Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 ci.dll corupt or missing


  • This topic is locked This topic is locked
2 replies to this topic

#1 Malaiko

Malaiko

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 03 October 2012 - 05:57 AM

Hello forum by 2 days ago i format my latop to change of sistem so when i format the computer does a restar has normal and then appear a text saying to put cd and reepair and bla ba and says the file ci.dll is croput or missing so i read solucions on this forum and i found a topic like mine a where farbar gives a tool call frst and i make exactly the same thing but i need the fixlist.
When i run the program this was the file safe.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2012 01
Ran by SYSTEM at 02-10-2012 17:13:09
Running from F:\
Windows 7 Ultimate (X86) OS Language: Portuguese Standard
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\RunOnce: [iessetup] C:\Windows\system32\rundll32.exe "C:\Program Files\Internet Explorer\iessetup.dll",LaunchProcessInputFiles [16384 2009-07-14] (Microsoft Corporation)
HKLM\...\RunOnce: [wmssetup] C:\Windows\system32\rundll32.exe "C:\Program Files\Windows Media Player\wmssetup.dll",LaunchProcessInputFiles [16384 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [ehssetup] "%WinDir%\system32\rundll32.exe" "%WinDir%\ehome\ehssetup.dll",LaunchProcessInputFiles [x]
Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10

==================== Services (Whitelisted) ===================

3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2011-01-17] ()
3 msiserver; C:\Windows\System32\msiexec.exe /V [73216 2011-01-17] ()
3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2011-01-17] ()
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2009-07-14] ()

==================== Drivers (Whitelisted) ====================

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-02 17:12 - 2012-10-02 17:12 - 00000000 ____D C:\FRST
2012-10-02 16:17 - 2012-10-02 16:17 - 00000000 ____D C:\Windows\Panther
2012-10-02 15:53 - 2012-10-02 16:07 - 00000000 ____D C:\$WINDOWS.~LS
2012-10-02 15:53 - 2012-10-02 15:53 - 268435456 __ASH C:\WinPEpge.sys
2012-10-02 15:53 - 2012-10-02 15:53 - 00000000 ____D C:\$WINDOWS.~BT

==================== 3 Months Modified Files ==================

2012-10-02 16:17 - 2009-07-14 04:57 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-10-02 16:17 - 2009-07-14 04:52 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-10-02 15:53 - 2012-10-02 15:53 - 268435456 __ASH C:\WinPEpge.sys


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3070.43 MB
Available physical RAM: 2636.17 MB
Total Pagefile: 3068.71 MB
Available Pagefile: 2642.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:292.17 GB) NTFS
2 Drive e: (GRMCULFRER_PT_DVD) (CDROM) (Total:4.06 GB) (Free:0 GB) UDF
3 Drive f: (STONE PLUS) (Removable) (Total:1.87 GB) (Free:0.66 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (Sistema Reservado) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disco N§ Estado Tamanho Livre Din Gpt
-------- ------------- ------- ------- --- ---
Disco 0 Online 298 GB 0 B
Disco 1 Online 1915 MB 0 B

A sair do DiskPart...

Partitions of Disk 0:
===============

O disco 0 ‚ agora o disco seleccionado.

Parti‡Æo N§. Tipo Tam Desl
------------- ---------------- ------- -------
Parti‡Æo 1 Principal 100 MB 1024 KB
Parti‡Æo 2 Principal 297 GB 101 MB

A sair do DiskPart...

=========================================================

Disk: 0
O disco 0 ‚ agora o disco seleccionado.

A parti‡Æo 1 ‚ agora a parti‡Æo seleccionada.

Parti‡Æo 1
Tipo : 07
Oculto: NÆo
Activo: Sim
Deslocamento em Bytes: 1048576

Volume N§. Ltr Etiq Sf Tipo Tam Est Info
---------- --- ----------- ----- ---------- ------- --------- -------
* Volume 1 Y Sistema Res NTFS Parti‡Æo 100 MB Bom Estad

A sair do DiskPart...

=========================================================

Disk: 0
O disco 0 ‚ agora o disco seleccionado.

A parti‡Æo 2 ‚ agora a parti‡Æo seleccionada.

Parti‡Æo 2
Tipo : 07
Oculto: NÆo
Activo: NÆo
Deslocamento em Bytes: 105906176

Volume N§. Ltr Etiq Sf Tipo Tam Est Info
---------- --- ----------- ----- ---------- ------- --------- -------
* Volume 2 C NTFS Parti‡Æo 297 GB Bom Estad

A sair do DiskPart...

=========================================================

Partitions of Disk 1:
===============

O disco 1 ‚ agora o disco seleccionado.

Parti‡Æo N§. Tipo Tam Desl
------------- ---------------- ------- -------
Parti‡Æo 1 Principal 1914 MB 512 B

A sair do DiskPart...

=========================================================

Disk: 1
O disco 1 ‚ agora o disco seleccionado.

A parti‡Æo 1 ‚ agora a parti‡Æo seleccionada.

Parti‡Æo 1
Tipo : 0B
Oculto: NÆo
Activo: NÆo
Deslocamento em Bytes: 512

Volume N§. Ltr Etiq Sf Tipo Tam Est Info
---------- --- ----------- ----- ---------- ------- --------- -------
* Volume 3 F STONE PLUS FAT32 Amov¡vel 1914 MB Bom Estad

A sair do DiskPart...

=========================================================
==================== End Of Log ============================





If somenone can help btw sory for my englhs.

Edited by hamluis, 03 October 2012 - 07:26 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:22 AM

Posted 05 October 2012 - 04:24 PM

Hello Malaiko,

Welcome to the forum.

I understand you decided to change the system and install Window 7 instead of a previous Windows version.

I see some of the system files are infected or corrupted. I suspect there are more system files that are infected or corrupted. We might be able to boot the system but the question is if we can find and get all the altered system files replaced.

So before we do anything it will be helping to decide what is the right thing to do if we can understand the reason those system files are altered. Do you have a legit Windows 7 or have any idea why those system files are altered?

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:22 AM

Posted 10 October 2012 - 06:04 AM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users