Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What does this mean - computer keeps crashing when HDD plugged in


  • This topic is locked This topic is locked
6 replies to this topic

#1 keeng

keeng

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 August 2017 - 07:34 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.18763
Run by Gavin at 16:23:25 on 2017-08-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4048.1301 [GMT 4:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
uRun: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [BitTorrent] "C:\Users\Gavin\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.100
TCP: Interfaces\{52FA2053-9FE3-465F-BA2A-7C7888B1AFA9} : DHCPNameServer = 91.74.74.74 94.200.200.200 192.162.27.100
TCP: Interfaces\{EC37F38C-1D91-418E-A5D0-C9AAC3FF9DCF} : DHCPNameServer = 192.168.1.100
TCP: Interfaces\{EC37F38C-1D91-418E-A5D0-C9AAC3FF9DCF}\0516E637B616 : DHCPNameServer = 91.74.74.74 94.200.200.200 192.162.27.100
TCP: Interfaces\{EC37F38C-1D91-418E-A5D0-C9AAC3FF9DCF}\24C61636B6245627279702D4F62696C6560284F6473707F6470263837353 : DHCPNameServer = 192.168.176.251 192.168.176.252 192.168.176.253 192.168.176.254
TCP: Interfaces\{EC37F38C-1D91-418E-A5D0-C9AAC3FF9DCF}\348454057457563747 : DHCPNameServer = 10.192.2.21 10.255.48.23 10.255.48.7
TCP: Interfaces\{EC37F38C-1D91-418E-A5D0-C9AAC3FF9DCF}\C4965637C62E08993702960586F6E656 : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
============= SERVICES / DRIVERS ===============
.
R0 RapportHades64;RapportHades64;C:\Windows\System32\drivers\RapportHades64.sys [2016-4-13 252320]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2016-4-13 506368]
R1 aswbidsdriver;aswbidsdriver;C:\Windows\System32\drivers\aswbidsdrivera.sys [2017-3-14 320008]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2016-5-2 41800]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-12-21 1015880]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-12-21 585608]
R1 RapportAegle64;RapportAegle64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [2017-7-24 382720]
R1 RapportCerberus_1804068;RapportCerberus_1804068;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804068.sys [2017-8-12 1269696]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2017-7-24 583840]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2017-7-24 609024]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [2009-3-2 89600]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-12-21 146704]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-12-21 198768]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-7-18 263312]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2017-7-24 2346992]
R3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2017-7-18 7430992]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2015-11-11 290008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2011-4-12 9728]
S3 aswHwid;aswHwid;C:\Windows\System32\drivers\aswHwid.sys [2015-12-21 46984]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-1-24 283136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-8-11 116224]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2017-7-22 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2017-7-22 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2017-7-22 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-11-12 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2015-4-30 23200]
.
=============== File Associations ===============
.
ShellExec: SZBrowser.exe: open="C:\Program Files\AVAST Software\SZBrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-08-21 11:46:29 -------- d-----w- C:\ProgramData\SWCUTemp
2017-08-18 15:22:35 -------- d-----w- C:\Users\Gavin\AppData\Roaming\BitTorrent
2017-08-12 16:50:19 -------- d-----w- C:\Users\Gavin\AppData\Local\Opera Software
2017-08-12 16:49:38 -------- d-----w- C:\Users\Gavin\AppData\Roaming\Opera Software
2017-08-02 16:57:21 -------- d-----w- C:\Users\Gavin\AppData\Roaming\AVAST Software
2017-08-01 06:36:56 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2017-08-01 06:36:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-01 06:03:56 -------- d-----w- C:\Program Files\Malwarebytes
2017-08-01 05:19:12 -------- d-----w- C:\Users\Gavin\AppData\Roaming\SUPERAntiSpyware.com
2017-08-01 05:18:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2017-08-01 05:18:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2017-07-30 16:22:10 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-28 17:47:20 -------- d-----w- C:\ProgramData\Malwarebytes
2017-07-23 05:23:45 7077376 ----a-w- C:\Windows\System32\mstscax.dll
2017-07-23 05:23:45 6131200 ----a-w- C:\Windows\SysWow64\mstscax.dll
2017-07-23 05:23:45 429568 ----a-w- C:\Windows\System32\wksprt.exe
2017-07-23 05:23:45 1057792 ----a-w- C:\Windows\System32\rdvidcrl.dll
2017-07-23 05:23:44 856064 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2017-07-23 05:23:44 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2017-07-23 05:23:44 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2017-07-23 04:01:37 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2017-07-22 15:01:40 3181568 ----a-w- C:\Windows\System32\rdpcorets.dll
2017-07-22 15:01:40 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2017-07-22 15:01:39 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2017-07-22 14:22:14 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2017-07-22 14:22:11 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2017-07-22 14:22:06 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2017-07-22 14:22:06 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2017-07-22 14:22:06 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2017-07-22 14:22:05 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2017-07-22 14:22:05 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2017-07-22 14:22:05 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2017-07-22 14:22:05 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2017-07-22 14:22:05 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2017-07-22 14:22:05 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2017-07-22 14:13:31 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2017-07-22 14:13:31 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2017-07-22 14:13:28 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2017-07-22 14:13:28 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2017-07-22 14:08:15 644608 ------w- C:\Windows\System32\stapi64.dll
2017-07-22 14:08:01 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2017-07-22 14:08:01 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2017-07-22 14:08:01 162816 ----a-w- C:\Windows\System32\AESTAC64.dll
2017-07-22 14:07:59 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2017-07-22 14:07:59 3348480 ----a-w- C:\Windows\System32\stlang64.dll
2017-07-22 14:07:59 12772352 ----a-w- C:\Windows\System32\idtcpl64.cpl
2017-07-22 14:07:55 -------- d-----w- C:\Windows\System32\SRSLabs
2017-07-22 14:06:01 22528 ----a-w- C:\Windows\System32\icaapi.dll
2017-07-22 14:06:00 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2017-07-22 14:02:10 7168 ----a-w- C:\Windows\System32\kbdgeoqw.dll
2017-07-22 14:02:10 7168 ----a-w- C:\Windows\System32\KBDAZEL.DLL
2017-07-22 14:02:10 6656 ----a-w- C:\Windows\SysWow64\kbdgeoqw.dll
2017-07-22 14:02:10 6656 ----a-w- C:\Windows\SysWow64\KBDAZEL.DLL
.
==================== Find3M  ====================
.
2017-08-11 10:54:18 146704 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2017-08-11 10:54:18 1015880 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2017-07-29 14:56:30 117248 ----a-w- C:\Windows\System32\drivers\tdx.sys
2017-07-24 17:00:28 506368 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2017-07-24 17:00:28 252320 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys
2017-07-21 14:26:31 282624 ----a-w- C:\Windows\SysWow64\mstext40.dll
2017-07-21 14:26:30 518144 ----a-w- C:\Windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26:30 409600 ----a-w- C:\Windows\SysWow64\msexch40.dll
2017-07-21 14:26:30 290816 ----a-w- C:\Windows\SysWow64\msjtes40.dll
2017-07-18 17:13:31 57728 ----a-w- C:\Windows\System32\drivers\aswbuniva.sys
2017-07-18 17:13:30 343288 ----a-w- C:\Windows\System32\drivers\aswbloga.sys
2017-07-18 17:13:30 320008 ----a-w- C:\Windows\System32\drivers\aswbidsdrivera.sys
2017-07-18 17:13:30 198976 ----a-w- C:\Windows\System32\drivers\aswbidsha.sys
2017-07-14 15:29:15 486400 ----a-w- C:\Windows\System32\wer.dll
2017-07-14 15:29:15 34304 ----a-w- C:\Windows\System32\werdiagcontroller.dll
2017-07-14 15:29:14 2319872 ----a-w- C:\Windows\System32\tquery.dll
2017-07-14 15:29:10 2058240 ----a-w- C:\Windows\System32\Query.dll
2017-07-14 15:29:04 99840 ----a-w- C:\Windows\System32\mssprxy.dll
2017-07-14 15:29:04 778240 ----a-w- C:\Windows\System32\mssvp.dll
2017-07-14 15:29:04 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2017-07-14 15:29:04 491520 ----a-w- C:\Windows\System32\mssph.dll
2017-07-14 15:29:04 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2017-07-14 15:29:04 2222080 ----a-w- C:\Windows\System32\mssrch.dll
2017-07-14 15:29:04 14336 ----a-w- C:\Windows\System32\msshooks.dll
2017-07-14 15:29:04 115200 ----a-w- C:\Windows\System32\mssitlb.dll
2017-07-14 15:12:22 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2017-07-14 15:12:14 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2017-07-14 15:11:51 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2017-07-14 15:10:33 382976 ----a-w- C:\Windows\SysWow64\wer.dll
2017-07-14 15:10:32 1549824 ----a-w- C:\Windows\SysWow64\tquery.dll
2017-07-14 15:10:27 1363968 ----a-w- C:\Windows\SysWow64\Query.dll
2017-07-14 15:10:23 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2017-07-14 15:10:23 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2017-07-14 15:10:23 34816 ----a-w- C:\Windows\SysWow64\mssprxy.dll
2017-07-14 15:10:23 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2017-07-14 15:10:23 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2017-07-14 15:10:23 1400320 ----a-w- C:\Windows\SysWow64\mssrch.dll
2017-07-14 15:10:23 104448 ----a-w- C:\Windows\SysWow64\mssitlb.dll
2017-07-14 15:00:23 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00:11 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59:33 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59:18 9728 ----a-w- C:\Windows\SysWow64\msshooks.dll
2017-07-14 14:57:38 50688 ----a-w- C:\Windows\System32\wermgr.exe
2017-07-14 14:50:25 54272 ----a-w- C:\Windows\SysWow64\wermgr.exe
2017-07-14 14:50:23 28672 ----a-w- C:\Windows\SysWow64\werdiagcontroller.dll
2017-07-14 07:16:17 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-07-14 07:15:32 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-07-14 06:47:07 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-07-14 06:45:24 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-07-14 06:45:12 417792 ----a-w- C:\Windows\System32\html.iec
2017-07-14 06:44:09 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-07-14 06:44:07 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-07-14 06:20:08 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-07-14 06:20:08 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-07-14 06:19:36 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-07-14 06:08:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-07-14 05:49:39 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-07-14 05:48:16 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-07-14 05:35:38 5981184 ----a-w- C:\Windows\System32\jscript9.dll
2017-07-14 05:09:44 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-07-14 05:09:18 2132992 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-07-14 04:23:17 3240960 ----a-w- C:\Windows\System32\wininet.dll
2017-07-14 03:01:05 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-07-14 02:48:47 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-07-14 02:48:43 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-07-14 02:48:10 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-07-14 02:48:01 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-07-14 02:47:13 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-07-14 02:38:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-07-14 02:38:25 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-07-14 02:26:20 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-07-14 02:25:47 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-07-14 02:17:41 4546048 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-07-14 02:11:47 2057216 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-07-14 02:11:34 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-07-14 01:53:27 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-07-08 15:34:46 370920 ----a-w- C:\Windows\System32\clfs.sys
2017-07-08 15:00:10 3224064 ----a-w- C:\Windows\System32\win32k.sys
2017-07-07 15:37:50 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-07-07 15:33:37 706792 ----a-w- C:\Windows\System32\winload.efi
2017-07-07 15:33:36 363752 ----a-w- C:\Windows\System32\drivers\volmgrx.sys
2017-07-07 15:33:33 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-07-07 15:33:30 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-07-07 15:33:30 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-07-07 15:31:14 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-07-07 15:15:23 4001000 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-07-07 15:15:23 3945192 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-07-07 15:13:31 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-07-07 15:10:59 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2017-07-07 15:02:00 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-07-07 15:01:54 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-07-07 15:01:54 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-07-07 15:01:12 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-07-07 14:58:14 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-07-07 14:57:23 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-07-07 14:54:44 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-07-07 14:54:10 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-07-07 14:54:08 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-07-07 14:53:26 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-07-07 14:53:23 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 16:24:58.57 ===============

Edited by hamluis, 21 August 2017 - 08:00 AM.
Moved from Win7 to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 PM

Posted 25 August 2017 - 09:24 AM

Greetings keeng and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I am not sure this is malware related but we can take a look.

What type of HDD are you connecting?
If it is already connected when you boot your computer does your system crash?
Hold down the Shift Key while attaching your drive and tell me if it crashes.
Please describe what you mean by crash.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of each report in separate reply windows
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 PM

Posted 28 August 2017 - 08:29 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 PM

Posted 30 August 2017 - 09:42 AM

Thank you for letting me know you are out of the country and your reply will be delayed.

Edited by Oh My!, 30 August 2017 - 09:43 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 PM

Posted 09 September 2017 - 01:49 PM

Greeetings,

Are you available to start addressing your issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 PM

Posted 11 September 2017 - 04:58 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 PM

Posted 13 September 2017 - 02:08 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users