Solved Laptop is freezing.

[familyman14]

Just finished cleaning my youngests sons laptop and now my oldest kids laptop is messed up. it is freezing after minutes of logging on. When he clicks on start menu and tries to search it freezes as well. Problem started after power went out after a blizzard. it's a Samsung running windows 7 that he bought less than a year ago.

 

[Jay Pfoutz]

Hi there!

ComboFix scan

Please download ComboFix

by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[familyman14]

Hello, thank you for helping. I had to DL Combofix to a flash drive off my laptop and I ran my sons laptop in safe mode. Here are the results

ComboFix 13-02-15.01 - Mumbles2X 02/16/2013 14:26:44.1.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.7246 [GMT -8:00]
Running from: E:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-16 to 2013-02-16 )))))))))))))))))))))))))))))))
.
.
2013-02-16 22:33 . 2013-02-16 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-15 08:00 . 2013-02-15 08:00 -------- d-----w- c:\users\Mumbles2X\AppData\Local\Amazon
2013-02-13 23:35 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 23:35 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 23:35 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 23:35 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 23:35 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 23:35 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 07:43 . 2013-02-13 07:43 -------- d-----w- c:\users\Mumbles2X\AppData\Roaming\ParetoLogic
2013-02-13 07:43 . 2013-02-13 07:43 -------- d-----w- c:\users\Mumbles2X\AppData\Roaming\DriverCure
2013-02-13 07:16 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 07:16 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 06:36 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 06:36 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 23:41 . 2013-01-13 20:43 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-08 03:45 . 2012-12-23 00:36 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 03:45 . 2012-12-23 00:36 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-04 04:43 . 2013-02-13 23:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 11:00 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 11:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 11:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 11:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2012-12-08 05:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 01:13 . 2012-12-08 05:39 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-12 01:13 . 2012-12-08 05:39 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-08 04:58 . 2010-06-24 02:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-07 13:20 . 2013-01-10 01:14 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 01:14 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 01:14 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 01:14 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 01:14 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 01:14 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 01:14 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 01:14 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 01:14 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 01:14 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 01:14 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 01:14 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 01:14 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 01:14 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 01:14 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 01:14 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 01:14 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 01:14 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 01:14 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 01:14 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 01:14 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 01:14 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 01:14 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 01:14 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 01:14 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 01:14 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 01:14 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 01:14 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 01:14 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 01:14 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 01:14 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-10 01:14 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-10 01:13 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-10 01:13 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-10 01:13 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-10 01:13 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-10 01:13 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-10 01:13 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-10 01:13 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-10 01:13 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 01:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-02-14 1597864]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-12-08 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-02 343168]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-17 27800]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-02 204288]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-04 12262624]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-09 1255736]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-06-17 186152]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-13 06:43 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-23 03:45]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08 08:14]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08 08:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 03:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 03:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 03:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 03:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-04 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/tt2/?cid=mtmh12072012&amcid=SEG_LOCAL_BOS
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-16 14:35:51
ComboFix-quarantined-files.txt 2013-02-16 22:35
.
Pre-Run: 868,391,624,704 bytes free
Post-Run: 868,762,738,688 bytes free
.
- - End Of File - - 137C263A0A083E664209F5EBA343B6D2

 

[familyman14]

Wow, any there?

 

[Jay Pfoutz]

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


RogueKiller Scan

• Download RogueKiller from the following link and save it on your desktop:
  TechSpot
  Official Site (alternative
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

 

[familyman14]

I was able to run Kaspersky 3 objects detected. Computer freezes when I try to copy andpaste results. 3 objects are DMAgent , Richvideo and wiMAXAppSrv. All ( Unsignedfile.Multi.Generic ) If that helps. will shut down his comp and try next step.

 

[Jay Pfoutz]

No problem about results. Next step please.

 

[familyman14]

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mumbles2X [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/18/2013 08:48:31
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 64 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 35 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
Finished : << RKreport[3]_SC_02182013_02d0848.txt >>
RKreport[1]_S_02182013_02d0844.txt ; RKreport[2]_D_02182013_02d0844.txt ; RKreport[3]_SC_02182013_02d0848.txt

 

[familyman14]

Had to force shutdown and reboot to copy and paste that.

 

[Jay Pfoutz]

Since it's freezing in Windows, let's do the following:

Farbar Recovery Scan Tool

Download Farbar Recovery Scan Tool and save it to a flash drive.


Depending on your type of system, you will have to select 32-bit or 64-bit accordingly. How do I tell?

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button. It will do its scan and save a log on your flash drive.
• FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

 

[familyman14]

Flash drive is not showing up on his laptop. Does on mine. All I get from his is CD Drive (E: ) When I type e:\frst.exe the msg reads "The device is not ready" Will try on normal mode.

 

[familyman14]

Can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2013 01
Ran by Mumbles2X at 18-02-2013 11:25:09
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==================== One Month Created Files and Folders ========
2013-02-18 11:24 - 2013-02-18 11:25 - 00000000 ____D C:\FRST
2013-02-18 08:48 - 2013-02-18 08:48 - 00001219 ____A C:\Users\Mumbles2X\Desktop\RKreport[3]_SC_02182013_02d0848.txt
2013-02-18 08:44 - 2013-02-18 08:44 - 00002152 ____A C:\Users\Mumbles2X\Desktop\RKreport[1]_S_02182013_02d0844.txt
2013-02-18 08:44 - 2013-02-18 08:44 - 00002013 ____A C:\Users\Mumbles2X\Desktop\RKreport[2]_D_02182013_02d0844.txt
2013-02-18 08:43 - 2013-02-18 08:44 - 00000000 ____D C:\Users\Mumbles2X\Desktop\RK_Quarantine
2013-02-18 08:43 - 2013-02-18 08:43 - 00798208 ____A C:\Users\Mumbles2X\Downloads\RogueKiller.exe
2013-02-18 08:25 - 2013-02-18 08:25 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Mumbles2X\Downloads\tdsskiller.exe
2013-02-16 14:35 - 2013-02-16 14:35 - 00024911 ____A C:\ComboFix.txt
2013-02-16 14:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-02-16 14:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-02-16 14:25 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-02-16 14:21 - 2013-02-16 14:35 - 00000000 ____D C:\Qoobox
2013-02-16 14:21 - 2013-02-16 14:34 - 00000000 ____D C:\Windows\erdnt
2013-02-15 00:00 - 2013-02-15 00:00 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\Amazon
2013-02-13 23:30 - 2013-02-13 23:30 - 00000000 ____D C:\Users\Mumbles2X\AppData\LocalGoogle
2013-02-13 23:07 - 2013-02-16 13:42 - 00002111 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-02-13 20:18 - 2013-02-13 20:18 - 16586897 ____A C:\Users\Mumbles2X\Downloads\Unconfirmed 814664.crdownload
2013-02-13 15:35 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 15:35 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 15:35 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 15:35 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 15:35 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 15:35 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-12 23:43 - 2013-02-12 23:43 - 00000000 ____D C:\Users\Mumbles2X\AppData\Roaming\ParetoLogic
2013-02-12 23:43 - 2013-02-12 23:43 - 00000000 ____D C:\Users\Mumbles2X\AppData\Roaming\DriverCure
2013-02-12 23:15 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-12 23:15 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-12 23:15 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-12 23:15 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-12 23:15 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-12 23:15 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-12 23:15 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-12 23:15 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-12 23:15 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-12 23:15 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-12 23:15 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-12 23:15 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-12 23:15 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-12 23:15 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-12 23:15 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-12 23:15 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-12 23:15 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-12 23:15 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-12 23:15 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-12 23:15 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-12 23:15 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-12 23:15 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-12 23:15 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-12 23:15 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-12 23:15 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-12 23:15 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-12 23:15 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-12 23:15 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-12 23:15 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-12 23:15 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-12 23:15 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-12 23:15 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-12 23:15 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-12 23:15 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-12 23:15 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-12 22:44 - 2013-02-12 22:44 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-12 22:36 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-12 22:36 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
==================== One Month Modified Files and Folders =======
2013-02-18 11:23 - 2012-12-08 00:14 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-18 11:23 - 2012-12-07 22:01 - 00000000 ____D C:\Program Files (x86)\Steam
2013-02-18 11:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-18 11:23 - 2009-07-13 20:51 - 00066716 ____A C:\Windows\setupact.log
2013-02-18 10:56 - 2012-12-22 16:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-18 10:56 - 2012-12-08 00:14 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-18 10:56 - 2010-11-20 19:47 - 00365990 ____A C:\Windows\PFRO.log
2013-02-18 09:19 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-18 09:14 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-18 08:56 - 2011-09-14 10:08 - 01965832 ____A C:\Windows\WindowsUpdate.log
2013-02-18 08:48 - 2013-02-18 08:48 - 00001219 ____A C:\Users\Mumbles2X\Desktop\RKreport[3]_SC_02182013_02d0848.txt
2013-02-18 08:46 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-18 08:44 - 2013-02-18 08:44 - 00002152 ____A C:\Users\Mumbles2X\Desktop\RKreport[1]_S_02182013_02d0844.txt
2013-02-18 08:44 - 2013-02-18 08:44 - 00002013 ____A C:\Users\Mumbles2X\Desktop\RKreport[2]_D_02182013_02d0844.txt
2013-02-18 08:44 - 2013-02-18 08:43 - 00000000 ____D C:\Users\Mumbles2X\Desktop\RK_Quarantine
2013-02-18 08:43 - 2013-02-18 08:43 - 00798208 ____A C:\Users\Mumbles2X\Downloads\RogueKiller.exe
2013-02-18 08:25 - 2013-02-18 08:25 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Mumbles2X\Downloads\tdsskiller.exe
2013-02-16 14:35 - 2013-02-16 14:35 - 00024911 ____A C:\ComboFix.txt
2013-02-16 14:35 - 2013-02-16 14:21 - 00000000 ____D C:\Qoobox
2013-02-16 14:34 - 2013-02-16 14:21 - 00000000 ____D C:\Windows\erdnt
2013-02-16 14:34 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-02-16 13:42 - 2013-02-13 23:07 - 00002111 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-02-15 15:28 - 2012-12-07 20:11 - 00000000 ____D C:\users\Mumbles2X
2013-02-15 00:01 - 2012-12-07 20:13 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\Deployment
2013-02-15 00:00 - 2013-02-15 00:00 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\Amazon
2013-02-15 00:00 - 2011-09-13 18:18 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-02-13 23:30 - 2013-02-13 23:30 - 00000000 ____D C:\Users\Mumbles2X\AppData\LocalGoogle
2013-02-13 23:30 - 2012-12-07 21:07 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\Google
2013-02-13 23:30 - 2012-12-07 21:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-13 23:07 - 2012-12-07 21:07 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-02-13 20:18 - 2013-02-13 20:18 - 16586897 ____A C:\Users\Mumbles2X\Downloads\Unconfirmed 814664.crdownload
2013-02-13 15:41 - 2013-01-13 12:43 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-12 23:43 - 2013-02-12 23:43 - 00000000 ____D C:\Users\Mumbles2X\AppData\Roaming\ParetoLogic
2013-02-12 23:43 - 2013-02-12 23:43 - 00000000 ____D C:\Users\Mumbles2X\AppData\Roaming\DriverCure
2013-02-12 22:44 - 2013-02-12 22:44 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-07 19:45 - 2012-12-22 16:36 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-07 19:45 - 2012-12-22 16:36 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-01 21:03 - 2012-12-14 00:11 - 00000000 ____D C:\Users\Mumbles2X\Documents\Youcam
2013-02-01 20:52 - 2012-12-07 20:49 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\CrashDumps

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2013-01-05 06:57:57
Restore point made on: 2013-01-10 17:27:26
Restore point made on: 2013-01-13 12:43:33
Restore point made on: 2013-02-12 23:15:30
Restore point made on: 2013-02-13 15:28:56
Restore point made on: 2013-02-13 15:40:39
Restore point made on: 2013-02-13 23:07:07
Restore point made on: 2013-02-15 00:03:27
Restore point made on: 2013-02-15 00:04:04
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 8105.55 MB
Available physical RAM: 6405.47 MB
Total Pagefile: 16209.28 MB
Available Pagefile: 14415.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:921.41 GB) (Free:809.38 GB) NTFS
3 Drive e: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7641 MB 0 B
Disk 2 Online 492 MB 0 B
Partitions of Disk 0:
===============
Disk ID: 74B5821F
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 921 GB 101 MB
Partition 3 OEM 9 GB 921 GB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 921 GB Healthy Boot
=========================================================
Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Partitions of Disk 1:
===============
Disk ID: 74F02DEA
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7639 MB 1024 KB
==================================================================================
Disk: 1
Partition 1
Type : 73
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Partitions of Disk 2:
===============
Disk ID: 00000000
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 491 MB 16 KB
==================================================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT Removable 491 MB Healthy
=========================================================
Last Boot: 2013-01-26 02:07
==================== End Of Log =============================

 

[Jay Pfoutz]

It has to be run from the Recovery Environment. Were you able to run from the Recovery Environment before it said "Device not ready"?

If so, make sure to follow the correct instructions here, which should help:

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• [CENTER]In the command window type in notepad and press Enter.[/CENTER]
• [CENTER]The notepad opens. Under File menu select Open.[/CENTER]
• [CENTER]Select "Computer" and find your flash drive letter and close the notepad.[/CENTER]
• [CENTER]In the command window type e:\frst.exe and press Enter
  Note: Replace letter e with the drive letter of your flash drive.[/CENTER]
• The tool will start to run.

 

[familyman14]

I tried that but the flash drive doesn't show up as an option.

 

[familyman14]

I unplugged the port he has his mouse in and put flash drive in there and it shows up as f when I type f:\frst.exe I get this msg. f:\frst.exe is not recognized as an internal or external command, operable program or batch file. Re DL'ed frst on flash drive from my comp. and tried again useing e:\ and get this msg. The device is not ready. I tried starting his comp in normal and flash drive shows up with the file in it.

 

[Jay Pfoutz]

One more trial here...

Try f:\frst64.exe and see if that functions...

 

[familyman14]

That worked/
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2013 01
Ran by SYSTEM at 19-02-2013 11:30:57
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12661352 2011-07-31] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-31] (Intel(R) Corporation)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2721576 2011-06-16] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-09-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [87336 2010-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-01] (CyberLink)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-05-31] (Symantec Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [385248 2013-02-12] ()
HKU\Mumbles2X\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1597864 2013-02-15] (Valve Corporation)
HKU\Mumbles2X\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-12-08] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
==================== Services (Whitelisted) ===================
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86752 2013-02-12] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110816 2013-02-12] (Avira Operations GmbH & Co. KG)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-31] ()
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] ()
==================== Drivers (Whitelisted) =====================
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [99912 2012-12-11] (Avira Operations GmbH & Co. KG)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [129216 2012-12-11] (Avira Operations GmbH & Co. KG)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27800 2012-11-16] (Avira Operations GmbH & Co. KG)
2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2013-02-18 11:24 - 2013-02-18 11:25 - 00000000 ____D C:\FRST
2013-02-18 08:48 - 2013-02-18 08:48 - 00001219 ____A C:\Users\Mumbles2X\Desktop\RKreport[3]_SC_02182013_02d0848.txt
2013-02-18 08:44 - 2013-02-18 08:44 - 00002152 ____A C:\Users\Mumbles2X\Desktop\RKreport[1]_S_02182013_02d0844.txt
2013-02-18 08:44 - 2013-02-18 08:44 - 00002013 ____A C:\Users\Mumbles2X\Desktop\RKreport[2]_D_02182013_02d0844.txt
2013-02-18 08:43 - 2013-02-18 08:44 - 00000000 ____D C:\Users\Mumbles2X\Desktop\RK_Quarantine
2013-02-18 08:43 - 2013-02-18 08:43 - 00798208 ____A C:\Users\Mumbles2X\Downloads\RogueKiller.exe
2013-02-18 08:25 - 2013-02-18 08:25 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Mumbles2X\Downloads\tdsskiller.exe
2013-02-16 14:35 - 2013-02-16 14:35 - 00024911 ____A C:\ComboFix.txt
2013-02-16 14:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-02-16 14:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-02-16 14:25 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-02-16 14:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-02-16 14:21 - 2013-02-16 14:35 - 00000000 ____D C:\Qoobox
2013-02-16 14:21 - 2013-02-16 14:34 - 00000000 ____D C:\Windows\erdnt
2013-02-15 00:00 - 2013-02-15 00:00 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\Amazon
2013-02-13 23:30 - 2013-02-13 23:30 - 00000000 ____D C:\Users\Mumbles2X\AppData\LocalGoogle
2013-02-13 23:07 - 2013-02-16 13:42 - 00002111 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-02-13 20:18 - 2013-02-13 20:18 - 16586897 ____A C:\Users\Mumbles2X\Downloads\Unconfirmed 814664.crdownload
2013-02-13 15:35 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-13 15:35 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-02-13 15:35 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-02-13 15:35 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-02-13 15:35 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-02-13 15:35 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-02-12 23:43 - 2013-02-12 23:43 - 00000000 ____D C:\Users\Mumbles2X\AppData\Roaming\ParetoLogic
2013-02-12 23:43 - 2013-02-12 23:43 - 00000000 ____D C:\Users\Mumbles2X\AppData\Roaming\DriverCure
2013-02-12 23:15 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-12 23:15 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-12 23:15 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-12 23:15 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-12 23:15 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-12 23:15 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-12 23:15 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-12 23:15 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-12 23:15 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-12 23:15 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-12 23:15 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-12 23:15 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-12 23:15 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-12 23:15 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-12 23:15 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-12 23:15 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-12 23:15 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-12 23:15 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-02-12 23:15 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-12 23:15 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-02-12 23:15 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-12 23:15 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-12 23:15 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-12 23:15 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-12 23:15 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-02-12 23:15 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-02-12 23:15 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-02-12 23:15 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-12 23:15 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-12 23:15 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-12 23:15 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-12 23:15 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-12 23:15 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-12 23:15 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-02-12 23:15 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-02-12 22:44 - 2013-02-12 22:44 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-12 22:36 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-12 22:36 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
==================== One Month Modified Files and Folders =======
2013-02-18 12:34 - 2012-12-07 22:01 - 00000000 ____D C:\Program Files (x86)\Steam
2013-02-18 12:33 - 2012-12-08 00:14 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-18 12:33 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-18 12:33 - 2009-07-13 20:51 - 00066772 ____A C:\Windows\setupact.log
2013-02-18 11:25 - 2013-02-18 11:24 - 00000000 ____D C:\FRST
2013-02-18 10:56 - 2012-12-22 16:36 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-18 10:56 - 2012-12-08 00:14 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-18 10:56 - 2010-11-20 19:47 - 00365990 ____A C:\Windows\PFRO.log
2013-02-18 10:55 - 2011-09-14 10:08 - 01969190 ____A C:\Windows\WindowsUpdate.log
2013-02-18 09:19 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-18 09:14 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-18 08:48 - 2013-02-18 08:48 - 00001219 ____A C:\Users\Mumbles2X\Desktop\RKreport[3]_SC_02182013_02d0848.txt
2013-02-18 08:46 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-18 08:44 - 2013-02-18 08:44 - 00002152 ____A C:\Users\Mumbles2X\Desktop\RKreport[1]_S_02182013_02d0844.txt
2013-02-18 08:44 - 2013-02-18 08:44 - 00002013 ____A C:\Users\Mumbles2X\Desktop\RKreport[2]_D_02182013_02d0844.txt
2013-02-18 08:44 - 2013-02-18 08:43 - 00000000 ____D C:\Users\Mumbles2X\Desktop\RK_Quarantine
2013-02-18 08:43 - 2013-02-18 08:43 - 00798208 ____A C:\Users\Mumbles2X\Downloads\RogueKiller.exe
2013-02-18 08:25 - 2013-02-18 08:25 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Mumbles2X\Downloads\tdsskiller.exe
2013-02-16 14:35 - 2013-02-16 14:35 - 00024911 ____A C:\ComboFix.txt
2013-02-16 14:35 - 2013-02-16 14:21 - 00000000 ____D C:\Qoobox
2013-02-16 14:34 - 2013-02-16 14:21 - 00000000 ____D C:\Windows\erdnt
2013-02-16 14:34 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-02-16 13:42 - 2013-02-13 23:07 - 00002111 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-02-15 15:28 - 2012-12-07 20:11 - 00000000 ____D C:\users\Mumbles2X
2013-02-15 00:01 - 2012-12-07 20:13 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\Deployment
2013-02-15 00:00 - 2013-02-15 00:00 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\Amazon
2013-02-15 00:00 - 2011-09-13 18:18 - 00000000 ____D C:\Program Files (x86)\Amazon
2013-02-13 23:30 - 2013-02-13 23:30 - 00000000 ____D C:\Users\Mumbles2X\AppData\LocalGoogle
2013-02-13 23:30 - 2012-12-07 21:07 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\Google
2013-02-13 23:30 - 2012-12-07 21:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-02-13 23:07 - 2012-12-07 21:07 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-02-13 20:18 - 2013-02-13 20:18 - 16586897 ____A C:\Users\Mumbles2X\Downloads\Unconfirmed 814664.crdownload
2013-02-13 15:41 - 2013-01-13 12:43 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-12 23:43 - 2013-02-12 23:43 - 00000000 ____D C:\Users\Mumbles2X\AppData\Roaming\ParetoLogic
2013-02-12 23:43 - 2013-02-12 23:43 - 00000000 ____D C:\Users\Mumbles2X\AppData\Roaming\DriverCure
2013-02-12 22:44 - 2013-02-12 22:44 - 00002255 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-02-07 19:45 - 2012-12-22 16:36 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-07 19:45 - 2012-12-22 16:36 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-01 21:03 - 2012-12-14 00:11 - 00000000 ____D C:\Users\Mumbles2X\Documents\Youcam
2013-02-01 20:52 - 2012-12-07 20:49 - 00000000 ____D C:\Users\Mumbles2X\AppData\Local\CrashDumps

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-01-05 06:57:57
Restore point made on: 2013-01-10 17:27:26
Restore point made on: 2013-01-13 12:43:33
Restore point made on: 2013-02-12 23:15:30
Restore point made on: 2013-02-13 15:28:56
Restore point made on: 2013-02-13 15:40:39
Restore point made on: 2013-02-13 23:07:07
Restore point made on: 2013-02-15 00:03:27
Restore point made on: 2013-02-15 00:04:04
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8105.55 MB
Available physical RAM: 7312.09 MB
Total Pagefile: 8103.75 MB
Available Pagefile: 7297.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:921.41 GB) (Free:809.31 GB) NTFS
3 Drive f: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 7641 MB 0 B
Disk 1 Online 931 GB 0 B
Disk 2 Online 492 MB 0 B
Partitions of Disk 0:
===============
Disk ID: 74F02DEA
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7639 MB 1024 KB
==================================================================================
Disk: 0
Partition 1
Type : 73
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Partitions of Disk 1:
===============
Disk ID: 74B5821F
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 921 GB 101 MB
Partition 3 OEM 9 GB 921 GB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
=========================================================
Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 921 GB Healthy
=========================================================
Disk: 1
Partition 3
Type : 12
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 RECOVERY NTFS Partition 9 GB Healthy Hidden
=========================================================
Partitions of Disk 2:
===============
Disk ID: 00000000
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 491 MB 16 KB
==================================================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 491 MB Healthy
=========================================================
Last Boot: 2013-01-26 02:07
==================== End Of Log =============================

 

[familyman14]

Could you tell me what time you usually log on here to help us, instead of me checking every half hour. Thank you.

 

[familyman14]

Jay, I see you were on this afternoon. I appreciate your help but if you don't have the time to please let me know so I can move on. Thank you.

 

[Jay Pfoutz]

I'm sorry. I usually am around at about 4:00 AM ET for the first part of my day, but I'm definitely around from 10:00 AM-4:00 PM ET on a normal schedule.

I been in and out of the office the past few days, so it's been inconsistent.

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2013-01-26 02:07
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[familyman14]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-02-2013 01
Ran by SYSTEM at 2013-02-20 15:39:40 Run:1
Running from F:\
==============================================
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
==== End of Fixlog ====​

 

[familyman14]

My son is on the laptop looking around to see if it freezes.

 

[familyman14]

It froze again after a coup[le minutes.

 

[Jay Pfoutz]

Okay. I will have further instructions in the morning. Thanks for patience!

 

[Jay Pfoutz]

Morning...I thought I saw the issue in the logs, however, I think we will take a closer look at a few key areas of the operating system to find out why it is freezing. A couple of other tools to run here to provide a lot more information

Speccy hardware checking

Please download Speccy and save to your Desktop.

• Double-click on setup file and install Speccy on your computer.
• Start Speccy and give it 30 seconds to 1 minute to load.
• Then, click File > Save as Text file...
• Save the report to your Desktop or other location you can remember.
• Find the report and attach it to your next reply.

Kaspersky GetSystemInfo Scan

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.

Set the slider to Maximum.

IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.

On the General tab, make sure all of the boxes are checked.

On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.

Click Create Report to run it.

It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.