Windows has encountered a critical error will restart in one minute

Jay Pfoutz · Aug 25, 2012

Remove the Adware.

Please close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with OK.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use

Click Start

When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.

Click Start or wait for the scanner to load.

Make sure that the options Remove found threats and the option Scan unwanted applications are checked.

Click Scan (This scan can take several hours, so please be patient)

Once the scan is completed, there are a couple of things to keep in mind:

1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.

2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.

Open the logfile from wherever you saved it

Copy and paste the contents in your next reply.

againstheman · Aug 26, 2012

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 02:02:55
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Starter (32 bits)
# User : Aileen - AILEEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Aileen\Desktop\fix\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Aileen\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Aileen\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Aileen\AppData\Roaming\Mozilla\Firefox\Profiles\hwk53vfa.default\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
File Deleted : C:\Users\Aileen\AppData\Roaming\Mozilla\Firefox\Profiles\hwk53vfa.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Aileen\AppData\Roaming\Mozilla\Firefox\Profiles\hwk53vfa.default\searchplugins\Conduit.xml

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=dpgrupo&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110701&user_guid=8FF070CEFC3241ADA77A5A60E1EEBDEA&machine_id=e5ba8923dbc0dbb1bc908bb979ea2c7c&browser=IE&os=win&os_version=6.1-x86-SP0 --> hxxp://www.google.com

-\\ Mozilla Firefox v9.0.1 (en-US)

Profile name : default
File : C:\Users\Aileen\AppData\Roaming\Mozilla\Firefox\Profiles\hwk53vfa.default\prefs.js

C:\Users\Aileen\AppData\Roaming\Mozilla\Firefox\Profiles\hwk53vfa.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.crossriderapp4924.4924.InstallationTime", 1338146321);
Deleted : user_pref("extensions.crossriderapp4924.4924.active", true);
Deleted : user_pref("extensions.crossriderapp4924.4924.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.affid", "0");
Deleted : user_pref("extensions.crossriderapp4924.4924.backgroundjs", "\n\n/**********************************[...]
Deleted : user_pref("extensions.crossriderapp4924.4924.backgroundver", 4);
Deleted : user_pref("extensions.crossriderapp4924.4924.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4924.4924.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4924.4924.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4924.4924.cookie.InstallationTime.value", "1338146321");
Deleted : user_pref("extensions.crossriderapp4924.4924.description", "The Easiest Way To Remove Your Facebook [...]
Deleted : user_pref("extensions.crossriderapp4924.4924.domain", "removemytimeline.com");
Deleted : user_pref("extensions.crossriderapp4924.4924.emailsig", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4924.4924.exposesites", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.group", 0);
Deleted : user_pref("extensions.crossriderapp4924.4924.homepage", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.iframe", false);
Deleted : user_pref("extensions.crossriderapp4924.4924.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.name", "FB Timeline Remover");
Deleted : user_pref("extensions.crossriderapp4924.4924.newtab", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_13.code", "(function(c){c.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_13.ver", 1);
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...]
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_14.ver", 1);
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_16.code", "(function(b,a){function I(){v[...]
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_16.ver", 1);
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins_lists.plugins_0", "17,14,16");
Deleted : user_pref("extensions.crossriderapp4924.4924.plugins_lists.plugins_1", "17,14,13,16,15");
Deleted : user_pref("extensions.crossriderapp4924.4924.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4924.4924.pluginsversion", 1);
Deleted : user_pref("extensions.crossriderapp4924.4924.premium", true);
Deleted : user_pref("extensions.crossriderapp4924.4924.publisher", "Deximol");
Deleted : user_pref("extensions.crossriderapp4924.4924.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4924.4924.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4924.4924.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4924.4924.thankyou", "hxxp://facebook.com/profile.php?");
Deleted : user_pref("extensions.crossriderapp4924.4924.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4924.4924.ver", 30);
Deleted : user_pref("extensions.crossriderapp4924.apps", "4924");
Deleted : user_pref("extensions.crossriderapp4924.bic", "1378fbc72284c2145e569c479529b9b7");
Deleted : user_pref("extensions.crossriderapp4924.cid", 4924);
Deleted : user_pref("extensions.crossriderapp4924.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4924.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4924.installationdate", 1338146321);
Deleted : user_pref("extensions.crossriderapp4924.lastcheck", 22302439);
Deleted : user_pref("extensions.crossriderapp4924.lastcheckitem", 22302599);
Deleted : user_pref("extensions.crossriderapp4924.misc.lastBgWorkerTimer", "1338155924618");
Deleted : user_pref("extensions.crossriderapp4924.misc.lastDomWorkerTimer", "1338155924569");
Deleted : user_pref("extensions.crossriderapp4926.4926.InstallationTime", 1338244166);
Deleted : user_pref("extensions.crossriderapp4926.4926.active", true);
Deleted : user_pref("extensions.crossriderapp4926.4926.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.affid", "0");
Deleted : user_pref("extensions.crossriderapp4926.4926.backgroundjs", "\n\n/**********************************[...]
Deleted : user_pref("extensions.crossriderapp4926.4926.backgroundver", 2);
Deleted : user_pref("extensions.crossriderapp4926.4926.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4926.4926.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.value", "1338244166");
Deleted : user_pref("extensions.crossriderapp4926.4926.description", "The Easiest Way To Remove Your Facebook [...]
Deleted : user_pref("extensions.crossriderapp4926.4926.domain", "battle-stats.com");
Deleted : user_pref("extensions.crossriderapp4926.4926.emailsig", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4926.4926.exposesites", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.group", 0);
Deleted : user_pref("extensions.crossriderapp4926.4926.homepage", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.iframe", false);
Deleted : user_pref("extensions.crossriderapp4926.4926.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.name", "Timeline Remover");
Deleted : user_pref("extensions.crossriderapp4926.4926.newtab", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.code", "(function(c){c.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.ver", 1);
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...]
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.ver", 1);
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.code", "(function(e){function u(c,b){[...]
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.code", "(function(b,a){function I(){v[...]
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.ver", 1);
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_0", "17,14,16");
Deleted : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_1", "17,14,13,16,15");
Deleted : user_pref("extensions.crossriderapp4926.4926.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4926.4926.pluginsversion", 1);
Deleted : user_pref("extensions.crossriderapp4926.4926.premium", true);
Deleted : user_pref("extensions.crossriderapp4926.4926.publisher", "Deximol");
Deleted : user_pref("extensions.crossriderapp4926.4926.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4926.4926.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4926.4926.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4926.4926.thankyou", "hxxp://facebook.com/profile.php");
Deleted : user_pref("extensions.crossriderapp4926.4926.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4926.4926.ver", 55);
Deleted : user_pref("extensions.crossriderapp4926.apps", "4926");
Deleted : user_pref("extensions.crossriderapp4926.bic", "1378fbc72284c2145e569c479529b9b7");
Deleted : user_pref("extensions.crossriderapp4926.cid", 4926);
Deleted : user_pref("extensions.crossriderapp4926.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4926.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4926.installationdate", 1338244165);
Deleted : user_pref("extensions.crossriderapp4926.lastcheck", 22304069);
Deleted : user_pref("extensions.crossriderapp4926.lastcheckitem", 22304094);
Deleted : user_pref("extensions.crossriderapp4926.misc.lastBgWorkerTimer", "1338245606731");
Deleted : user_pref("extensions.crossriderapp4926.misc.lastDomWorkerTimer", "1338245606604");
Deleted : user_pref("extensions.enabledAddons", "{5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.4.0,crossriderapp492[...]

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Aileen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14131 octets] - [24/08/2012 16:04:58]
AdwCleaner[S1].txt - [14495 octets] - [26/08/2012 02:02:56]

########## EOF - C:\AdwCleaner[S1].txt - [14624 octets] ##########

The first time I tried running ESET, my computer went blue screen.
After it restarted I ran it again and it ran fine

C:\FRST\Quarantine\services.exeWin32/Sirefef.FC trojandeleted - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\nWin32/Sirefef.EV trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\U\00000004.@Win32/Conedex.D trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\U\000000cb.@Win32/Conedex.E trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\U\80000000.@a variant of Win32/Sirefef.FA trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\U\80000032.@a variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\{2119776a-ccfb-0eae-915e-772df2562580}\nWin32/Sirefef.EV trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\{2119776a-ccfb-0eae-915e-772df2562580}\U\00000004.@Win32/Conedex.D trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\{2119776a-ccfb-0eae-915e-772df2562580}\U\000000cb.@Win32/Conedex.E trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\{2119776a-ccfb-0eae-915e-772df2562580}\U\80000000.@a variant of Win32/Sirefef.FA trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{2119776a-ccfb-0eae-915e-772df2562580}\{2119776a-ccfb-0eae-915e-772df2562580}\U\80000032.@a variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\BB69.tmpa variant of Win32/Kryptik.AJUZ trojancleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Aileen\AppData\Local\Apple\Adobe\mbgdtrp.dll.vira variant of Win32/Kryptik.AKQH trojancleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\AppData\Local\{2119776a-ccfb-0eae-915e-772df2562580}\n.virWin32/Sirefef.EV trojancleaned by deleting - quarantined
C:\Users\Aileen\AppData\Local\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\nplptl.dlla variant of Win32/Adware.Gamevance.BR applicationcleaned by deleting - quarantined
C:\Users\Aileen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.dlla variant of Win32/Adware.Gamevance.BR applicationcleaned by deleting - quarantined
C:\Users\Aileen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf2.dlla variant of Win32/Adware.Gamevance.BR applicationcleaned by deleting - quarantined
C:\Users\Aileen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf3.dlla variant of Win32/Adware.Gamevance.BR applicationcleaned by deleting - quarantined
C:\Users\Aileen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf4.dlla variant of Win32/Adware.Gamevance.BR applicationcleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdfgdgfdhdcdadegddjdidedbgcgf\background.htmlWin32/BHO.OEI trojancleaned by deleting - quarantined
C:\Users\Guest\AppData\Local\Google\Diagnostics\golrjkntt.dlla variant of Win32/Kryptik.AIZP trojancleaned by deleting - quarantined
C:\Users\Guest\AppData\LocalLow\FCTB000060231\Toolbar\Toolbar.dll.newWin32/Toolbar.BHO.B applicationcleaned by deleting - quarantined

I let it run over night, when I woke up it auto clean and auto quarantined the options

Jay Pfoutz · Aug 27, 2012

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer

Error messages

Fake antivirus alerts or the icon in the system tray

svchost.exe running at 100%

System crashes or blue screen of death

againstheman · Aug 27, 2012

1. The computer is slow
2. I noticed there was no windows update, and when I tried to update, it denied it saying the service was offline
3. When I noticed this I tried to install some anti-virus programs to install, but got the blue screen and then the message of windows has encountered a critical error will restart in one minute showed up

Jay Pfoutz · Aug 28, 2012

New log from FRST please.

againstheman · Aug 29, 2012

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 29-08-2012 18:55:52
Running from F:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-11-05] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7866912 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4562944 2009-07-16] (Dell Inc.)
HKLM\...\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe [632176 2009-09-16] (Dell)
HKLM\...\Run: [WSED] C:\Program Files\WSED\WSED.exe [247080 2009-05-27] (Dell)
HKLM\...\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe [320880 2009-06-09] (Compal Electronics, Inc)
HKLM\...\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m [1779952 2009-09-11] ()
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-07-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2010-10-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2010-10-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2010-10-25] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Aileen\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\Aileen\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [15141768 2011-06-15] (Skype Technologies S.A.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\Guest\...\Run: [Diagnostics] rundll32.exe "C:\Users\Guest\AppData\Local\Google\Diagnostics\golrjkntt.dll",CreateInstance [x]
HKU\Guest\...\Run: [Facebook Update] "C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-05] (Facebook Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Startup: C:\Users\Aileen\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Aileen\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 sprtsvc_DellSupportCenter; "C:\Program Files\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [201968 2009-06-03] (SupportSoft, Inc.)
2 wltrysvc; "C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe" [3086848 2009-07-16] (Dell Inc.)

========================== Drivers (Whitelisted) =============

3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-07-16] (Broadcom Corporation)
0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [13680 2009-06-26] (Windows (R) Win 7 DDK provider)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-06-17] (Duplex Secure Ltd.)
3 catchme; \??\C:\Users\Aileen\AppData\Local\Temp\catchme.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-26 01:12 - 2012-08-26 01:13 - 00145608 ____A C:\Windows\Minidump\082612-68266-01.dmp
2012-08-26 01:10 - 2012-08-26 01:10 - 00000000 ____D C:\Program Files\ESET
2012-08-25 00:25 - 2012-08-25 00:25 - 00145608 ____A C:\Windows\Minidump\082512-33321-01.dmp
2012-08-24 14:08 - 2012-08-26 10:45 - 00000000 ____D C:\Users\Aileen\Desktop\fix
2012-08-23 23:39 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-23 23:39 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-23 23:39 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-23 23:39 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-23 23:39 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-23 23:39 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-23 23:39 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-23 23:39 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-23 23:38 - 2012-08-24 03:45 - 00000000 ____D C:\Windows\erdnt
2012-08-23 19:19 - 2012-08-23 19:19 - 00000000 ____D C:\Users\Guest\Documents\Dell WebCam Central
2012-08-23 19:19 - 2012-08-23 19:19 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Creative
2012-08-22 14:47 - 2009-04-02 17:18 - 735784960 ____A C:\Users\Guest\Desktop\I Am Legend.avi
2012-08-20 18:49 - 2012-08-24 15:02 - 00000000 ____D C:\Qoobox
2012-08-20 15:28 - 2012-08-20 15:28 - 00000000 ____D C:\Users\Guest\AppData\Local\Apple
2012-08-17 05:16 - 2012-08-17 05:17 - 00000000 ____D C:\FRST
2012-08-17 02:35 - 2012-08-21 13:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-17 01:33 - 2012-08-17 01:33 - 00000020 ____A C:\Windows\$ö
2012-08-16 16:22 - 2012-06-18 05:10 - 62269166 ____A C:\Users\Guest\Desktop\102_1525.MOV
2012-08-13 15:56 - 2012-08-13 15:56 - 00000000 ____D C:\Windows\Sun
2012-08-12 11:43 - 2011-11-17 20:51 - 00239877 ____A C:\Users\Aileen\Desktop\spanish guy project.pptx
2012-08-12 11:43 - 2011-11-16 08:45 - 07642112 ____A C:\Users\Aileen\Desktop\Presentation2.ppt
2012-08-11 16:49 - 2012-08-11 16:49 - 00145608 ____A C:\Windows\Minidump\081112-30466-01.dmp
2012-08-11 14:41 - 2012-08-11 14:41 - 00145608 ____A C:\Windows\Minidump\081112-28282-01.dmp
2012-08-06 17:25 - 2012-08-06 17:25 - 00145608 ____A C:\Windows\Minidump\080612-34788-01.dmp
2012-08-05 22:29 - 2012-08-05 22:29 - 00501248 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe
2012-08-05 22:25 - 2012-08-05 22:26 - 00501248 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookVideoCallSetup_v1.2.205.0 (1).exe
2012-08-05 22:16 - 2012-08-05 22:17 - 00501248 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-05 18:03 - 2012-08-26 01:12 - 251092590 ____A C:\Windows\MEMORY.DMP
2012-08-05 18:03 - 2012-08-26 01:12 - 00000000 ____D C:\Windows\Minidump
2012-08-05 18:03 - 2012-08-05 18:03 - 00145616 ____A C:\Windows\Minidump\080512-30888-01.dmp
2012-08-01 10:22 - 2012-08-05 22:32 - 00000000 ____D C:\Users\Guest\AppData\Local\Facebook
2012-08-01 10:22 - 2012-08-01 10:22 - 00501240 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookMessengerSetup_v1.2.205.0.exe

============ 3 Months Modified Files ========================

2012-08-29 15:21 - 2011-06-30 16:19 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-29 13:24 - 2011-06-30 16:19 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-29 13:24 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 13:22 - 2009-07-13 20:53 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-29 13:05 - 2009-07-13 20:34 - 00010272 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-29 13:05 - 2009-07-13 20:34 - 00010272 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-29 13:01 - 2009-07-13 20:55 - 01349702 ____A C:\Windows\WindowsUpdate.log
2012-08-29 12:57 - 2010-12-25 14:30 - 00016384 _____ C:\Windows\System32\Ikeext.etl
2012-08-29 12:57 - 2009-07-13 20:39 - 00133543 ____A C:\Windows\setupact.log
2012-08-26 19:53 - 2010-01-20 19:12 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-26 01:13 - 2012-08-26 01:12 - 00145608 ____A C:\Windows\Minidump\082612-68266-01.dmp
2012-08-26 01:12 - 2012-08-05 18:03 - 251092590 ____A C:\Windows\MEMORY.DMP
2012-08-25 00:25 - 2012-08-25 00:25 - 00145608 ____A C:\Windows\Minidump\082512-33321-01.dmp
2012-08-24 19:58 - 2010-01-20 20:54 - 00498102 ____A C:\Windows\PFRO.log
2012-08-24 14:43 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-08-17 01:33 - 2012-08-17 01:33 - 00000020 ____A C:\Windows\$ö
2012-08-11 16:49 - 2012-08-11 16:49 - 00145608 ____A C:\Windows\Minidump\081112-30466-01.dmp
2012-08-11 14:41 - 2012-08-11 14:41 - 00145608 ____A C:\Windows\Minidump\081112-28282-01.dmp
2012-08-06 17:25 - 2012-08-06 17:25 - 00145608 ____A C:\Windows\Minidump\080612-34788-01.dmp
2012-08-05 22:29 - 2012-08-05 22:29 - 00501248 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookVideoCallSetup_v1.2.205.0 (2).exe
2012-08-05 22:26 - 2012-08-05 22:25 - 00501248 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookVideoCallSetup_v1.2.205.0 (1).exe
2012-08-05 22:17 - 2012-08-05 22:16 - 00501248 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-05 18:03 - 2012-08-05 18:03 - 00145616 ____A C:\Windows\Minidump\080512-30888-01.dmp
2012-08-01 10:22 - 2012-08-01 10:22 - 00501240 ____A (Facebook Inc.) C:\Users\Guest\Downloads\FacebookMessengerSetup_v1.2.205.0.exe
2012-07-12 15:47 - 2009-07-13 20:33 - 00413832 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-29 19:05 - 2012-06-29 19:05 - 00097194 ____A C:\Users\Guest\Downloads\Unconfirmed 49300.crdownload
2012-06-26 21:20 - 2012-06-26 21:20 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-26 21:20 - 2012-06-26 21:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-18 05:10 - 2012-08-16 16:22 - 62269166 ____A C:\Users\Guest\Desktop\102_1525.MOV
2012-06-11 18:44 - 2012-07-12 10:46 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:46 - 2012-07-11 12:14 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:09 - 2012-07-11 12:15 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:09 - 2012-07-11 12:15 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-02 14:19 - 2012-06-08 15:10 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 15:10 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 15:10 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 15:09 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 15:09 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-08 15:09 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-08 15:10 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-08 15:09 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-08 15:09 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:51 - 2012-07-11 12:15 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:51 - 2012-07-11 12:15 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:50 - 2012-07-11 12:15 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:48 - 2012-07-11 12:15 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:47 - 2012-07-11 12:15 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 39%
Total physical RAM: 1013.34 MB
Available physical RAM: 613.38 MB
Total Pagefile: 1013.34 MB
Available Pagefile: 612.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.62 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:68.05 GB) NTFS
3 Drive f: (DRIVER) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7648 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 134 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 134 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7646 MB 1096 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F DRIVER FAT32 Removable 7646 MB Healthy

==================================================================================

Last Boot: 2012-08-19 20:04

======================= End Of Log ==========================

Jay Pfoutz · Aug 30, 2012

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
CMD: bootrec /FixMbr
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Jay Pfoutz · Sep 4, 2012

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.

TechSpot

Welcome to TechSpot

Windows has encountered a critical error will restart in one minute

Jay Pfoutz Malware Helper Posts: 4,286 +49

againstheman Newcomer, in training

Jay Pfoutz Malware Helper Posts: 4,286 +49

againstheman Newcomer, in training

Jay Pfoutz Malware Helper Posts: 4,286 +49

againstheman Newcomer, in training

Jay Pfoutz Malware Helper Posts: 4,286 +49

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.