exe
C:\Users\kim\AppData\Local\Temp\airE6BF.exe
C:\Users\kim\AppData\Local\Temp\contentDATs.exe
C:\Users\kim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzq_5gr.dll
C:\Users\kim\AppData\Local\Temp\i4jdel0.exe
C:\Users\kim\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kim\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kim\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\kim\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\kim\AppData\Local\Temp\MSETUP4.EXE
C:\Users\kim\AppData\Local\Temp\mssinstaller.exe
C:\Users\kim\AppData\Local\Temp\readSTILog.dll
C:\Users\kim\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\kim\AppData\Local\Temp\setup.exe
C:\Users\kim\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kim\AppData\Local\Temp\Sqlite3.dll
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 seanbriselden

seanbriselden
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 20 August 2014 - 10:45 PM

Well, I have to admit I was excited, but then boom, same bsod.  :(

 

I will go ahead and thank you for what you have done so far.  I have been a mod before helping folks with other stuff and its a thankless job, so kudos to you my friend.

 

Sean

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2014 01
Ran by SYSTEM at 2014-08-20 23:39:53 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S2 Update BrowseSmart; "C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe" [X]
C:\Users\kim\AppData\Local\Temp\38505uninstall.exe
C:\Users\kim\AppData\Local\Temp\air31D4.exe
C:\Users\kim\AppData\Local\Temp\air661.exe
C:\Users\kim\AppData\Local\Temp\airD6C5.exe
C:\Users\kim\AppData\Local\Temp\airD7F0.exe
C:\Users\kim\AppData\Local\Temp\airE6BF.exe
C:\Users\kim\AppData\Local\Temp\contentDATs.exe
C:\Users\kim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzq_5gr.dll
C:\Users\kim\AppData\Local\Temp\i4jdel0.exe
C:\Users\kim\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\kim\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\kim\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\kim\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\kim\AppData\Local\Temp\MSETUP4.EXE
C:\Users\kim\AppData\Local\Temp\mssinstaller.exe
C:\Users\kim\AppData\Local\Temp\readSTILog.dll
C:\Users\kim\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\kim\AppData\Local\Temp\setup.exe
C:\Users\kim\AppData\Local\Temp\SkypeSetup.exe
C:\Users\kim\AppData\Local\Temp\Sqlite3.dll
*****************
 
ACDaemon => Service deleted successfully.
Update BrowseSmart => Service deleted successfully.
C:\Users\kim\AppData\Local\Temp\38505uninstall.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\air31D4.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\air661.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\airD6C5.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\airD7F0.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\airE6BF.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzq_5gr.dll => Moved successfully.
C:\Users\kim\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\Lifecam3.0.204.0.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
C:\Users\kim\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\readSTILog.dll => Moved successfully.
C:\Users\kim\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\kim\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
 
==== End of Fixlog ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users