Jump to content

liveforlife

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I figured out what was causing the blue screens and crashes, it was the graphics card, it was blown.
  2. I ran all the delfix tool as well as unchecky , malwarebytes is already installed and so is anti exploit, this computer doesn't have java installed, at least system wide, minecraft has its own portable version they run with now. I also disabled flash player.
  3. If no malware is the cause of the crashes, and Windows failed go start messages, Then I guess we are done since, no others aside from that. Thanks for the help.
  4. It's been running fine, but I kept it off all night, no other message stating Windows failed to start.
  5. this took almost 2 hours complete. I started it a minute after you responded. Log Name: Application Source: Microsoft-Windows-Wininit Date: 7/15/2015 5:22:32 PM Event ID: 1001 Task Category: None Level: Information Keywords: Classic User: N/A Computer: michelle-PC Description: Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 153344 file records processed. File verification completed. 669 large file records processed. 0 bad file records processed. 0 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 192160 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 153344 file SDs/SIDs processed. Cleaning up 844 unused index entries from index $SII of file 0x9. Cleaning up 844 unused index entries from index $SDH of file 0x9. Cleaning up 844 unused security descriptors. Security descriptor verification completed. 19409 data files processed. CHKDSK is verifying Usn Journal... 35300832 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 153328 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 73696665 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 488282111 KB total disk space. 193148968 KB in 129523 files. 75544 KB in 19410 indexes. 0 KB in bad sectors. 270935 KB in use by the system. 65536 KB occupied by the log file. 294786664 KB available on disk. 4096 bytes in each allocation unit. 122070527 total allocation units on disk. 73696666 allocation units available on disk. Internal Info: 00 57 02 00 d1 45 02 00 6e 45 04 00 00 00 00 00 .W...E..nE...... 7d 05 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 }...<........... 98 f4 2f 00 50 01 2e 00 88 19 2e 00 00 00 2e 00 ../.P........... Windows has finished checking your disk. Please wait while your computer restarts. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2015-07-15T21:22:32.000000000Z" /> <EventRecordID>6773</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>michelle-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 153344 file records processed. File verification completed. 669 large file records processed. 0 bad file records processed. 0 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 192160 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 153344 file SDs/SIDs processed. Cleaning up 844 unused index entries from index $SII of file 0x9. Cleaning up 844 unused index entries from index $SDH of file 0x9. Cleaning up 844 unused security descriptors. Security descriptor verification completed. 19409 data files processed. CHKDSK is verifying Usn Journal... 35300832 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 153328 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 73696665 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 488282111 KB total disk space. 193148968 KB in 129523 files. 75544 KB in 19410 indexes. 0 KB in bad sectors. 270935 KB in use by the system. 65536 KB occupied by the log file. 294786664 KB available on disk. 4096 bytes in each allocation unit. 122070527 total allocation units on disk. 73696666 allocation units available on disk. Internal Info: 00 57 02 00 d1 45 02 00 6e 45 04 00 00 00 00 00 .W...E..nE...... 7d 05 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 }...<........... 98 f4 2f 00 50 01 2e 00 88 19 2e 00 00 00 2e 00 ../.P........... Windows has finished checking your disk. Please wait while your computer restarts. </Data> </EventData> </Event>
  6. I finally was able to see the error she was talking about this time, I had turned the computer off well waiting for a reply so it wasn't being used by her kids well waiting for a reply. When i noticed there was a reply, I turned the computer on and It gave me the error message, windows failed to start, and asked me to pick an option. PIcking boot normally, worked and it booted up, but apparently just about every time the computer is turned on it gives the error messaged windows failed to start. there also hasn't been a blue screen since the 30th of june or so. FRST.txt Addition.txt
  7. I am looking at my sisters computer and it is constantly crashing she says, I can't find a cause. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015 Ran by michelle (administrator) on MICHELLE-PC on 15-07-2015 14:09:42 Running from C:\Users\michelle\Downloads Loaded Profiles: michelle (Available Profiles: michelle & wyatt) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe (Valve Corporation) C:\Program Files\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\michelle\Downloads\FRST(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-10] (Realtek Semiconductor) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-17] (Avast Software s.r.o.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation) HKU\S-1-5-21-1527173825-2590610167-1253211815-1000\...\Run: [steam] => C:\Program Files\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation) HKU\S-1-5-21-1527173825-2590610167-1253211815-1000\...\MountPoints2: {bd91aaaa-1466-11e5-b47f-94de80d48eb1} - E:\Startme.exe HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-06-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-17] (Avast Software s.r.o.) GroupPolicyUsers\S-1-5-21-1527173825-2590610167-1253211815-1004\User: Group Policy Restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198 Tcpip\..\Interfaces\{6BDEB675-2B43-43A0-BBF2-45B14AFCDD94}: [DhcpNameServer] 64.71.255.204 64.71.255.198 FireFox: ======== FF ProfilePath: C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tvy0dc83.default-1434565962122 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation) FF Extension: Adblock Plus - C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tvy0dc83.default-1434565962122\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-17] (Avast Software s.r.o.) R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation) S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1997168 2015-06-09] (Electronic Arts) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-17] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-17] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-06-17] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-17] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-06-17] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-17] () R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] () R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [99992 2012-07-19] (Qualcomm Atheros Co., Ltd.) R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation ) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek ) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation) R3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-13] (Microsoft Corporation) S3 amdiox86; system32\DRIVERS\amdiox86.sys [X] U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-15 14:09 - 2015-07-15 14:09 - 01636864 _____ (Farbar) C:\Users\michelle\Downloads\FRST(1).exe 2015-07-04 22:30 - 2015-07-05 11:34 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-07-04 22:29 - 2015-07-04 22:43 - 00000000 ____D C:\Users\michelle\Desktop\mbar 2015-07-04 22:28 - 2015-07-04 22:28 - 16502728 _____ (Malwarebytes Corp.) C:\Users\michelle\Downloads\mbar-1.09.1.1004.exe 2015-07-01 00:00 - 2015-07-01 00:00 - 00131072 _____ C:\Windows\Minidump\070115-17269-01.dmp 2015-06-28 15:02 - 2015-06-28 15:02 - 00000000 ____D C:\Users\michelle\AppData\Roaming\WinAuth 2015-06-28 14:57 - 2015-06-28 14:57 - 01502629 _____ C:\Users\michelle\Desktop\WinAuth-3.1.8.zip 2015-06-17 15:54 - 2015-06-17 15:54 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-06-17 15:54 - 2015-06-17 15:54 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-15 14:09 - 2014-12-10 07:46 - 00007322 _____ C:\Users\michelle\Downloads\FRST.txt 2015-07-15 14:09 - 2014-12-10 07:46 - 00000000 ____D C:\FRST 2015-07-15 14:07 - 2014-06-21 08:27 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-15 14:03 - 2014-06-22 06:11 - 00000000 ____D C:\Program Files\Steam 2015-07-15 14:01 - 2015-05-14 14:34 - 00000000 ____D C:\ProgramData\NVIDIA 2015-07-15 14:01 - 2014-08-03 01:00 - 00017694 _____ C:\Windows\setupact.log 2015-07-15 14:01 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-15 13:59 - 2015-04-30 22:20 - 245170756 _____ C:\Windows\MEMORY.DMP 2015-07-15 03:39 - 2014-06-21 09:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-14 21:25 - 2015-05-10 13:12 - 00000047 _____ C:\Users\michelle\jagex_cl_oldschool_LIVE.dat 2015-07-14 21:25 - 2015-05-10 13:12 - 00000024 _____ C:\Users\michelle\random.dat 2015-07-14 20:53 - 2014-06-21 09:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-07-14 20:53 - 2014-06-21 09:25 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-07-14 20:52 - 2014-08-08 01:11 - 00000000 ____D C:\Users\michelle\AppData\Local\Adobe 2015-07-14 20:03 - 2014-06-21 08:17 - 01818723 _____ C:\Windows\WindowsUpdate.log 2015-07-14 18:23 - 2015-04-24 03:28 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-07-13 13:04 - 2009-07-14 00:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-13 13:04 - 2009-07-14 00:34 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-12 10:54 - 2015-05-10 13:12 - 00000023 _____ C:\Users\michelle\jagexappletviewer.preferences 2015-07-05 11:34 - 2014-06-22 06:03 - 00163488 _____ C:\Windows\PFRO.log 2015-07-05 11:34 - 2014-06-21 08:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-07-04 22:44 - 2014-06-21 08:58 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-04 22:43 - 2014-08-17 14:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-07-04 22:29 - 2014-06-21 08:57 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-03 18:04 - 2015-04-30 22:20 - 00000000 ____D C:\Windows\Minidump 2015-06-28 14:58 - 2014-08-29 22:59 - 03900928 _____ C:\Users\michelle\Desktop\WinAuth.exe 2015-06-27 17:44 - 2014-06-21 08:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-27 17:44 - 2014-06-21 08:57 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-26 15:54 - 2014-06-21 09:22 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys 2015-06-23 13:27 - 2014-06-21 08:39 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-18 08:41 - 2014-06-21 08:57 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2014-06-21 08:57 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-17 15:54 - 2014-06-21 09:22 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-06-17 15:54 - 2014-06-21 09:22 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys 2015-06-17 15:54 - 2014-06-21 09:22 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-06-17 15:54 - 2014-06-21 09:22 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-06-17 15:54 - 2014-06-21 09:22 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-06-17 15:54 - 2014-06-21 09:22 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys 2015-06-17 15:54 - 2014-06-21 09:22 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys 2015-06-17 14:32 - 2015-06-12 18:09 - 00000000 ____D C:\Users\michelle\Desktop\Old Firefox Data Some files in TEMP: ==================== C:\Users\michelle\AppData\Local\Temp\devcon.exe C:\Users\michelle\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\michelle\AppData\Local\Temp\drm_dyndata_7380014.dll C:\Users\michelle\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\michelle\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 00:58 ==================== End of log ============================
  8. I got up this morning and turned my computer on and during routine daily check of malwarebytes. I noticed that their was an item in the quarantine labled : Detection, 12/10/2014 12:33:27 AM, SYSTEM, MICHELLE-PC, Protection, Malware Protection, File, Trojan.FakeSteam, C:\Program Files\Steam\bin\nattypeprobe.dll, Quarantine, no one was on the computer at the time that this was detected everyone was sleeping, it wasn't detected by a scan but by the real time protection, any help would be greatly appreciated. FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.