Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Bad Driver


  • This topic is locked This topic is locked
7 replies to this topic

#1 swyatt999

swyatt999

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 06 August 2013 - 02:50 PM

Iam having the same issues list in this thread.

 

http://www.bleepingcomputer.com/forums/t/470140/windows-7-boot-repair-startuprepair-offline-bad-driver/

 

Below is my frst.exe log, but I am not sure what to fix. Thanks for any help you can provide. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by SYSTEM on 06-08-2013 15:44:58
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2895656 2012-01-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [5729648 2012-02-07] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation)
HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM\...\Run: [HP LaserJet P2030 Install] - "D:\Setup.exe" AFTERREBOOT=YES [x]
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-16] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2008-05-07] ()
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-10-16] (Ask)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKU\Alex\...\Run: [Facebook Update] - C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-20] (Facebook Inc.)
HKU\Alex\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) =================

S2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] ()
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [73096 2012-09-14] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 15:44 - 2013-08-06 15:44 - 00000000 ____D C:\FRST
2013-08-06 06:03 - 2013-08-06 10:38 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-04 22:54 - 2013-08-04 23:28 - 00000000 ____D C:\Users\Alex\AppData\Local\dc0936be-5bc0-4470-8e6c-b31c310a5763ad
2013-08-02 21:32 - 2013-08-06 15:09 - 00000000 ____D C:\Users\Alex\AppData\Local\McAfee Online Backup
2013-07-14 08:55 - 2013-07-14 08:55 - 00000000 ____D C:\Users\Alex\AppData\Local\SCE
2013-07-14 08:52 - 2010-06-02 00:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-07-14 08:52 - 2010-06-02 00:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2013-07-14 08:52 - 2010-05-26 07:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2013-07-14 08:52 - 2010-05-26 07:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-07-14 08:52 - 2010-05-26 07:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2013-07-14 08:52 - 2010-05-26 07:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-07-14 08:52 - 2010-05-26 07:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2013-07-14 08:52 - 2010-05-26 07:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-07-14 08:51 - 2013-07-14 08:51 - 20105448 _____ C:\Users\Alex\Downloads\PS2_setup.exe
2013-07-14 08:51 - 2013-07-14 08:51 - 00002412 _____ C:\Users\Alex\Desktop\PlanetSide 2.lnk
2013-07-14 08:51 - 2013-07-14 08:51 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-07-09 23:06 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 23:06 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 23:06 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-09 23:06 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-09 23:06 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-09 23:06 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 23:06 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-09 23:06 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-09 23:06 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 23:05 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 23:05 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 23:05 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 23:05 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 23:05 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 23:05 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 23:05 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 23:05 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-09 23:05 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-09 23:05 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-09 23:05 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-09 23:05 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-09 23:05 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-09 23:05 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-09 19:35 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 19:35 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 19:35 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 19:35 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 19:35 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 19:34 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 19:34 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-06 15:44 - 2013-08-06 15:44 - 00000000 ____D C:\FRST
2013-08-06 15:11 - 2012-08-22 20:15 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-06 15:11 - 2012-08-12 13:42 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-08-06 15:11 - 2012-08-12 13:28 - 00000000 ____D C:\users\Alex
2013-08-06 15:11 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2013-08-06 15:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-08-06 15:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-08-06 15:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-06 15:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-08-06 15:11 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 15:11 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-08-06 15:11 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-08-06 15:11 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-08-06 15:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\spp
2013-08-06 15:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2013-08-06 15:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas
2013-08-06 15:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\IME
2013-08-06 15:11 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Cursors
2013-08-06 15:10 - 2013-06-26 16:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-06 15:10 - 2013-05-21 14:44 - 00000000 ____D C:\Program Files\My Dell
2013-08-06 15:10 - 2013-04-19 16:20 - 00000000 ____D C:\Users\Alex\AppData\Local\Torch
2013-08-06 15:10 - 2013-04-04 17:41 - 00000000 __RSD C:\Users\Alex\Documents\McAfee Vaults
2013-08-06 15:10 - 2013-04-04 17:41 - 00000000 ____D C:\Program Files (x86)\McAfeeMOBK
2013-08-06 15:10 - 2013-04-04 17:41 - 00000000 ____D C:\Program Files (x86)\McAfee Online Backup
2013-08-06 15:10 - 2013-03-12 23:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 15:10 - 2013-03-12 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 15:10 - 2012-12-10 21:17 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-06 15:10 - 2012-12-10 21:17 - 00000000 ____D C:\Program Files\iTunes
2013-08-06 15:10 - 2012-12-10 21:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-06 15:10 - 2012-09-19 11:49 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-08-06 15:10 - 2012-09-18 19:24 - 00000000 ___RD C:\Users\Alex\SkyDrive
2013-08-06 15:10 - 2012-09-18 19:24 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-08-06 15:10 - 2012-08-29 20:42 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-08-06 15:10 - 2012-08-29 20:42 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-06 15:10 - 2012-08-29 18:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-06 15:10 - 2012-08-23 14:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-06 15:10 - 2012-08-13 21:09 - 00000000 ____D C:\Users\Alex\AppData\Local\Nero_AG
2013-08-06 15:10 - 2012-08-13 20:20 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2013-08-06 15:10 - 2012-08-12 14:08 - 00000000 ___RD C:\Users\Alex\Desktop\MySyncUPFiles
2013-08-06 15:10 - 2012-08-12 13:42 - 00000000 ____D C:\Program Files\Bonjour
2013-08-06 15:10 - 2012-08-12 13:42 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-08-06 15:10 - 2012-08-12 13:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-08-06 15:10 - 2012-06-01 06:55 - 00000000 ____D C:\Program Files\Elantech
2013-08-06 15:10 - 2012-06-01 06:04 - 00000000 ____D C:\ProgramData\eSellerate
2013-08-06 15:10 - 2012-06-01 05:51 - 00000000 ____D C:\Program Files (x86)\Zinio Reader 4
2013-08-06 15:10 - 2012-06-01 05:49 - 00000000 ____D C:\ProgramData\McAfee
2013-08-06 15:10 - 2012-06-01 05:47 - 00000000 ____D C:\Program Files (x86)\PlayReady
2013-08-06 15:10 - 2012-06-01 05:45 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-08-06 15:10 - 2012-06-01 05:36 - 00000000 ____D C:\Program Files (x86)\eBay
2013-08-06 15:10 - 2012-06-01 05:34 - 00000000 ____D C:\ProgramData\Skype
2013-08-06 15:10 - 2012-06-01 05:34 - 00000000 ____D C:\Program Files (x86)\Cozi Express
2013-08-06 15:10 - 2012-06-01 05:32 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-08-06 15:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-06 15:10 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-06 15:09 - 2013-08-02 21:32 - 00000000 ____D C:\Users\Alex\AppData\Local\McAfee Online Backup
2013-08-06 15:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-08-06 14:54 - 2012-08-22 20:13 - 00000000 __RHD C:\MSOCache
2013-08-06 14:50 - 2012-09-18 19:23 - 00000000 ____D C:\Users\Alex\AppData\Local\Windows Live
2013-08-06 10:38 - 2013-08-06 06:03 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-06 06:02 - 2013-04-28 20:06 - 00000000 ____D C:\Users\Alex\Tracing
2013-08-06 06:02 - 2012-06-01 05:36 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-08-06 06:02 - 2012-06-01 05:36 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-08-05 00:11 - 2012-08-12 14:08 - 00000000 ____D C:\Users\Alex\AppData\Local\Nero
2013-08-04 23:28 - 2013-08-04 22:54 - 00000000 ____D C:\Users\Alex\AppData\Local\dc0936be-5bc0-4470-8e6c-b31c310a5763ad
2013-08-04 23:28 - 2010-11-20 23:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-22 20:17 - 2012-09-20 20:12 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655729899-4135703391-3960977774-1000UA.job
2013-07-22 20:17 - 2012-09-20 20:12 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655729899-4135703391-3960977774-1000Core.job
2013-07-22 20:16 - 2012-06-01 05:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 19:33 - 2012-06-01 05:04 - 01800685 _____ C:\Windows\WindowsUpdate.log
2013-07-22 16:02 - 2013-04-04 17:41 - 00001790 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-07-22 16:02 - 2013-04-04 17:41 - 00001790 _____ C:\ProgramData\Desktop\McAfee Total Protection.lnk
2013-07-22 15:40 - 2009-07-13 20:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 15:40 - 2009-07-13 20:45 - 00021296 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 09:56 - 2013-05-21 14:45 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-07-22 09:56 - 2012-08-13 11:00 - 00000000 ____D C:\ProgramData\PCDr
2013-07-22 08:52 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-22 08:47 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-22 08:47 - 2009-07-13 20:51 - 00052021 _____ C:\Windows\setupact.log
2013-07-20 09:15 - 2013-04-04 17:40 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-07-20 09:14 - 2010-11-20 19:47 - 00063824 _____ C:\Windows\PFRO.log
2013-07-14 08:55 - 2013-07-14 08:55 - 00000000 ____D C:\Users\Alex\AppData\Local\SCE
2013-07-14 08:51 - 2013-07-14 08:51 - 20105448 _____ C:\Users\Alex\Downloads\PS2_setup.exe
2013-07-14 08:51 - 2013-07-14 08:51 - 00002412 _____ C:\Users\Alex\Desktop\PlanetSide 2.lnk
2013-07-14 08:51 - 2013-07-14 08:51 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-07-13 20:02 - 2012-08-23 14:07 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2013-07-11 18:25 - 2009-07-13 20:45 - 00415800 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 18:23 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 18:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 23:09 - 2012-08-22 20:13 - 00000000 ____D C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\Users\Alex\AppData\Roaming\skype.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-09 23:00:34
Restore point made on: 2013-07-14 08:52:01
Restore point made on: 2013-07-22 20:30:15
Restore point made on: 2013-07-31 21:48:10
Restore point made on: 2013-08-02 23:00:26

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8094.36 MB
Available physical RAM: 7226.11 MB
Total Pagefile: 8092.55 MB
Available Pagefile: 7202.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:794.78 GB) NTFS (Disk=0 Partition=3)
Drive e: (RECOVERY) (Fixed) (Total:19.81 GB) (Free:7.8 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive e: detected.
Drive f: (USB DISK) (Removable) (Total:7.53 GB) (Free:5.53 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.02 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: BA0D0F65)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=912 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)


LastRegBack: 2013-08-02 18:53

==================== End Of Log ============================

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:10 PM

Posted 06 August 2013 - 03:53 PM

Good evening. :)

Open Notepad and copy and paste the following text into it and save it alongside FRST on the flashdrive as fixlist.txt:

TDL4: custom:26000022 <===== ATTENTION!

Run FRST as previously, but this time click the Fix button just once and wait.
Once complete the results will be written to the textfile Fixlog.txt, saved alongside FRST as before - please let me have the contents of the file in your next reply.

Also, try to boot the PC normally and tell me what happens.

 

 


So long, and thanks for all the fish.

 

 


#3 swyatt999

swyatt999
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 06 August 2013 - 03:58 PM

No change in boot. It starts to boot then immedatly reboots.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-08-2013
Ran by SYSTEM at 2013-08-06 16:55:49 Run:1
Running from F:\
Boot Mode: Recovery
==============================================


==== End of Fixlog ====



#4 swyatt999

swyatt999
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 06 August 2013 - 04:02 PM

I ran it again becuase that log looked afully empty. and now.......

 

 

IT BOOTING!!! Thank you! I will follow up with Malewarbytes and other clean up utils THANKS!! AGAIN!!

 

log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-08-2013
Ran by SYSTEM at 2013-08-06 17:01:16 Run:2
Running from F:\
Boot Mode: Recovery
==============================================


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====



#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:10 PM

Posted 06 August 2013 - 04:08 PM

You need to delete C:\Users\Alex\AppData\Roaming\skype.dat as it's part of the infection you picked up.


So long, and thanks for all the fish.

 

 


#6 swyatt999

swyatt999
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 06 August 2013 - 04:14 PM

Deleted Thanks



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:10 PM

Posted 06 August 2013 - 04:18 PM

Please go here, follow steps six, seven and eight as best you can, skipping those that you cannot run for any reason, and then post accordingly into this thread.

 


So long, and thanks for all the fish.

 

 


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:10 PM

Posted 11 August 2013 - 01:14 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users