Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help with a Fixlist


  • This topic is locked This topic is locked
5 replies to this topic

#1 tomgartin

tomgartin

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 19 June 2014 - 05:31 PM

Hi all, thanks in advance for whatever help you can offer.
 
THE SYSTEM
Lenovo V570
Windows 7 Home Premium 64-bit
Avast Antivirus
 
WHAT HAPPENED
This is my wife's computer. She was doing a few things in MS Word 2010, and walked away for a few minutes. That's when Windows Update automatically restarted the computer. During the reboot process, Lenovo Boot Optimizer ran. Then the system went to the BSOD. When I performed a hard restart, the system crashed to BSOD again during the Windows loading screen. Next I tried booting in Safe Mode, but it crashed again after hanging on aswrvrt.sys which I understand to be part of Avast.
I ran startup repair, and it failed.
I tried a repair disk, and it failed.
I ran memory diagnostic, and it checks out ok.
I ran CHKDSK, and it checks out ok.
There is no system restore to roll back to, and there are documents we do not want to lose from her desktop.
 
NEXT STEPS...?
I have run FRST64.exe and attached the FRST.txt log to this post. Could someone please help me by creating a fixlist?
 
Thanks,
Tom

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by SYSTEM on MININT-STD59KM on 19-06-2014 17:16:32
Running from G:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-09-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-09-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-09-06] (Lenovo)
HKLM\...\Run: [BoxSync] => c:\Program Files\Box\Box Sync\BoxSync.exe [13502744 2014-06-15] (Box, Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-09-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-29] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-26] (APN)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2627728 2012-09-24] (Bradford Networks)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\RunOnce: [20140529] - C:\Program Files\AVAST Software\Avast\setup\emupdate\64870614-9e16-494d-936d-7608f5818fb6.exe /check [183208 2014-06-03] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Owner\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\Owner\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\Owner\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\Owner\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\Owner\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\Owner\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKU\Owner\...\RunOnce: [Application Restart #0] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\Owner\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKU\Owner\...\RunOnce: [Application Restart #2] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
HKU\Owner\...\RunOnce: [Application Restart #3] - C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [1423008 2014-05-15] (Microsoft Corporation)
HKU\Owner\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No File
BootExecute: autocheck autochk * FbDefrag

==================== Services (Whitelisted) =================

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-26] (APN LLC.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-29] (AVAST Software)
S2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28768 2014-05-12] (Box, Inc.)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 ExpatShieldService; C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [331608 2012-01-17] ()
S3 ExpatTrayService; C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE [77520 2012-01-17] ()
S2 ExpatWd; C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [329544 2012-01-04] ()
S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-29] (AVAST Software)
S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-08-29] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-29] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-29] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-29] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-29] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-29] ()
S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
S3 BcmSqlStartupSvc;
S2 CLKMSVC10_3A60B698;
S2 CLKMSVC10_C3B3B687;
S2 DriverService;
S2 IAStorDataMgrSvc;
S2 iATAgentService;
S2 idealife Update Service;
S3 IGRS;
S2 IviRegMgr;
S2 nvUpdatusService;
S2 Oasis2Service;
S2 PCCarerService;
S2 ReadyComm.DirectRouter;
S2 RichVideo;
S2 RtLedService;
S2 SeaPort;
S2 SoftwareService;
S3 SQLWriter;
S2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-19 17:16 - 2014-06-19 17:16 - 00000000 ____D () C:\FRST
2014-06-18 13:13 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-18 13:13 - 2014-05-30 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-06-18 13:13 - 2014-05-30 01:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-06-18 13:13 - 2014-05-30 01:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-06-18 13:13 - 2014-05-30 01:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-06-18 13:13 - 2014-05-30 01:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-06-18 13:13 - 2014-05-30 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-06-18 13:13 - 2014-05-30 01:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-06-18 13:13 - 2014-05-30 01:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-06-18 13:13 - 2014-05-30 01:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 13:13 - 2014-05-30 01:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-06-18 13:13 - 2014-05-30 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 13:13 - 2014-05-30 00:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 13:13 - 2014-05-30 00:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-06-18 13:13 - 2014-05-30 00:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 13:13 - 2014-05-30 00:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-06-18 13:13 - 2014-05-30 00:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 13:13 - 2014-05-30 00:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 13:13 - 2014-05-30 00:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 13:13 - 2014-05-30 00:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-06-18 13:13 - 2014-05-30 00:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 13:13 - 2014-05-30 00:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 13:13 - 2014-05-30 00:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 13:13 - 2014-05-30 00:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-06-18 13:13 - 2014-05-30 00:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 13:13 - 2014-05-30 00:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 13:13 - 2014-05-30 00:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-06-18 13:13 - 2014-05-30 00:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 13:13 - 2014-05-30 00:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 13:13 - 2014-05-30 00:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 13:13 - 2014-05-30 00:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 13:13 - 2014-05-30 00:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 13:13 - 2014-05-29 23:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 13:13 - 2014-05-29 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 13:13 - 2014-05-29 23:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 13:13 - 2014-05-29 23:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 13:13 - 2014-05-29 23:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-06-18 13:13 - 2014-05-29 23:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 13:13 - 2014-05-29 23:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-06-18 13:13 - 2014-05-29 23:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 13:13 - 2014-05-29 23:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 13:13 - 2014-05-29 23:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 13:13 - 2014-05-08 01:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-06-18 13:13 - 2014-05-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-06-18 13:13 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-06-18 13:13 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-18 13:13 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-06-18 13:13 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-06-18 13:13 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-06-18 13:13 - 2014-03-26 06:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-06-18 13:13 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-06-18 13:13 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-06-18 13:13 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-18 13:13 - 2014-03-26 06:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-18 13:13 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-18 13:13 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-18 13:12 - 2014-05-30 02:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-18 13:12 - 2014-05-30 01:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-06-18 13:12 - 2014-05-30 01:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-06-18 13:12 - 2014-05-30 01:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-06-18 13:12 - 2014-05-30 01:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 13:12 - 2014-05-30 01:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-06-18 13:12 - 2014-05-30 00:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-06-18 13:12 - 2014-05-30 00:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-06-18 13:12 - 2014-05-29 23:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-06-18 13:12 - 2014-05-29 23:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-06-18 13:11 - 2014-06-08 01:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-18 13:11 - 2014-06-08 01:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-06-19 17:16 - 2014-06-19 17:16 - 00000000 ____D () C:\FRST
2014-06-19 10:08 - 2011-09-06 18:21 - 00747392 _____ () C:\Windows\System32\TPHDLOG0.LOG
2014-06-19 10:08 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 10:08 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 10:07 - 2014-03-22 08:39 - 02946200 _____ () C:\Windows\System32\PsBoot.log
2014-06-19 10:07 - 2014-03-22 08:39 - 00838134 _____ () C:\Windows\System32\defragLog.log
2014-06-19 10:07 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 10:07 - 2009-07-13 20:51 - 00070160 _____ () C:\Windows\setupact.log
2014-06-19 09:59 - 2011-09-06 18:30 - 00734183 _____ () C:\Windows\System32\fastboot.set
2014-06-19 09:58 - 2011-10-22 06:46 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-06-19 09:58 - 2011-09-06 17:38 - 01275657 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 09:23 - 2011-09-06 18:27 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-19 09:20 - 2011-09-06 18:21 - 03828096 _____ () C:\Windows\System32\TPAPSLOG.LOG
2014-06-19 09:19 - 2013-08-07 18:11 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1512396293-3231289414-3376205821-1000UA.job
2014-06-19 09:08 - 2014-04-12 06:35 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-06-19 09:00 - 2013-02-28 13:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-19 05:43 - 2013-08-15 14:26 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-19 05:41 - 2013-08-07 18:11 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1512396293-3231289414-3376205821-1000Core.job
2014-06-19 05:41 - 2011-09-06 18:27 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 05:38 - 2011-10-08 04:40 - 95414520 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-19 05:37 - 2011-10-22 07:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-19 05:35 - 2014-05-08 21:17 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-06-19 05:33 - 2013-12-31 10:45 - 00000000 ___RD () C:\Users\Owner\Google Drive
2014-06-19 05:33 - 2013-09-23 05:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-18 13:07 - 2011-10-22 06:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-06-18 09:51 - 2014-05-16 08:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\Box Sync
2014-06-08 01:13 - 2014-06-18 13:11 - 00506368 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-08 01:08 - 2014-06-18 13:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-30 02:21 - 2014-06-18 13:12 - 23414784 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-30 02:02 - 2014-06-18 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-30 02:02 - 2014-06-18 13:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 01:45 - 2014-06-18 13:13 - 02768384 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-05-30 01:39 - 2014-06-18 13:13 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-05-30 01:39 - 2014-06-18 13:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-05-30 01:38 - 2014-06-18 13:13 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-05-30 01:28 - 2014-06-18 13:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-05-30 01:27 - 2014-06-18 13:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-05-30 01:24 - 2014-06-18 13:13 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-05-30 01:21 - 2014-06-18 13:13 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-05-30 01:21 - 2014-06-18 13:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-05-30 01:20 - 2014-06-18 13:12 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-05-30 01:18 - 2014-06-18 13:13 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 01:11 - 2014-06-18 13:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 01:08 - 2014-06-18 13:12 - 05782528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-05-30 01:06 - 2014-06-18 13:13 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-05-30 01:02 - 2014-06-18 13:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 00:55 - 2014-06-18 13:13 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 00:49 - 2014-06-18 13:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-05-30 00:46 - 2014-06-18 13:13 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-30 00:44 - 2014-06-18 13:13 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 00:44 - 2014-06-18 13:13 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-05-30 00:43 - 2014-06-18 13:13 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 00:42 - 2014-06-18 13:13 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 00:38 - 2014-06-18 13:13 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 00:35 - 2014-06-18 13:13 - 00608768 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-05-30 00:34 - 2014-06-18 13:13 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 00:33 - 2014-06-18 13:13 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 00:30 - 2014-06-18 13:13 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 00:29 - 2014-06-18 13:13 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-05-30 00:28 - 2014-06-18 13:13 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 00:27 - 2014-06-18 13:13 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 00:24 - 2014-06-18 13:12 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-05-30 00:23 - 2014-06-18 13:13 - 02040832 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-05-30 00:16 - 2014-06-18 13:13 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 00:10 - 2014-06-18 13:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 00:06 - 2014-06-18 13:13 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 00:04 - 2014-06-18 13:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 00:02 - 2014-06-18 13:13 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-29 23:56 - 2014-06-18 13:13 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-29 23:56 - 2014-06-18 13:12 - 02266112 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-05-29 23:54 - 2014-06-18 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-29 23:50 - 2014-06-18 13:13 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-29 23:49 - 2014-06-18 13:13 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-29 23:43 - 2014-06-18 13:13 - 13522944 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-05-29 23:40 - 2014-06-18 13:13 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-29 23:30 - 2014-06-18 13:13 - 01398272 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-05-29 23:21 - 2014-06-18 13:13 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-29 23:15 - 2014-06-18 13:13 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-29 23:13 - 2014-06-18 13:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 23:13 - 2014-06-18 13:12 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-05-29 06:34 - 2014-05-04 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DropboxMaster

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe
C:\Users\Owner\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Owner\AppData\Local\Temp\DeleteVF.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwxpvpe.dll
C:\Users\Owner\AppData\Local\Temp\j2eezwll.dll
C:\Users\Owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\log4net.dll
C:\Users\Owner\AppData\Local\Temp\nsb783.exe
C:\Users\Owner\AppData\Local\Temp\nsrDB14.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\RDVAlert.exe
C:\Users\Owner\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SPStub.exe
C:\Users\Owner\AppData\Local\Temp\SyncRestarter.exe
C:\Users\Owner\AppData\Local\Temp\sync_upgrader.exe
C:\Users\Owner\AppData\Local\Temp\uninstall.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 6058.17 MB
Available physical RAM: 5323.77 MB
Total Pagefile: 6056.37 MB
Available Pagefile: 5331.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:654.69 GB) (Free:539.88 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:15.57 GB) NTFS
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive g: (LITTLEOTTER) (Removable) (Total:7.45 GB) (Free:7.38 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 2AF26336)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=655 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 0DFC8CFC)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)


LastRegBack: 2014-06-18 15:52

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   29.77KB   8 downloads

Edited by Oh My, 24 June 2014 - 11:38 AM.
Posted FRST


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:37 AM

Posted 24 June 2014 - 11:41 AM

Greetings Tom and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:37 AM

Posted 24 June 2014 - 11:56 AM

Hi Tom,

Thanks for your patience thus far. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKU\Owner\...\Run: [BackgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
C:\Users\Owner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShortcutTarget: Dropbox.lnk -> (No File)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No File
S3 BcmSqlStartupSvc;
S2 CLKMSVC10_3A60B698;
S2 CLKMSVC10_C3B3B687;
S2 DriverService;
S2 IAStorDataMgrSvc;
S2 iATAgentService;
S2 idealife Update Service;
S3 IGRS;
S2 IviRegMgr;
S2 nvUpdatusService;
S2 Oasis2Service;
S2 PCCarerService;
S2 ReadyComm.DirectRouter;
S2 RichVideo;
S2 RtLedService;
S2 SeaPort;
S2 SoftwareService;
S3 SQLWriter;
S2 Stereo Service;
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe
C:\Users\Owner\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Owner\AppData\Local\Temp\DeleteVF.exe
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwxpvpe.dll
C:\Users\Owner\AppData\Local\Temp\j2eezwll.dll
C:\Users\Owner\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\log4net.dll
C:\Users\Owner\AppData\Local\Temp\nsb783.exe
C:\Users\Owner\AppData\Local\Temp\nsrDB14.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\RDVAlert.exe
C:\Users\Owner\AppData\Local\Temp\SecondStepInstaller.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SPStub.exe
C:\Users\Owner\AppData\Local\Temp\SyncRestarter.exe
C:\Users\Owner\AppData\Local\Temp\sync_upgrader.exe
C:\Users\Owner\AppData\Local\Temp\uninstall.exe
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer boot properly?
  • If so, fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 tomgartin

tomgartin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 25 June 2014 - 09:55 AM

Hi, sorry for the delayed response. Things have been hectic at work the past couple days.

 

I opened a similar thread in the avast webforum and the FRST fixlist I got there didn't help at all, so I went ahead and just bought a SATA->USB adapter and pulled the data with my laptop. Then I tried doing a clean install of Windows 7, since I have the disc, but it would only install with the EFI file system, meaning my system image backup of her computer could not be extracted since it was made with the BIOS system, and my attempts to force a BIOS type installation failed miserably. We have identical laptops since we bought the same model at the same time, so the only way to get all the correct drivers onto her laptop after that was to use the software that came with my SATA adapter. With all hope lost, I cloned my entire HD onto my wife's HD, then replaced all "my" data with hers. It's up and running now, with the only traces of the fix being (1) the Windows/User folder is called "Tom" instead of "Miranda" and (2) the Windows product key is the one for my laptop and it's not worth the trouble to correct it.

 

TL;DR A user in another forum tried to help but her laptop was ####ed so I cloned my own HD to save it.

 

Again, sorry for the delayed response to your kind support. Thank you for your patience. I wish you all the best.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:37 AM

Posted 25 June 2014 - 05:41 PM

Thanks for the update. I will close the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:37 AM

Posted 25 June 2014 - 05:41 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users