Freezing Issues

View previous topic View next topic Go down

Freezing Issues

Post by Itachi21 on Mon Sep 23, 2013 3:10 am

Hello fellow techs!

Itachi21 here yet again helping another friend with their computer issues.

So far all I seem to find is that the computer in normal mode (currently in safe mode with networking) seems to run real slow and then freezes. Safe mode seems to be running fine but sometimes slow as well.

Below you will see both logs as for the adwcleaner I didn't see any issues.


Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2013.09.22.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16521
Owner :: OWNER-PC [administrator]

9/22/2013 2:49:06 PM
mbam-log-2013-09-22 (14-49-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200655
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Trend Micro Titanium
Microsoft Security Essentials
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 20
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 25.0.1364.172
Google Chrome 29.0.1547.76
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Mon Sep 23, 2013 7:11 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
It appears that you have two AV's running on that computer; Trend Micro Titanium and Microsoft Security Essentials. You should only have one AV active on your computer at any time otherwise, they will cause conflicts. One should be de-activated/uninstalled.

*************************************************************************
Please download [You must be registered and logged in to see this link.]by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*********************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Wed Sep 25, 2013 1:41 pm

So I can't remove Trend Micro or do the Java steps due to being in safe mode. The laptop is a Toshiba and doesn't have a hardware diagnostic either to check and see why the computer is moving very slow.


# AdwCleaner v3.005 - Report created 24/09/2013 at 11:46:09
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x9og4oxi.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16521


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x9og4oxi.default\prefs.js ]


-\\ Google Chrome v25.0.1364.172

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1600 octets] - [22/09/2013 20:46:10]
AdwCleaner[R1].txt - [1888 octets] - [24/09/2013 11:45:09]
AdwCleaner[S0].txt - [1827 octets] - [24/09/2013 11:46:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1887 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Tue 09/24/2013 at 12:40:34.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\best buy pc app



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1DEBCA6C-DB89-4B58-8806-18D542A9A435}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{21A7BAF2-F4EA-4075-835F-00715985FE07}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{341083FE-4402-49D3-BCA1-FA4475D5C4BB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4B860316-9903-4C8A-9111-BCE36403FEE5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{65C98F64-1E5A-47CE-BE17-E71AC469B8F2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{66FD7FB4-CB3D-42EB-B5A8-3A72D8839BA8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6A122FE2-8B10-4C2F-ADE8-83E8DF059D5D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{75ABF437-2215-49EC-8714-F992116EC82C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{91EB2B2E-FBB4-4CD3-A34A-04FAA482100C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{AFAFDFA3-9538-4166-BFF3-7E49EC5546F9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BB9F1781-DF1E-470A-9BCE-0D21D2378BE5}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BC2545C9-C23E-4A5A-AED4-AF8F87E9B9F9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C33A46C6-037F-4E54-948A-B63A1719A08D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DAE5E316-4B79-41DB-AF71-32852CB992BE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{EB35640A-3E4A-4A6A-B8EB-8FA9CC7EE46A}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/24/2013 at 14:26:46.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Wed Sep 25, 2013 6:57 pm

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Thu Sep 26, 2013 2:43 pm

ComboFix 13-09-24.02 - Owner 09/26/2013 9:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1977 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Owner\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Owner\Documents\~WRL0003.tmp
c:\users\Owner\Documents\~WRL3524.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-08-26 to 2013-09-26 )))))))))))))))))))))))))))))))
.
.
2013-09-26 14:23 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-26 14:23 . 2013-08-10 03:59 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-09-26 14:23 . 2013-08-10 03:58 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-09-26 14:23 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-09-26 14:23 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-09-26 14:23 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-09-26 14:23 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-26 14:23 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-26 14:17 . 2013-09-26 14:23 -------- d-----w- c:\windows\system32\MRT
2013-09-26 13:53 . 2013-09-26 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-26 02:31 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-09-26 02:31 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-09-26 02:31 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-09-26 02:31 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-09-24 18:41 . 2013-09-24 18:41 -------- d-----w- c:\users\Owner\AppData\Local\Macromedia
2013-09-24 17:43 . 2013-09-24 17:45 17750408 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-24 16:36 . 2013-09-24 16:36 -------- d-----w- c:\windows\ERUNT
2013-09-24 00:34 . 2013-09-24 18:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-24 00:34 . 2013-09-24 00:34 -------- d-----w- c:\windows\system32\Macromed
2013-09-23 19:54 . 2013-09-23 19:54 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2013-09-23 19:43 . 2013-09-23 19:44 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-09-23 00:44 . 2013-09-24 15:46 -------- d-----w- C:\AdwCleaner
2013-09-22 18:48 . 2013-09-22 18:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-09-22 18:46 . 2013-09-22 18:46 -------- d-----w- c:\programdata\Malwarebytes
2013-09-22 18:46 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-22 18:46 . 2013-09-22 18:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-22 18:45 . 2013-09-22 18:45 -------- d-----w- c:\users\Owner\AppData\Local\Programs
2013-09-22 18:21 . 2013-09-16 04:50 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79FAD1CD-5320-4D85-96BD-47344A576FE3}\mpengine.dll
2013-09-22 18:14 . 2013-09-22 18:14 -------- d-----w- c:\program files\CCleaner
2013-09-22 13:49 . 2013-09-22 14:05 -------- d-----w- C:\4519184f08f18547398c671fef29
2013-09-22 13:19 . 2013-09-22 13:19 -------- d-----w- c:\program files (x86)\GUMD3A3.tmp
2013-09-22 13:19 . 2013-09-22 13:19 4188160 ----a-w- c:\program files (x86)\GUTD3A4.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-24 18:00 . 2011-12-24 19:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-01 21:08 . 2011-11-01 22:32 79143768 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-5-16 298368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-25 13:21 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-24 18:00]
.
2013-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-669215534-785576864-2795475811-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-01 20:36]
.
2013-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-669215534-785576864-2795475811-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-01 20:36]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 11:38]
.
2013-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 11:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.25.80.130 64.25.80.140
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x9og4oxi.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run- - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\SafeConnect\scManager.sys
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-09-26 10:38:33 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-26 14:38
.
Pre-Run: 583,930,093,568 bytes free
Post-Run: 583,532,113,920 bytes free
.
- - End Of File - - 7CFC93F967442004B51F51A582E20198


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Thu Sep 26, 2013 10:20 pm

Malwarebytes' Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Fri Sep 27, 2013 6:50 pm

I uninstalled Trend Micro and used the Sun Java program to install Java. JavaRa found no versions.

Below are the initial logs from the 1st scans. 2nd scans as recommended came up the same.


Malwarebytes Anti-Rootkit BETA 1.07.0.1005
[You must be registered and logged in to see this link.]

Database version: v2013.09.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Owner :: OWNER-PC [administrator]

9/27/2013 1:56:06 PM
mbar-log-2013-09-27 (13-56-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 228495
Time elapsed: 25 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4240293888, free: 2844852224

Downloaded database version: v2013.09.27.05
Downloaded database version: v2013.09.23.01
=======================================
Initializing...
------------ Kernel report ------------
09/27/2013 13:55:48
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\usp10.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\nsi.dll
\Windows\System32\gdi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800691e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004a90050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800691e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80067b59d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800691e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004a90050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4E59E2AF

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 1218398208

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 1221472256 Numsec = 28790784
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Scan finished
=======================================
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800691e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004a90050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4E59E2AF

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 1218398208

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 1221472256 Numsec = 28790784
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_1221472256_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Fri Sep 27, 2013 7:08 pm

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Sat Sep 28, 2013 5:36 pm

No log populated and no threats were found.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Countryside on Sun Sep 29, 2013 12:35 am

Comments removed. You are not authorized to post in this malware forum unless you have a problem.

Countryside
Novice
Novice

Posts Posts : 10
Joined Joined : 2013-09-26
OS OS : Windows 7
Points Points : 11730
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Sun Sep 29, 2013 12:53 am

Ok, any improvement with your computer?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Sun Sep 29, 2013 2:17 am

Much improvement. The hardware diagnostic I ran as well really didnt show what I think may be wrong internally.

Do you recommend any hardware diagnostic tools?


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Sun Sep 29, 2013 2:27 pm

Run hard drive diagnostics: [You must be registered and logged in to see this link.]
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: [You must be registered and logged in to see this link.] to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, [You must be registered and logged in to see this link.]

Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
**********************************************
That could be a problem with bad RAM. Please run this check just to eliminate that possibility.
Test your RAM [You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Mon Sep 30, 2013 1:46 pm

Neither one is booting in a way that is easy to understand.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Mon Sep 30, 2013 2:24 pm

I'm really starting to wonder if there is bad ram or something with the motherboard because there will be "glitches" as I just do random things and firefox begins to not respond then respond.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Mon Sep 30, 2013 2:44 pm

After installing ImgBurn here is the mbar log.


Malwarebytes Anti-Malware 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2013.09.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Owner :: OWNER-PC [administrator]

9/30/2013 10:32:09 AM
mbam-log-2013-09-30 (10-32-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207487
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: [You must be registered and logged in to see this link.] -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN13937234256262690&UM=2&ctid=CT3311875) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 9
C:\Users\Owner\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\OpenCandy\0C344242B4654DD89AA52C27347C689E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3311875 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 36
C:\Users\Owner\AppData\Roaming\OpenCandy\0C344242B4654DD89AA52C27347C689E\StubInstaller_SweetTunes_v4.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Desktop\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsgA53A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsp3D9E.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\nsw63D4.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\Conduit\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTRUDCZS\GenericInstaller_v1[1].zip (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTRUDCZS\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTRUDCZS\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTRUDCZS\SweetTunes_wpf[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\O8TROQQA\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\O8TROQQA\SweetTunes[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\XRZ7J395\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\CT3311875.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\CT3311875.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\sl.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\ct3311875\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Conduit\IE\CT3311875\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Mon Sep 30, 2013 7:30 pm

Neither one is booting in a way that is easy to understand.
please explain. Did you set the BIOS to boot from the CD?
I'm really starting to wonder if there is bad ram or something with the motherboard because there will be "glitches" as I just do random things and firefox begins to not respond then respond.
That's what appears to be the problem. You should take this opportunity to save all your important data. Please try to run the hard drive diagnostic and the RAM test.


Last edited by Superdave on Sat Oct 05, 2013 6:57 pm; edited 1 time in total

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Sat Oct 05, 2013 2:40 am

None of the hard drive diagnostic tests worked for this model.

I ran 2 full passes on the MEM test and it cleared fine with 0 errors.

I'm thinking it may be a motherboard issue because when the computer get closed to put in standby I can get it back on and when I do a simple shutdown it doesnt shutdown all the way because all the lights stay on.

However the mbam log I previously posted didnt get rid of that conduit search maleware. How do we remove this?


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Sat Oct 05, 2013 6:59 pm

Please run AdwCleaner and Junkware Removal again.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Mon Oct 07, 2013 2:33 pm

# AdwCleaner v3.006 - Report created 07/10/2013 at 10:11:01
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
File Deleted : C:\END
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x9og4oxi.default\searchplugins\Conduit.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3311875
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_blklojfklgnogjaijkibhfjepakiocng]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x9og4oxi.default\prefs.js ]

Line Deleted : user_pref("CT3311875.FF19Solved", "true");
Line Deleted : user_pref("CT3311875.UserID", "UN61629768323755325");
Line Deleted : user_pref("CT3311875.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311875.fullUserID", "UN61629768323755325.IN.20130929225227");
Line Deleted : user_pref("CT3311875.installDate", "29/09/2013 22:52:31");
Line Deleted : user_pref("CT3311875.installSessionId", "{7D816E06-D801-4831-AF39-BD15E51836C4}");
Line Deleted : user_pref("CT3311875.installSp", "TRUE");
Line Deleted : user_pref("CT3311875.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3311875.keyword", "true");
Line Deleted : user_pref("CT3311875.originalHomepage", "about:home");
Line Deleted : user_pref("CT3311875.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3311875.originalSearchEngine", "");
Line Deleted : user_pref("CT3311875.originalSearchEngineName", "");
Line Deleted : user_pref("CT3311875.searchRevert", "false");
Line Deleted : user_pref("CT3311875.searchUserMode", "2");
Line Deleted : user_pref("CT3311875.smartbar.homepage", "true");
Line Deleted : user_pref("CT3311875.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3311875.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/Results.aspx?ctid=CT3315039&searchsource=69&UM=2&");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetTunes Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&CUI=UN61629768323755325&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetTunes Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN61629768323755325&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311875&CUI=UN61629768323755325&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311875&SearchSource=2&CUI=UN61629768323755325&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3311875");
Line Deleted : user_pref("smartbar.machineId", "G2IYBJR26/RESDEFVKO2LJHHREL7+NRAVNZ3DLALAZP4HEQVUL6LYC3AKKPOVJSPFSEED5XV57J0ZDWW+V04DG");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [1600 octets] - [22/09/2013 20:46:10]
AdwCleaner[R1].txt - [1888 octets] - [24/09/2013 11:45:09]
AdwCleaner[R2].txt - [4742 octets] - [07/10/2013 10:09:46]
AdwCleaner[S0].txt - [1967 octets] - [24/09/2013 11:46:09]
AdwCleaner[S1].txt - [4580 octets] - [07/10/2013 10:11:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4640 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Mon 10/07/2013 at 10:24:11.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B55A76F7-F20B-40D7-AEA2-811AFEB1EB58}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\x9og4oxi.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/07/2013 at 10:32:01.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Mon Oct 07, 2013 7:25 pm

It looks like Conduit is gone but the original still remains.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Mon Oct 07, 2013 7:39 pm

Original as in? The original problem which from all indications is the motherboard or there is still a problem with maleware?


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Tue Oct 08, 2013 12:11 am

Is there any particular time when it freezes such as running a certain program?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Tue Oct 08, 2013 1:51 pm

Not in particular maybe firefox since that is the only program I have been using during my diagnosis next to the maleware programs of course. I'm still having the issues with it when I shut it down and it goes on standby. Shutting down it goes black but the lights are still on and once it goes on standby I can't get it to get off standby.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Tue Oct 08, 2013 6:35 pm

[You must be registered and logged in to see this link.] wrote:Not in particular maybe firefox since that is the only program I have been using during my diagnosis next to the maleware programs of course. I'm still having the issues with it when I shut it down and it goes on standby. Shutting down it goes black but the lights are still on and once it goes on standby I can't get it to get off standby.
Wow, this is one sick computer. When it freezes can you activate the Task Manager and end the process?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Tue Oct 08, 2013 7:24 pm

Yeah thats not problem for the usual Firefox freezing due to flash player problem which is the usual on many computers.

I have narrowed it down to the motherboard being bad. Thoughts?


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Tue Oct 08, 2013 10:21 pm

Earlier, I gave you a warning about two AV's active on your computer. Are you certain that only one is active?
Did you create this folder? 2013-09-22 13:49 . 2013-09-22 14:05 -------- d-----w- C:\4519184f08f18547398c671fef29

I have narrowed it down to the motherboard being bad. Thoughts?
It's starting to look like some problem with hardware. Please try running this.
Please download and run MS Fix-it from [You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Wed Oct 09, 2013 2:49 pm

I don't remember installing any AV. I removed the Trend Micro at your request so all that was left was Microsoft Security Essentials.

The fix it was audio only and no problems came back.


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Wed Oct 09, 2013 3:41 pm

I just spoke with Toshiba and they think reinstalling the OS may fix it if not then it's probably the motherboard. They think the only way to isolate the cause is to see if when the computer was infected that the OS wasn't damaged.

Thoughts?


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Wed Oct 09, 2013 7:32 pm

[You must be registered and logged in to see this link.] wrote:I just spoke with Toshiba and they think reinstalling the OS may fix it if not then it's probably the motherboard. They think the only way to isolate the cause is to see if when the computer was infected that the OS wasn't damaged.

Thoughts?
It looks like that would be a course of action. Good luck.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Itachi21 on Thu Oct 10, 2013 4:14 am

Thanks for your help!


[You must be registered and logged in to see this link.]

Itachi21
Senior
Senior

Posts Posts : 319
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Windows 7 64 Bit
Points Points : 31869
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Freezing Issues

Post by Superdave on Thu Oct 10, 2013 10:33 pm

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83161
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum