Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair: Windows cannot repair this computer automatically


  • This topic is locked This topic is locked
26 replies to this topic

#1 CooneyDog

CooneyDog

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 24 December 2014 - 06:04 PM

Hello, it's nice to meet you all.
 
I'm posting because I have been unable to boot my ASUS U52F laptop, which runs Windows 7 Home Premium (x64) and Internet Explorer 11.
 
The PROBLEM:
I have been unable to boot my laptop since December 9th or so. When I power on, I sometimes I get an initial boot screen that says "Starting Windows" and then a blue screen that says Windows must be shut down.  Other times I boot up and my computer goes to "Windows Error Recovery" where I can either 1. "Launch Startup Repair" or "Start Windows Normally".  Choosing #1 leads to a failedn startup attempt and causes the computer to shut off. Option #2 takes me to the Startup Repair dialogue box.
Then it attempts to repair and produces the error code "Windows cannot repair this computer automatically"
I have tried logging on as a local user providing an administrator password, with the same failed result.
 
Most RECENT CHANGES:
On December 6th, I asked my niece to help me import my contact list from my phone into an excel spreadsheet on my computer. After hours of searching for how to do it through iTunes and gmail and failing, I came across a free software called Copy Trans. I downloaded the software... I think from this website but I can't be sure: http://www.copytrans.net/download.php
 
The software never seemed to successfully sync with my phone. Then my niece used my computer for her school work. She either uploaded or reinitialized something called Vuze software to download a book for one of her college classes.
 
On December 9th, my virus protection program (I forget which one I have on this computer) produced several "potential malware found" notices. I tried (or think I tried) deleting CopyTrans and/or WindSolutions because my initial online research said that these were associated with one another and although not malware, were reported as causing issues for some users. Later that day my computer would not start. 
 
ATTEMPTS AT FIXING PROBLEM:
 
1. I noticed bleepingcomputer posts describing similar issues where the Farbar Recovery Scan Tool was recommended. I loaded the Farbar tool to a flash drive and conducted a scan on December 14. I've included the log below.  Please note that I was unable to update the tool before using it (as some posts recommended) to get the latest virus logs. I thought that it was unable to update because my laptop can't connect to the internet. But when I booted the software from my desktop, I received the same error that it was unable to update. That being said, the version of Farbar I ran was from December 11, so pretty recent.
My log can be found at the bottom of this post.
 
2. I noticed recommendations for the Trend Micro Rescue Disk and scanned my laptop from the USB. Trend Micro reported no viruses or malware. Disappointing, since I wanted a specific file or software name to research as the potential source of my issues.
 
 
Thank you in advance to anyone who can help me!
Regards,
Bob
 
 
As promised, my FRST file log:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by SYSTEM on MININT-U98UL49 on 14-12-2014 22:06:16
Running from f:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2011-11-04] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1445888 2010-01-27] (Intel® Corporation)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM-x32\...\Run: [NeroFilterCheck] => C:\Windows\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AdobeVersionCue] => C:\Program Files (x86)\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [1732608 2003-10-13] (Adobe Sytems)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Bob\...\Run: [Google Update] => C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-07] (Google Inc.)
HKU\Bob\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Bob\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\Bob\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\Bob\...\Run: [Search Protection] => C:\Users\Bob\AppData\Roaming\Search Protection\SP.EXE [1127224 2014-12-04] ()
HKU\Bob\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2014-10-17] (Apple Inc.)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AdobeVersionCue; C:\Program Files (x86)\Adobe\Adobe Version Cue\service\VersionCue.exe [61440 2003-10-13] (Adobe Sytems)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-11-13] (SurfRight B.V.)
S2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-11-07] (SurfRight B.V.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-25] (ArcSoft, Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1031392 2014-12-01] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-09] (Symantec Corporation)
S2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-02] ()
S2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [93144 2014-11-07] ()
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
S3 tmlwf; No ImagePath
S3 tmwfp; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-14 22:05 - 2014-12-14 22:06 - 00000000 ____D () C:\FRST
2014-12-14 21:53 - 2014-12-14 21:54 - 00000000 ____D () C:\Windows\System32\config\mybackup
2014-12-06 22:53 - 2014-12-06 22:53 - 00001336 _____ () C:\Users\Bob\Desktop\CopyTrans Control Center.lnk
2014-12-06 22:52 - 2014-12-07 05:48 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\WindSolutions
2014-12-06 22:52 - 2014-12-06 22:54 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-12-06 22:51 - 2014-12-06 22:52 - 05283824 _____ (WindSolutions) C:\Users\Bob\Downloads\Install_CopyTransControlCenter.exe
2014-12-06 21:01 - 2014-12-06 21:02 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\BrowserExtensions
2014-12-06 21:01 - 2014-12-06 21:01 - 00004488 _____ () C:\Windows\System32\Tasks\Validate Installation
2014-12-06 21:01 - 2014-12-06 21:01 - 00004280 _____ () C:\Windows\System32\Tasks\Check Updates
2014-12-06 21:01 - 2014-12-06 21:01 - 00003876 _____ () C:\Windows\System32\Tasks\GeniusBox
2014-12-06 21:01 - 2014-12-06 21:01 - 00000064 _____ () C:\Users\Bob\AppData\Local\88194e956af435d84c079a0c64fa71eb
2014-12-06 21:01 - 2014-12-06 21:01 - 00000000 ____D () C:\Users\Bob\AppData\Local\GeniusBox
2014-12-06 21:00 - 2014-12-06 21:01 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Search Protection
2014-12-06 20:59 - 2014-12-06 21:25 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-12-06 20:59 - 2014-12-06 20:59 - 00001850 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-12-06 20:33 - 2014-12-06 20:33 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Bob\Downloads\VuzeBittorrentClientInstaller.exe
2014-12-01 03:39 - 2014-12-01 03:39 - 00000175 _____ () C:\Windows\System32\Drivers\aswSnx.sys.sum
2014-11-18 21:09 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-18 21:09 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-18 21:09 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 21:09 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-09 20:42 - 2010-08-23 21:48 - 01828596 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 20:41 - 2011-11-15 10:34 - 00000000 ___RD () C:\Users\Bob\Dropbox
2014-12-09 20:33 - 2011-11-03 17:16 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2920998075-2592167220-223356035-1001UA.job
2014-12-09 20:11 - 2014-01-25 06:59 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2920998075-2592167220-223356035-1001.job
2014-12-09 20:01 - 2011-11-04 08:12 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Azureus
2014-12-09 19:59 - 2012-04-25 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 02:33 - 2012-08-15 02:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-09 02:32 - 2011-11-03 23:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 19:18 - 2009-07-13 20:45 - 00023040 ____H () C:\Windows\System32\7B296FB0-347B-609e-B012-9C450E1B7327-5P-1.C2908293-A436-236d-8115-607305D005A0
2014-12-07 19:18 - 2009-07-13 20:45 - 00023040 ____H () C:\Windows\System32\7B296FB0-347B-609e-B012-9C450E1B7327-5P-0.C2908293-A436-236d-8115-607305D005A0
2014-12-07 05:48 - 2014-01-25 06:49 - 00000000 ____D () C:\Users\Bob\Documents\Outlook Files
2014-12-07 04:44 - 2014-01-25 06:59 - 00003608 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2920998075-2592167220-223356035-1001
2014-12-06 22:54 - 2011-11-22 13:32 - 00000000 ____D () C:\ProgramData\Apple
2014-12-06 21:25 - 2014-01-05 16:28 - 00000410 ____H () C:\Windows\Tasks\Norton Security Scan for Bob.job
2014-12-04 18:49 - 2009-07-13 20:51 - 00062640 _____ () C:\Windows\setupact.log
2014-12-01 03:39 - 2011-11-04 01:22 - 00045056 _____ () C:\Windows\System32\acovcnt.exe
2014-12-01 03:39 - 2011-11-03 22:52 - 01031392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-11-30 10:11 - 2013-07-13 18:37 - 00000000 ___RD () C:\Users\Bob\Google Drive
2014-11-30 09:19 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-30 09:15 - 2011-11-15 10:31 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Dropbox
2014-11-30 09:12 - 2011-11-04 00:40 - 00000050 _____ () C:\Windows\System32\SupplicantTest.log
2014-11-30 09:11 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-26 19:52 - 2012-04-25 20:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 19:52 - 2012-04-25 20:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 19:52 - 2011-11-03 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-22 13:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-22 13:15 - 2014-01-05 16:28 - 00003576 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Bob
2014-11-20 22:34 - 2012-03-18 20:51 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\HpUpdate
2014-11-16 08:41 - 2014-11-07 22:07 - 00016206 ____H () C:\Users\Bob\Desktop\~WRL0005.tmp
2014-11-16 07:54 - 2009-07-13 20:45 - 04967112 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-16 00:28 - 2011-11-03 23:17 - 00218560 _____ () C:\Windows\PFRO.log
2014-11-16 00:04 - 2011-11-16 13:40 - 00000000 ____D () C:\Users\Bob\Documents\with Patrice
2014-11-16 00:03 - 2012-08-11 20:00 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-14 19:28 - 2011-11-03 17:16 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2920998075-2592167220-223356035-1001UA
2014-11-14 19:28 - 2011-11-03 17:16 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2920998075-2592167220-223356035-1001Core
2014-11-14 19:28 - 2011-11-03 17:16 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2920998075-2592167220-223356035-1001Core.job
 
Some content of TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\atl80.dll
C:\Users\Bob\AppData\Local\Temp\avguidx.dll
C:\Users\Bob\AppData\Local\Temp\cci.exe
C:\Users\Bob\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Bob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e4904-5bce-3988-8f84-3e2e7bac0d81}.tmp4itsa4.dll
C:\Users\Bob\AppData\Local\Temp\EjectNT.EXE
C:\Users\Bob\AppData\Local\Temp\ffunzip.exe
C:\Users\Bob\AppData\Local\Temp\GLDF5E1.tmp.ConduitEngineSetup.exe
C:\Users\Bob\AppData\Local\Temp\i4kdel0.exe
C:\Users\Bob\AppData\Local\Temp\i4kdel1.exe
C:\Users\Bob\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\libexpat.dll
C:\Users\Bob\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Bob\AppData\Local\Temp\mfc80.dll
C:\Users\Bob\AppData\Local\Temp\mfc80u.dll
C:\Users\Bob\AppData\Local\Temp\mfcm80.dll
C:\Users\Bob\AppData\Local\Temp\mfcm80u.dll
C:\Users\Bob\AppData\Local\Temp\mpegc.dll
C:\Users\Bob\AppData\Local\Temp\mssinstaller.exe
C:\Users\Bob\AppData\Local\Temp\msvcm80.dll
C:\Users\Bob\AppData\Local\Temp\msvcp80.dll
C:\Users\Bob\AppData\Local\Temp\msvcr80.dll
C:\Users\Bob\AppData\Local\Temp\nlsdl.dll
C:\Users\Bob\AppData\Local\Temp\oi_{15C04D82-E86A-4DC6-8AA1-97BF99C49953}.exe
C:\Users\Bob\AppData\Local\Temp\prxGLFB5E1.tmp.tbVuze.dll
C:\Users\Bob\AppData\Local\Temp\Quarantine.exe
C:\Users\Bob\AppData\Local\Temp\QuickTimeInstaller.exe
C:\Users\Bob\AppData\Local\Temp\RDVAlert.exe
C:\Users\Bob\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bob\AppData\Local\Temp\Soft32_Stub_5741.exe
C:\Users\Bob\AppData\Local\Temp\TmDbg32.dll
C:\Users\Bob\AppData\Local\Temp\TmDbg64.dll
C:\Users\Bob\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Bob\AppData\Local\Temp\UninstManager.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3884.55 MB
Available physical RAM: 3285.06 MB
Total Pagefile: 3882.7 MB
Available Pagefile: 3274.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:4.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:435.41 GB) (Free:282.49 GB) NTFS
Drive f: (USB20FD) (Removable) (Total:15.1 GB) (Free:15.1 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 19DADAAE)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=1C)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=435.4 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.1 GB) - (Type=0C)
 
 
LastRegBack: 2014-12-06 20:57
 
==================== End Of Log ============================

Edited by Budapest, 24 December 2014 - 06:09 PM.
Moved from AII ~Budapest


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 28 December 2014 - 06:35 PM

Greetings Bob and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKU\Bob\...\Run: [Search Protection] => C:\Users\Bob\AppData\Roaming\Search Protection\SP.EXE [1127224 2014-12-04] ()
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
S3 tmlwf; No ImagePath
S3 tmwfp; No ImagePath
2014-12-06 22:53 - 2014-12-06 22:53 - 00001336 _____ () C:\Users\Bob\Desktop\CopyTrans Control Center.lnk
2014-12-06 22:52 - 2014-12-07 05:48 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\WindSolutions
2014-12-06 22:52 - 2014-12-06 22:54 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-12-06 22:51 - 2014-12-06 22:52 - 05283824 _____ (WindSolutions) C:\Users\Bob\Downloads\Install_CopyTransControlCenter.exe
2014-12-06 21:01 - 2014-12-06 21:02 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\BrowserExtensions
2014-12-06 21:01 - 2014-12-06 21:01 - 00004488 _____ () C:\Windows\System32\Tasks\Validate Installation
2014-12-06 21:01 - 2014-12-06 21:01 - 00004280 _____ () C:\Windows\System32\Tasks\Check Updates
2014-12-06 21:01 - 2014-12-06 21:01 - 00003876 _____ () C:\Windows\System32\Tasks\GeniusBox
2014-12-06 21:01 - 2014-12-06 21:01 - 00000064 _____ () C:\Users\Bob\AppData\Local\88194e956af435d84c079a0c64fa71eb
2014-12-06 21:01 - 2014-12-06 21:01 - 00000000 ____D () C:\Users\Bob\AppData\Local\GeniusBox
2014-12-06 21:00 - 2014-12-06 21:01 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Search Protection
2014-12-06 20:59 - 2014-12-06 21:25 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-12-06 20:59 - 2014-12-06 20:59 - 00001850 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-12-06 20:33 - 2014-12-06 20:33 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Bob\Downloads\VuzeBittorrentClientInstaller.exe
2014-12-09 20:01 - 2011-11-04 08:12 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Azureus
C:\Users\Bob\AppData\Local\Temp\atl80.dll
C:\Users\Bob\AppData\Local\Temp\avguidx.dll
C:\Users\Bob\AppData\Local\Temp\cci.exe
C:\Users\Bob\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Bob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e4904-5bce-3988-8f84-3e2e7bac0d81}.tmp4itsa4.dll
C:\Users\Bob\AppData\Local\Temp\EjectNT.EXE
C:\Users\Bob\AppData\Local\Temp\ffunzip.exe
C:\Users\Bob\AppData\Local\Temp\GLDF5E1.tmp.ConduitEngineSetup.exe
C:\Users\Bob\AppData\Local\Temp\i4kdel0.exe
C:\Users\Bob\AppData\Local\Temp\i4kdel1.exe
C:\Users\Bob\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\libexpat.dll
C:\Users\Bob\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Bob\AppData\Local\Temp\mfc80.dll
C:\Users\Bob\AppData\Local\Temp\mfc80u.dll
C:\Users\Bob\AppData\Local\Temp\mfcm80.dll
C:\Users\Bob\AppData\Local\Temp\mfcm80u.dll
C:\Users\Bob\AppData\Local\Temp\mpegc.dll
C:\Users\Bob\AppData\Local\Temp\mssinstaller.exe
C:\Users\Bob\AppData\Local\Temp\msvcm80.dll
C:\Users\Bob\AppData\Local\Temp\msvcp80.dll
C:\Users\Bob\AppData\Local\Temp\msvcr80.dll
C:\Users\Bob\AppData\Local\Temp\nlsdl.dll
C:\Users\Bob\AppData\Local\Temp\oi_{15C04D82-E86A-4DC6-8AA1-97BF99C49953}.exe
C:\Users\Bob\AppData\Local\Temp\prxGLFB5E1.tmp.tbVuze.dll
C:\Users\Bob\AppData\Local\Temp\Quarantine.exe
C:\Users\Bob\AppData\Local\Temp\QuickTimeInstaller.exe
C:\Users\Bob\AppData\Local\Temp\RDVAlert.exe
C:\Users\Bob\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bob\AppData\Local\Temp\Soft32_Stub_5741.exe
C:\Users\Bob\AppData\Local\Temp\TmDbg32.dll
C:\Users\Bob\AppData\Local\Temp\TmDbg64.dll
C:\Users\Bob\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Bob\AppData\Local\Temp\UninstManager.dll
C:\Users\Bob\AppData\Roaming\Search Protection
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Are you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 CooneyDog

CooneyDog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 30 December 2014 - 06:35 AM

Hello Gary,

 

First, it's a pleasure to meet you. Thank you for assisting me and offering your expertise.

 

I ran the Farbar fixlist.txt you provided, and my fixlog is posted below.

 

Then I tried booting my computer, but it shut down (at the Windows loading screen) the first time and then went to the Startup Repair screen just as it has been doing. Please let me know if there are any other approaches I should attempt prior to the next step.

 

Thank you again,

Bob

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2014 03
Ran by SYSTEM at 2014-12-29 05:59:38 Run:1
Running from f:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKU\Bob\...\Run: [Search Protection] => C:\Users\Bob\AppData\Roaming\Search Protection\SP.EXE [1127224 2014-12
 
-04] ()
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
S3 tmlwf; No ImagePath
S3 tmwfp; No ImagePath
2014-12-06 22:53 - 2014-12-06 22:53 - 00001336 _____ () C:\Users\Bob\Desktop\CopyTrans Control Center.lnk
2014-12-06 22:52 - 2014-12-07 05:48 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\WindSolutions
2014-12-06 22:52 - 2014-12-06 22:54 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-12-06 22:51 - 2014-12-06 22:52 - 05283824 _____ (WindSolutions) C:\Users\Bob\Downloads
 
\Install_CopyTransControlCenter.exe
2014-12-06 21:01 - 2014-12-06 21:02 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\BrowserExtensions
2014-12-06 21:01 - 2014-12-06 21:01 - 00004488 _____ () C:\Windows\System32\Tasks\Validate Installation
2014-12-06 21:01 - 2014-12-06 21:01 - 00004280 _____ () C:\Windows\System32\Tasks\Check Updates
2014-12-06 21:01 - 2014-12-06 21:01 - 00003876 _____ () C:\Windows\System32\Tasks\GeniusBox
2014-12-06 21:01 - 2014-12-06 21:01 - 00000064 _____ () C:\Users\Bob\AppData\Local
 
\88194e956af435d84c079a0c64fa71eb
2014-12-06 21:01 - 2014-12-06 21:01 - 00000000 ____D () C:\Users\Bob\AppData\Local\GeniusBox
2014-12-06 21:00 - 2014-12-06 21:01 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Search Protection
2014-12-06 20:59 - 2014-12-06 21:25 - 00000000 ____D () C:\Program Files (x86)\Vuze
2014-12-06 20:59 - 2014-12-06 20:59 - 00001850 _____ () C:\Users\Public\Desktop\Vuze.lnk
2014-12-06 20:33 - 2014-12-06 20:33 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Bob\Downloads
 
\VuzeBittorrentClientInstaller.exe
2014-12-09 20:01 - 2011-11-04 08:12 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Azureus
C:\Users\Bob\AppData\Local\Temp\atl80.dll
C:\Users\Bob\AppData\Local\Temp\avguidx.dll
C:\Users\Bob\AppData\Local\Temp\cci.exe
C:\Users\Bob\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Bob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e4904-5bce-3988-8f84-3e2e7bac0d81}.tmp4itsa4.dll
C:\Users\Bob\AppData\Local\Temp\EjectNT.EXE
C:\Users\Bob\AppData\Local\Temp\ffunzip.exe
C:\Users\Bob\AppData\Local\Temp\GLDF5E1.tmp.ConduitEngineSetup.exe
C:\Users\Bob\AppData\Local\Temp\i4kdel0.exe
C:\Users\Bob\AppData\Local\Temp\i4kdel1.exe
C:\Users\Bob\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Bob\AppData\Local\Temp\libexpat.dll
C:\Users\Bob\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Bob\AppData\Local\Temp\mfc80.dll
C:\Users\Bob\AppData\Local\Temp\mfc80u.dll
C:\Users\Bob\AppData\Local\Temp\mfcm80.dll
C:\Users\Bob\AppData\Local\Temp\mfcm80u.dll
C:\Users\Bob\AppData\Local\Temp\mpegc.dll
C:\Users\Bob\AppData\Local\Temp\mssinstaller.exe
C:\Users\Bob\AppData\Local\Temp\msvcm80.dll
C:\Users\Bob\AppData\Local\Temp\msvcp80.dll
C:\Users\Bob\AppData\Local\Temp\msvcr80.dll
C:\Users\Bob\AppData\Local\Temp\nlsdl.dll
C:\Users\Bob\AppData\Local\Temp\oi_{15C04D82-E86A-4DC6-8AA1-97BF99C49953}.exe
C:\Users\Bob\AppData\Local\Temp\prxGLFB5E1.tmp.tbVuze.dll
C:\Users\Bob\AppData\Local\Temp\Quarantine.exe
C:\Users\Bob\AppData\Local\Temp\QuickTimeInstaller.exe
C:\Users\Bob\AppData\Local\Temp\RDVAlert.exe
C:\Users\Bob\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bob\AppData\Local\Temp\Soft32_Stub_5741.exe
C:\Users\Bob\AppData\Local\Temp\TmDbg32.dll
C:\Users\Bob\AppData\Local\Temp\TmDbg64.dll
C:\Users\Bob\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Bob\AppData\Local\Temp\UninstManager.dll
C:\Users\Bob\AppData\Roaming\Search Protection
*****************
 
HKU\Bob\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => value deleted successfully.
ipswuio => Service deleted successfully.
SNP2UVC => Service deleted successfully.
tmlwf => Service deleted successfully.
tmwfp => Service deleted successfully.
C:\Users\Bob\Desktop\CopyTrans Control Center.lnk => Moved successfully.
C:\Users\Bob\AppData\Roaming\WindSolutions => Moved successfully.
C:\ProgramData\WindSolutions => Moved successfully.
C:\Users\Bob\Downloads\Install_CopyTransControlCenter.exe => Moved successfully.
C:\Users\Bob\AppData\Roaming\BrowserExtensions => Moved successfully.
C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
C:\Windows\System32\Tasks\Check Updates => Moved successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
C:\Users\Bob\AppData\Local\88194e956af435d84c079a0c64fa71eb => Moved successfully.
C:\Users\Bob\AppData\Local\GeniusBox => Moved successfully.
C:\Users\Bob\AppData\Roaming\Search Protection => Moved successfully.
C:\Program Files (x86)\Vuze => Moved successfully.
C:\Users\Public\Desktop\Vuze.lnk => Moved successfully.
C:\Users\Bob\Downloads\VuzeBittorrentClientInstaller.exe => Moved successfully.
C:\Users\Bob\AppData\Roaming\Azureus => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\atl80.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\avguidx.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\cci.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\CommonInstaller.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e4904-5bce-3988-8f84-3e2e7bac0d81}.tmp4itsa4.dll => 
 
Moved successfully.
C:\Users\Bob\AppData\Local\Temp\EjectNT.EXE => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\ffunzip.exe => Moved successfully.
"C:\Users\Bob\AppData\Local\Temp\GLDF5E1.tmp.ConduitEngineSetup.exe" => File/Directory not found.
"C:\Users\Bob\AppData\Local\Temp\i4kdel0.exe" => File/Directory not found.
"C:\Users\Bob\AppData\Local\Temp\i4kdel1.exe" => File/Directory not found.
C:\Users\Bob\AppData\Local\Temp\InstallPlugin.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\libexpat.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\MachineIdCreator.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\mfc80.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\mfc80u.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\mfcm80.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\mfcm80u.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\mpegc.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\msvcm80.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\msvcp80.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\msvcr80.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\nlsdl.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\oi_{15C04D82-E86A-4DC6-8AA1-97BF99C49953}.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\prxGLFB5E1.tmp.tbVuze.dll => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\QuickTimeInstaller.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\RDVAlert.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\Soft32_Stub_5741.exe => Moved successfully.

 

 



#4 CooneyDog

CooneyDog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 31 December 2014 - 09:35 PM

Good Evening Gary (and Happy New Year!),

 

The 3 "File/Directory not found" entries from my latest log looked strange to me. So I looked back at the Fixlist that I used on my USB, and sure enough, I made a copying error. In an attempt to protect potentially personal data, I modified the number strings by one digit in my online post. And when I went to convert it back, an extra space was inserted in these three entries. 

 

I ran the fixlist again and received the fixlog you see below. I assume that all of the "File/Directory not found" results this round are because these files were logged as 'Moved successfully' last time.

 

My apologies for any inconvenience this may have caused you. After this second attempt, I tried booting and still encounter the same problem. The computer goes to the Windows loading screen, shuts down, and then reboots with Startup Repair selected as the default. The "Start Windows Normally" option leads to it shutting down. So I let it go through Startup Repair, and receive the message that "Windows cannot repair this computer automatically". 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2014 03

Ran by SYSTEM at 2014-12-31 20:32:53 Run:2

Running from F:\

Boot Mode: Recovery

==============================================

 

Content of fixlist:

*****************

HKU\Bob\...\Run: [Search Protection] => C:\Users\Bob\AppData\Roaming\Search Protection\SP.EXE [1127224 2014-12-04] ()

S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]

S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]

S3 tmlwf; No ImagePath

S3 tmwfp; No ImagePath

2014-12-06 22:53 - 2014-12-06 22:53 - 00001336 _____ () C:\Users\Bob\Desktop\CopyTrans Control Center.lnk

2014-12-06 22:52 - 2014-12-07 05:48 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\WindSolutions

2014-12-06 22:52 - 2014-12-06 22:54 - 00000000 ____D () C:\ProgramData\WindSolutions

2014-12-06 22:51 - 2014-12-06 22:52 - 05283824 _____ (WindSolutions) C:\Users\Bob\Downloads\Install_CopyTransControlCenter.exe

2014-12-06 21:01 - 2014-12-06 21:02 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\BrowserExtensions

2014-12-06 21:01 - 2014-12-06 21:01 - 00004488 _____ () C:\Windows\System32\Tasks\Validate Installation

2014-12-06 21:01 - 2014-12-06 21:01 - 00004280 _____ () C:\Windows\System32\Tasks\Check Updates

2014-12-06 21:01 - 2014-12-06 21:01 - 00003876 _____ () C:\Windows\System32\Tasks\GeniusBox

2014-12-06 21:01 - 2014-12-06 21:01 - 00000064 _____ () C:\Users\Bob\AppData\Local\88194e956af435d84c079a0c64fa71eb

2014-12-06 21:01 - 2014-12-06 21:01 - 00000000 ____D () C:\Users\Bob\AppData\Local\GeniusBox

2014-12-06 21:00 - 2014-12-06 21:01 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Search Protection

2014-12-06 20:59 - 2014-12-06 21:25 - 00000000 ____D () C:\Program Files (x86)\Vuze

2014-12-06 20:59 - 2014-12-06 20:59 - 00001850 _____ () C:\Users\Public\Desktop\Vuze.lnk

2014-12-06 20:33 - 2014-12-06 20:33 - 00072008 _____ (Azureus Software, Inc.) C:\Users\Bob\Downloads\VuzeBittorrentClientInstaller.exe

2014-12-09 20:01 - 2011-11-04 08:12 - 00000000 ____D () C:\Users\Bob\AppData\Roaming\Azureus

C:\Users\Bob\AppData\Local\Temp\atl80.dll

C:\Users\Bob\AppData\Local\Temp\avguidx.dll

C:\Users\Bob\AppData\Local\Temp\cci.exe

C:\Users\Bob\AppData\Local\Temp\CommonInstaller.exe

C:\Users\Bob\AppData\Local\Temp\dropbox_sqlite_ext.{ 5f3e4904-5bce-3988-8f84-3e2e7bac0d81}.tmp4itsa4.dll

C:\Users\Bob\AppData\Local\Temp\EjectNT.EXE

C:\Users\Bob\AppData\Local\Temp\ffunzip.exe

C:\Users\Bob\AppData\Local\Temp\GLDF5E1.tmp.ConduitEngineSetup.exe

C:\Users\Bob\AppData\Local\Temp\i4kdel0.exe

C:\Users\Bob\AppData\Local\Temp\i4kdel1.exe

C:\Users\Bob\AppData\Local\Temp\InstallPlugin.exe

C:\Users\Bob\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Bob\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Bob\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe

C:\Users\Bob\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Bob\AppData\Local\Temp\libexpat.dll

C:\Users\Bob\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\Bob\AppData\Local\Temp\mfc80.dll

C:\Users\Bob\AppData\Local\Temp\mfc80u.dll

C:\Users\Bob\AppData\Local\Temp\mfcm80.dll

C:\Users\Bob\AppData\Local\Temp\mfcm80u.dll

C:\Users\Bob\AppData\Local\Temp\mpegc.dll

C:\Users\Bob\AppData\Local\Temp\mssinstaller.exe

C:\Users\Bob\AppData\Local\Temp\msvcm80.dll

C:\Users\Bob\AppData\Local\Temp\msvcp80.dll

C:\Users\Bob\AppData\Local\Temp\msvcr80.dll

C:\Users\Bob\AppData\Local\Temp\nlsdl.dll

C:\Users\Bob\AppData\Local\Temp\oi_{15C04D82-E86A-4DC6-8AA1-97BF99C49953}.exe

C:\Users\Bob\AppData\Local\Temp\prxGLFB5E1.tmp.tbVuze.dll

C:\Users\Bob\AppData\Local\Temp\Quarantine.exe

C:\Users\Bob\AppData\Local\Temp\QuickTimeInstaller.exe

C:\Users\Bob\AppData\Local\Temp\RDVAlert.exe

C:\Users\Bob\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Bob\AppData\Local\Temp\Soft32_Stub_5741.exe

C:\Users\Bob\AppData\Local\Temp\TmDbg32.dll

C:\Users\Bob\AppData\Local\Temp\TmDbg64.dll

C:\Users\Bob\AppData\Local\Temp\ToolbarInstaller.exe

C:\Users\Bob\AppData\Local\Temp\UninstManager.dll

C:\Users\Bob\AppData\Roaming\Search Protection

*****************

 

HKU\Bob\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value not found.

ipswuio => Service not found.

SNP2UVC => Service not found.

tmlwf => Service not found.

tmwfp => Service not found.

"C:\Users\Bob\Desktop\CopyTrans Control Center.lnk" => File/Directory not found.

"C:\Users\Bob\AppData\Roaming\WindSolutions" => File/Directory not found.

"C:\ProgramData\WindSolutions" => File/Directory not found.

"C:\Users\Bob\Downloads\Install_CopyTransControlCenter.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Roaming\BrowserExtensions" => File/Directory not found.

"C:\Windows\System32\Tasks\Validate Installation" => File/Directory not found.

"C:\Windows\System32\Tasks\Check Updates" => File/Directory not found.

"C:\Windows\System32\Tasks\GeniusBox" => File/Directory not found.

"C:\Users\Bob\AppData\Local\88194e956af435d84c079a0c64fa71eb" => File/Directory not found.

"C:\Users\Bob\AppData\Local\GeniusBox" => File/Directory not found.

"C:\Users\Bob\AppData\Roaming\Search Protection" => File/Directory not found.

"C:\Program Files (x86)\Vuze" => File/Directory not found.

"C:\Users\Public\Desktop\Vuze.lnk" => File/Directory not found.

"C:\Users\Bob\Downloads\VuzeBittorrentClientInstaller.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Roaming\Azureus" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\atl80.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\avguidx.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\cci.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\CommonInstaller.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e4904-5bce-3988-8f84-3e2e7bac0d81}.tmp4itsa4.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\EjectNT.EXE" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\ffunzip.exe" => File/Directory not found.

C:\Users\Bob\AppData\Local\Temp\ GLDF5E1.tmp.ConduitEngineSetup.exe => Moved successfully.

C:\Users\Bob\AppData\Local\Temp\i4kdel0.exe => Moved successfully.

C:\Users\Bob\AppData\Local\Temp\i4kdel1.exe => Moved successfully.

"C:\Users\Bob\AppData\Local\Temp\InstallPlugin.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\libexpat.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\MachineIdCreator.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\mfc80.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\mfc80u.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\mfcm80.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\mfcm80u.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\mpegc.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\mssinstaller.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\msvcm80.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\msvcp80.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\msvcr80.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\nlsdl.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\oi_{15C04D82-E86A-4DC6-8AA1-97BF99C49953}.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\prxGLFB5E1.tmp.tbVuze.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\QuickTimeInstaller.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\RDVAlert.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\SkypeSetup.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\Soft32_Stub_5741.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\TmDbg32.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\TmDbg64.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\ToolbarInstaller.exe" => File/Directory not found.

"C:\Users\Bob\AppData\Local\Temp\UninstManager.dll" => File/Directory not found.

"C:\Users\Bob\AppData\Roaming\Search Protection" => File/Directory not found.

 

==== End of Fixlog ====


Edited by CooneyDog, 31 December 2014 - 10:56 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 01 January 2015 - 11:22 AM

Greetings Bob,

First of all I really apologize for the delay. I was not subscribed to the topic and therefore was not notified that you had replied. Please, if I don't reply within 24 hours send me a Personal Message. Very rarely will I go that long without responding.

Thanks for the detailed information .

Please do this now.

===================================================

Diagnose Blue Screen of Death (BSOD) Errors

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Blue Screen information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 CooneyDog

CooneyDog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 01 January 2015 - 02:23 PM

Hi Gary,

 

Thank you for the reply.

 

My Blue Screen displays the following:

 

 

"A problem has been detected and Windows has been shut down to prevent damage to your computer.

 

If this is the first time you’ve seen this error screen, restart your computer. If this screen appears again, follow these steps:

 

Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

 

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

 

Technical information:

 

0X0000007E (0xFFFFFFFFC0000005, 0xFFFFF880049BE847, 0xFFFFF880009A8FA8, 0xFFFFF880009A8800)

 

Collecting data for crash dump …

Initializing disk for crash dump …

Beginning dump of physical memory.

Dumping physical memory to disk:  100

Physical memory dump complete.

Contact your system admin or technical support group for further assistance."

 

 

 

Thanks again,

Bob



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 01 January 2015 - 02:27 PM

Thanks Bob,

Have you tried to boot into Safe Mode?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 CooneyDog

CooneyDog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 01 January 2015 - 03:22 PM

Yes, I just tried Safe Mode (no networking or anything) and it appears to be working. I can see my files. Is there anything special I should do from Safe Mode?

 

Thanks,

Bob



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 01 January 2015 - 03:43 PM

Thanks Bob, now I would like you to do this.

===================================================

Using Low Resolution Video From Advanced Startup Options Screen - Windows 7/Vista

--------------------
  • Restart your computer
  • Press F8 until you are presented with the Advanced Startup Options menu
  • Using the down arrow select Enable low resolution video and press Enter
  • Attempt to boot your computer into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Can you boot into Normal Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 CooneyDog

CooneyDog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 01 January 2015 - 09:56 PM

Hello Gary,

 

I selected the "enable low resolution video". 

 

Then at the windows startup screen I got the blue screen of death. It automatically restarted my computer, I selected "Start Windows Normally", and again got the blue screen of death.

 

Thank you again for working with me and lending your expertise.

 

Bob


Edited by CooneyDog, 01 January 2015 - 10:04 PM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 01 January 2015 - 10:04 PM

Thanks for testing that. What we attempted to do is determine if your video card driver was the cause of our problems. It is not so there is another file we need to try to locate.

Please boot into Safe Mode with Networking and navigate to the following folder:

C:\Windows\Minidump

If they exist, zip and attatch the two most recent files to your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 CooneyDog

CooneyDog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 02 January 2015 - 01:32 PM

Gary, attached are my files from Minidump.  Thank you, Bob

Edited by Oh My!, 17 January 2015 - 08:51 PM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 02 January 2015 - 01:47 PM

Thanks for the information Bob.

Please do this after booting into Safe Mode without Networking.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Avast

  • Attempt to reboot your computer into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Avast uninstall?
  • Can you boot into Normal Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 CooneyDog

CooneyDog
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 03 January 2015 - 12:55 AM

Hello Gary,

 

I followed your instructions to uninstall Avast. Then I successfully booted into normal mode (hooray!)

 

I went to "Programs and Features", "Uninstall of change a program", and I do not see Avast on the list.

 

What should I do next?

 

I tried using Google Chrome, but it is giving me the error message "Unable to connect to the proxy server" even though my wireless settings are showing that I am connected with 5 bars.

 

Also, will I need to install an alternative antivirus program to Avast?

 

Thank you,

Bob



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:36 PM

Posted 03 January 2015 - 08:16 AM

Hi Bob,

Very good. We are going to reinstall Avast shortly but I want to run a couple of programs before we do that. Avast is fine, we simply had a corrupted file. Obviously we want to keep Internet activity to a minimum so if you could only do the steps I post until we reinstall Avast that would be great.

Please run the below for me and then after that rerun FRST making sure Addition.txt is checked.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
  • Test your Internet
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Result.txt
  • FRST log
  • Addition log
  • Do you have Internet access?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users