Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Startup Repair Loop


  • This topic is locked This topic is locked
5 replies to this topic

#1 devtest

devtest

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 05 March 2014 - 07:07 PM

Having a really hard time with this on a client's Windows 7 (x64) machine.

Here's the FRST log, please help with whatever knowledge you have.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 devtest

devtest
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 05 March 2014 - 07:11 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02
Ran by SYSTEM on MININT-F966V1O on 05-03-2014 15:14:46
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [2918656 2011-01-12] (ESET)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-14] (VIA)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1063056 2011-10-20] (Carbonite, Inc.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1320602045\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Marcy\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Marcy\...\Run: [AOL Fast Start] - C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE [42320 2011-04-25] (AOL Inc.)
HKU\Marcy\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKU\Marcy\...\Run: [Lync] - C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18741408 2013-12-03] (Microsoft Corporation)
HKU\Marcy\...\Run: [Free Download Manager] - C:\Program Files (x86)\Free Download Manager\fdm.exe [6148096 2011-12-28] (FreeDownloadManager.ORG)
Startup: C:\Users\Marcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)

==================== Services (Whitelisted) =================

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-01-27] (Just Develop It)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [42360 2011-01-12] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [810144 2011-01-12] (ESET)
S2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe [610888 2014-02-11] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S3 PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe [1265608 2014-01-07] (Objectify Media Inc)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-02-02] ()

==================== Drivers (Whitelisted) ====================

S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [170640 2010-12-21] (ESET)
S3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [34144 2010-12-21] (ESET)
S2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [50624 2010-12-21] (ESET)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-05 15:14 - 2014-03-05 15:14 - 00000000 ____D () C:\FRST
2014-02-25 18:04 - 2014-02-25 18:04 - 00771088 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 20:37 - 2014-02-20 20:37 - 00046219 _____ () C:\Users\Marcy\Documents\1656314_581585395258872_1519191002_n.jpeg
2014-02-19 17:45 - 2014-02-19 17:45 - 00143942 _____ () C:\Users\Marcy\Documents\DSCN0175.zip
2014-02-19 17:45 - 2014-02-19 17:45 - 00000000 ____D () C:\Users\Marcy\Documents\DSCN0175
2014-02-18 08:19 - 2014-02-18 08:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-18 08:18 - 2014-02-18 08:19 - 00000000 ____D () C:\Users\Marcy\Desktop\dance ten
2014-02-17 21:14 - 2014-02-17 21:14 - 04562540 _____ () C:\Users\Marcy\Documents\DSCF7327.zip
2014-02-17 21:14 - 2014-02-17 21:14 - 00000000 ____D () C:\Users\Marcy\Documents\DSCF7327
2014-02-12 19:00 - 2014-02-25 18:35 - 00000310 _____ () C:\Windows\SysWOW64\ff.bin
2014-02-12 18:57 - 2014-02-25 18:30 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-02-12 18:02 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-12 18:02 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 18:01 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-12 18:01 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-12 18:01 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-12 18:01 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-12 18:01 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-12 18:01 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-12 18:01 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 18:01 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-12 18:01 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-12 18:01 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 18:01 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 18:01 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 18:01 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 18:00 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-12 18:00 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-12 18:00 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-12 18:00 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-12 18:00 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-12 18:00 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-12 18:00 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-12 18:00 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 18:00 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-12 18:00 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 18:00 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 18:00 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 18:00 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 18:00 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-12 18:00 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 18:00 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 18:00 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 18:00 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-12 18:00 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-12 18:00 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 18:00 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 18:00 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-12 18:00 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 18:00 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-12 18:00 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 18:00 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-11 23:26 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 23:26 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-11 23:26 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-11 23:26 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-11 23:26 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 23:26 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 23:25 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 23:25 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-11 23:25 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-11 23:25 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-11 23:25 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-11 23:25 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-11 23:25 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-11 23:25 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-11 23:25 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-11 23:25 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-11 23:25 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-11 23:25 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-11 23:25 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-11 23:25 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 23:25 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-11 23:25 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 23:25 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-11 23:25 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-11 23:25 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 23:25 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 23:25 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 23:25 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-11 18:25 - 2014-02-11 18:25 - 00169544 _____ (Citrix Online) C:\Windows\System32\g2ax_credential_provider64_637.dll
2014-02-11 18:25 - 2014-02-11 18:25 - 00001504 _____ () C:\Users\Marcy\Desktop\GoToAssist Customer.lnk
2014-02-05 02:13 - 2014-02-20 21:13 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-03 16:36 - 2014-02-25 18:30 - 00003290 _____ () C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
2014-02-03 16:36 - 2014-02-03 16:36 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini
2014-02-03 16:36 - 2014-02-03 16:36 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini
2014-02-03 16:36 - 2014-02-03 16:36 - 00002184 _____ () C:\Windows\System32\PCProtectOff.ini
2014-02-03 16:36 - 2014-01-07 22:08 - 00330624 _____ (Objectify Media Inc) C:\Windows\System32\PCProtect64.dll
2014-02-03 16:36 - 2014-01-07 22:08 - 00293984 _____ (Objectify Media Inc) C:\Windows\SysWOW64\PCProtect.dll
2014-02-03 16:35 - 2014-03-05 14:43 - 00000000 ____D () C:\Users\Marcy\AppData\Roaming\Free Download Manager
2014-02-03 16:35 - 2014-02-12 18:54 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-02-03 16:35 - 2014-02-03 16:38 - 00000000 ____D () C:\Program Files (x86)\Web Protect
2014-02-03 16:35 - 2014-02-03 16:37 - 00001053 _____ () C:\Users\Public\Desktop\SuperFast PC.lnk
2014-02-03 16:35 - 2014-02-03 16:37 - 00001053 _____ () C:\ProgramData\Desktop\SuperFast PC.lnk
2014-02-03 16:35 - 2014-02-03 16:36 - 00000000 ____D () C:\Program Files (x86)\SuperFastPC
2014-02-03 16:35 - 2014-02-03 16:35 - 00001969 _____ () C:\Users\Marcy\Desktop\Sync Folder.lnk
2014-02-03 16:35 - 2014-02-03 16:35 - 00001087 _____ () C:\Users\Marcy\Desktop\MyPC Backup.lnk
2014-02-03 16:35 - 2014-02-03 16:35 - 00001067 _____ () C:\Users\Marcy\Desktop\Free Download Manager.lnk
2014-02-03 16:35 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Marcy\AppData\Local\SySaver
2014-02-03 16:35 - 2014-02-03 16:35 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-02-03 16:33 - 2014-02-03 16:34 - 143485940 _____ () C:\Users\Marcy\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-US.exe

==================== One Month Modified Files and Folders =======

2014-03-05 15:14 - 2014-03-05 15:14 - 00000000 ____D () C:\FRST
2014-03-05 14:44 - 2011-11-07 06:50 - 00000000 ____D () C:\users\admin.Marcy-PC
2014-03-05 14:44 - 2011-11-07 06:50 - 00000000 ____D () C:\users\admin
2014-03-05 14:44 - 2011-11-03 15:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-05 14:44 - 2011-11-02 15:41 - 00000000 ____D () C:\users\Marcy
2014-03-05 14:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-03-05 14:44 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-05 14:43 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Marcy\AppData\Roaming\Free Download Manager
2014-03-05 14:43 - 2012-10-03 08:54 - 00000000 ____D () C:\Users\Marcy\AppData\Roaming\Skype
2014-03-02 15:53 - 2011-11-06 08:46 - 00000000 ____D () C:\Users\Marcy\AppData\Roaming\FileZilla
2014-02-26 17:13 - 2013-06-08 08:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 01:19 - 2014-01-29 08:28 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Marcy-PC-Marcy Marcy-PC
2014-02-25 18:35 - 2014-02-12 19:00 - 00000310 _____ () C:\Windows\SysWOW64\ff.bin
2014-02-25 18:35 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-25 18:35 - 2009-07-13 20:45 - 00022416 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 18:35 - 2009-07-13 20:45 - 00022416 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 18:33 - 2011-11-02 15:41 - 01212180 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 18:30 - 2014-02-12 18:57 - 00000536 _____ () C:\Windows\SysWOW64\schtasks.bin
2014-02-25 18:30 - 2014-02-03 16:36 - 00003290 _____ () C:\Windows\System32\Tasks\SuperFastPC_AutorunOnStartup
2014-02-25 18:27 - 2009-07-13 20:51 - 16451756 _____ () C:\Windows\setupact.log
2014-02-25 18:26 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 18:24 - 2012-05-28 07:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-25 18:24 - 2010-11-20 19:47 - 00132844 _____ () C:\Windows\PFRO.log
2014-02-25 18:04 - 2014-02-25 18:04 - 00771088 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 21:13 - 2014-02-05 02:13 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-20 21:13 - 2013-06-08 08:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 21:13 - 2013-06-08 08:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:13 - 2011-11-06 08:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 20:37 - 2014-02-20 20:37 - 00046219 _____ () C:\Users\Marcy\Documents\1656314_581585395258872_1519191002_n.jpeg
2014-02-19 17:45 - 2014-02-19 17:45 - 00143942 _____ () C:\Users\Marcy\Documents\DSCN0175.zip
2014-02-19 17:45 - 2014-02-19 17:45 - 00000000 ____D () C:\Users\Marcy\Documents\DSCN0175
2014-02-18 08:19 - 2014-02-18 08:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-18 08:19 - 2014-02-18 08:18 - 00000000 ____D () C:\Users\Marcy\Desktop\dance ten
2014-02-17 21:14 - 2014-02-17 21:14 - 04562540 _____ () C:\Users\Marcy\Documents\DSCF7327.zip
2014-02-17 21:14 - 2014-02-17 21:14 - 00000000 ____D () C:\Users\Marcy\Documents\DSCF7327
2014-02-16 18:02 - 2013-08-14 21:57 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-16 18:00 - 2011-11-02 17:48 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-13 06:53 - 2012-10-03 08:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-13 06:53 - 2012-10-03 08:54 - 00000000 ____D () C:\ProgramData\Skype
2014-02-12 21:52 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 18:54 - 2014-02-03 16:35 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-02-11 18:25 - 2014-02-11 18:25 - 00169544 _____ (Citrix Online) C:\Windows\System32\g2ax_credential_provider64_637.dll
2014-02-11 18:25 - 2014-02-11 18:25 - 00001504 _____ () C:\Users\Marcy\Desktop\GoToAssist Customer.lnk
2014-02-06 04:16 - 2014-02-12 18:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-06 03:30 - 2014-02-12 18:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-06 03:30 - 2014-02-12 18:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-12 18:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-06 03:07 - 2014-02-12 18:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-06 03:06 - 2014-02-12 18:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-12 18:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-06 02:56 - 2014-02-12 18:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-06 02:52 - 2014-02-12 18:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-06 02:49 - 2014-02-12 18:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-12 18:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-12 18:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-12 18:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-12 18:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-12 18:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-12 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-06 02:11 - 2014-02-12 18:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-06 02:01 - 2014-02-12 18:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-12 18:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 18:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-06 01:57 - 2014-02-12 18:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:52 - 2014-02-12 18:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 18:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-12 18:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-12 18:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-12 18:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-12 18:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-12 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:25 - 2014-02-12 18:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:24 - 2014-02-12 18:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-06 01:22 - 2014-02-12 18:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-06 01:13 - 2014-02-12 18:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 18:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 18:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-12 18:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-06 00:41 - 2014-02-12 18:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-12 18:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-12 18:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-12 18:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 12:50 - 2011-11-06 09:07 - 00000000 ____D () C:\Administrator
2014-02-03 16:38 - 2014-02-03 16:35 - 00000000 ____D () C:\Program Files (x86)\Web Protect
2014-02-03 16:37 - 2014-02-03 16:35 - 00001053 _____ () C:\Users\Public\Desktop\SuperFast PC.lnk
2014-02-03 16:37 - 2014-02-03 16:35 - 00001053 _____ () C:\ProgramData\Desktop\SuperFast PC.lnk
2014-02-03 16:36 - 2014-02-03 16:36 - 00003976 _____ () C:\Windows\SysWOW64\PCProtect.ini
2014-02-03 16:36 - 2014-02-03 16:36 - 00002184 _____ () C:\Windows\SysWOW64\PCProtectOff.ini
2014-02-03 16:36 - 2014-02-03 16:36 - 00002184 _____ () C:\Windows\System32\PCProtectOff.ini
2014-02-03 16:36 - 2014-02-03 16:35 - 00000000 ____D () C:\Program Files (x86)\SuperFastPC
2014-02-03 16:36 - 2011-11-03 14:57 - 00000000 ____D () C:\Users\Marcy\AppData\Local\Microsoft Help
2014-02-03 16:35 - 2014-02-03 16:35 - 00001969 _____ () C:\Users\Marcy\Desktop\Sync Folder.lnk
2014-02-03 16:35 - 2014-02-03 16:35 - 00001087 _____ () C:\Users\Marcy\Desktop\MyPC Backup.lnk
2014-02-03 16:35 - 2014-02-03 16:35 - 00001067 _____ () C:\Users\Marcy\Desktop\Free Download Manager.lnk
2014-02-03 16:35 - 2014-02-03 16:35 - 00000000 ____D () C:\Users\Marcy\AppData\Local\SySaver
2014-02-03 16:35 - 2014-02-03 16:35 - 00000000 ____D () C:\Program Files (x86)\Free Download Manager
2014-02-03 16:34 - 2014-02-03 16:33 - 143485940 _____ () C:\Users\Marcy\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_en-US.exe

Some content of TEMP:
====================
C:\Users\Marcy\AppData\Local\Temp\AcsInstall.dll
C:\Users\Marcy\AppData\Local\Temp\air2AE8.exe
C:\Users\Marcy\AppData\Local\Temp\air5533.exe
C:\Users\Marcy\AppData\Local\Temp\air6E8E.exe
C:\Users\Marcy\AppData\Local\Temp\air8FD4.exe
C:\Users\Marcy\AppData\Local\Temp\airF289.exe
C:\Users\Marcy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marcy\AppData\Local\Temp\C82E_fdminst.exe
C:\Users\Marcy\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Marcy\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Marcy\AppData\Local\Temp\ose00000.exe
C:\Users\Marcy\AppData\Local\Temp\Setup.X86.en-us_O365ProPlusRetail_db947418-a607-4f35-a056-4e3596489d19_TX_PR_.exe
C:\Users\Marcy\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Marcy\AppData\Local\Temp\SfpcHelper_installFinish.exe
C:\Users\Marcy\AppData\Local\Temp\SfpcHelper_installStart.exe
C:\Users\Marcy\AppData\Local\Temp\SHFOLDER.DLL
C:\Users\Marcy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marcy\AppData\Local\Temp\SpOrder.dll
C:\Users\Marcy\AppData\Local\Temp\vcredist_x64.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-12 18:00:29
Restore point made on: 2014-02-16 18:00:27
Restore point made on: 2014-02-21 01:14:12
Restore point made on: 2014-02-25 05:08:36
Restore point made on: 2014-02-25 18:00:15
Restore point made on: 2014-02-26 18:00:26

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3931.61 MB
Available physical RAM: 3242.04 MB
Total Pagefile: 3929.81 MB
Available Pagefile: 3246.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:399.5 GB) NTFS
Drive f: (WIN7_x64) (Removable) (Total:7.52 GB) (Free:2.04 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9BF1EE3E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-02-28 00:53

==================== End Of Log ============================



#3 devtest

devtest
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 05 March 2014 - 09:03 PM

BUMP



#4 devtest

devtest
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 06 March 2014 - 11:50 AM

BUMP

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 10 March 2014 - 07:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/526610 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:42 AM

Posted 15 March 2014 - 07:15 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users