Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Configuring updates: stage 3 of 3 - 0% complete loop


  • This topic is locked This topic is locked
126 replies to this topic

#1 timebender

timebender

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 09 February 2015 - 01:30 AM

I have found a previous post on a looping issue that I am currently having during start up. I do not have an install dvd, so I have followed the previous posts instructions and I have the FRST.txt which I have attached. I have followed the instructions below and now I am stuck at this point. I don't know what to do next.

 

On the System Recovery Options menu you will get the following options:


  •  
    •  
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply

 

 

 

Attached Files

  • Attached File  FRST.txt   13.78KB   4 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 AM

Posted 14 February 2015 - 01:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/566227 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 timebender

timebender
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 14 February 2015 - 05:05 PM

My computer continues to loop startup as it gets stuck on a 3 of 3 configuring update. I have done a system restore and a launch restore, which just brings me back to the loop..I can only get into the DOS where I have created a new FRST log which I have attached. I do not have the windows CD/DVD.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by SYSTEM on MINWINPC on 11-02-2015 22:00:33
Running from H:\
Platform: Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3060248 2014-11-05] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1558072 2009-02-20] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1558072 2009-02-20] (Hewlett-Packard)
HKU\Dennis\...\Run: [SkyDrive] => C:\Users\Dennis\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)
HKU\Dennis\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)
BootExecute: autocheck smrgdf C:\Users\Dennis\AppData\Roaming\iolo\

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1507632 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S2 CleanMyPCService; C:\Program Files\CleanMyPC\CleanMyPCService.exe [90352 2014-08-11] (MacPaw Inc.)
S4 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
S4 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)
S2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
S2 vToolbarUpdater18.1.10; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-05] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-11-05] (AVG Technologies)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2012-10-19] (EldoS Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-12-15] (McAfee, Inc.)
S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-12-15] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-12-15] (McAfee, Inc.)
S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)
S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)
S2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2012-10-19] (Raxco Software, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-08-08] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-10-01] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys F5272A105F59A7B3B345D9D6D87DA7AD
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\System32\DRIVERS\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\System32\DRIVERS\AmdLLD.sys AD8FA28D8ED0D0A689A0559085CE0F18
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\system32\drivers\atapi.sys 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\DRIVERS\avgdiskx.sys CB2C2B24BD7E64CFB2B24D401FF5BBC0
C:\Windows\System32\DRIVERS\avgfwd6x.sys 7F9B01CE297EF4D54C5C4D736D22CF96
C:\Windows\System32\DRIVERS\avgidsdriverx.sys EB1AA821F99D5D2DA05511AE8D4704C4
C:\Windows\System32\DRIVERS\avgidshx.sys D1663A0114691080C624D857A8343D5B
C:\Windows\System32\DRIVERS\avgidsshimx.sys 2429F7F025F63532B6B264D97E4ECA49
C:\Windows\System32\DRIVERS\avgldx86.sys 9AFD535116E986D49877B811F3665E8E
C:\Windows\System32\DRIVERS\avglogx.sys D94378757947E02AE9BC484DF196A44D
C:\Windows\System32\DRIVERS\avgmfx86.sys 35DD83C14AA01F4817BA46A4D6B6A520
C:\Windows\System32\DRIVERS\avgrkx86.sys F016B95273E0B1961F204F7FD2FFD811
C:\Windows\System32\DRIVERS\avgtdix.sys 5A22A7A67BFB67D3223B7A339FC97780
C:\Windows\system32\drivers\avgtpx86.sys D15D2E9F5567075740B88F16F01810D6
C:\Windows\System32\DRIVERS\b57nd60x.sys 502F1C30BD50B32D00CE4DCAECC3D3C7
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\system32\drivers\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\DRIVERS\ctxusbm.sys CB6FF7012BB5D59D7C12350DB795CE1F
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5C2C209CDEFBC51D83D66E8A53B2BE89
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\ElRawDsk.sys DA8B28199B46B72502D5A3F75D446254
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys B6905802576D480505EE30D6DFE098A6
C:\Windows\System32\DRIVERS\EsgScanner.sys 01CE484FF6D70A39479BC6D619DE7ED6
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 4E404505B3F62ECFBDBCBBCF0A72DBC5
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\DRIVERS\fssfltr.sys B0082808A6856A252F7CDD939892CE50
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\DRIVERS\hamachi.sys 833051C6C6C42117191935F734CFBD97
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\drivers\HTTP.sys 0EEECA26C8D4BDE2A4664DB058A81937
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys DFE2EFD0D7F301214DB3D999512783A7
C:\Windows\system32\drivers\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys EDE59EC70E25C24581ADD1FBEC7325F7
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\MfeAVFK.sys 32BCD2AEC12CEE766B2488731A78127C
C:\Windows\System32\drivers\MfeBOPK.sys 963ABF1A4D3A19206F7B059E5A1A190B
C:\Windows\System32\drivers\mfehidk.sys 586A07B1FA933C340D990419D6894D7A
C:\Windows\System32\drivers\MfeRKDK.sys 820D6AA3F7F0CFA8A1FA8F63D3F1DF04
C:\Windows\System32\drivers\mfetdik.sys 3812E49FA67A3F604895F0D0C2E1EF90
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys B0584CA7DEF55929FDB5169BD28B2484
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys 28023E86F17001F7CD9B15A5BC9AE07D
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netaapl.sys 1352E1648213551923A0A822E441553C
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\System32\DRIVERS\nvmfdx32.sys D958A2B5F6AD5C3B8CCDC4D7DA62466C
C:\Windows\System32\DRIVERS\nvlddmkm.sys FBBA09782F2FAC5A57619DF378BA9372
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\System32\drivers\nvstor32.sys 63B7838E9C272BAAA7B33A0CA4EBB748
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys 8A79FDF04A73428597E2CAF9D0D67850
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\System32\DRIVERS\parvdm.sys 6C580025C81CAF3AE9E3617C22CAD00E
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\system32\drivers\pciide.sys FC175F5DDAB666D7F4D17449A547626F
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 40C611622882C3FCAFEB845C1E12A10F
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\drivers\regi.sys 001B4278407F4303EFC902A2B16F2453
C:\Windows\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys CE9EC966638EF0B10B864DDEDF62A099
C:\Windows\System32\DRIVERS\serial.sys 6D663022DB3E7058907784AE14B69898
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\Drivers\sptd.sys CDDDEC541BC3C96F91ECB48759673505
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\SWDUMon.sys 3BDB62C3F977CE0120F92A264E9F715D
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\DRIVERS\tcpip.sys C7B0746FCD576D7EEBA6A2530B0B2966
C:\Windows\System32\drivers\tcpipreg.sys 608C345A255D82A6289C2D468EB41FD7
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\drivers\tpm.sys CB258C2F726F1BE73C507022BE33EBB3
C:\Windows\System32\DRIVERS\tssecsrv.sys F4EAA7ECBCB25DE901C9B7F2CDCDA0B3
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys EC1C23779BB41A8B2AB2AA6FCE308BDE
C:\Windows\System32\drivers\usbaudio.sys 1114579556DB85E9FAF9590DBC64CD62
C:\Windows\System32\DRIVERS\usbccgp.sys AAB0B5F72D2D726FBFDC895A2902DE1D
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 153E8515CB86F8BB5D1A8B478EBF4BB2
C:\Windows\System32\DRIVERS\usbhub.sys 2AE6BCEBD85D31317E433733DAF25888
C:\Windows\System32\DRIVERS\usbohci.sys D457EBD0C3A8B3A3A144355B5EE91CBC
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys 1D714B8497CD68307806D5D3F60A5169
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wimfltr.sys F9AD3A5E3FD7E0BDB18B8202B0FDD4E4
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 06:04 - 2015-02-11 21:54 - 00000000 ____D () C:\FRST
2015-01-28 08:59 - 2015-01-28 11:50 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2015-01-28 08:59 - 2015-01-28 08:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2015-01-26 09:52 - 2015-01-26 09:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 02:09 - 2014-12-18 16:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-14 02:01 - 2014-12-05 19:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-14 02:01 - 2014-12-05 19:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-14 02:01 - 2014-12-05 19:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-01-14 02:01 - 2014-12-05 19:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 12:23 - 2014-12-13 22:43 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-08 12:23 - 2014-11-05 19:10 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2015-02-08 12:23 - 2012-11-26 14:35 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-08 12:23 - 2010-07-30 09:27 - 00000000 ____D () C:\users\Dennis
2015-02-08 12:23 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
2015-02-08 12:23 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2015-02-08 12:23 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2015-02-08 12:23 - 2006-11-02 02:22 - 47448064 _____ () C:\Windows\System32\config\software_previous
2015-02-08 12:23 - 2006-11-02 02:22 - 29097984 _____ () C:\Windows\System32\config\system_previous
2015-02-08 12:08 - 2006-11-02 02:22 - 38535168 _____ () C:\Windows\System32\config\components_previous
2015-02-08 12:08 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\sam_previous
2015-01-28 21:50 - 2009-08-05 09:59 - 01174080 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 21:06 - 2013-08-05 23:47 - 00000000 ___RD () C:\Users\Dennis\SkyDrive
2015-01-28 19:57 - 2006-11-02 02:22 - 00524288 _____ () C:\Windows\System32\config\default_previous
2015-01-28 18:23 - 2011-03-01 15:17 - 00000680 _____ () C:\Users\Dennis\AppData\Local\d3d9caps.dat
2015-01-28 11:57 - 2006-11-02 02:22 - 00262144 _____ () C:\Windows\System32\config\security_previous
2015-01-28 09:01 - 2014-10-22 18:21 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-28 01:00 - 2011-09-01 16:56 - 00000000 ____D () C:\Users\Dennis\AppData\Local\Adobe
2015-01-27 22:57 - 2006-11-02 04:45 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 22:57 - 2006-11-02 04:45 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 20:17 - 2012-11-27 11:37 - 00002633 _____ () C:\Users\Dennis\Desktop\Microsoft Office Outlook 2003.lnk
2015-01-27 02:57 - 2014-08-13 01:32 - 00061044 _____ () C:\Windows\PFRO.log
2015-01-26 23:50 - 2014-10-22 18:26 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-26 23:02 - 2014-10-02 10:40 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 10:52 - 2014-04-30 20:13 - 00000538 _____ () C:\Users\Dennis\Desktop\Small Business Banking - RBC Royal Bank.website
2015-01-22 07:36 - 2009-08-05 10:03 - 00000000 ____D () C:\Program Files\Java
2015-01-17 21:14 - 2012-04-06 20:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2015-01-17 21:14 - 2011-08-05 16:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2015-01-14 02:09 - 2013-08-13 20:58 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-14 02:02 - 2006-11-02 02:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe

Some content of TEMP:
====================
C:\Users\Dennis\AppData\Local\Temp\jre-8u31-windows-au.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2015-01-14 23:00:49
Restore point made on: 2015-01-15 23:09:45
Restore point made on: 2015-01-16 23:00:52
Restore point made on: 2015-01-17 23:02:29
Restore point made on: 2015-01-22 12:52:48
Restore point made on: 2015-01-24 03:09:04
Restore point made on: 2015-01-24 23:00:54
Restore point made on: 2015-01-26 23:45:56
Restore point made on: 2015-01-27 23:00:49

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {63fb57f3-f221-11dc-8cda-0018716eb820}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
resume No

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[E:]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[E:]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {63fb57f3-f221-11dc-8cda-0018716eb820}
nx OptIn

Resume from Hibernate
---------------------
identifier {63fb57f3-f221-11dc-8cda-0018716eb820}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=E:
ramdisksdipath \boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3069.34 MB
Available physical RAM: 2568.19 MB
Total Pagefile: 2794.52 MB
Available Pagefile: 2620.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:133.05 GB) (Free:46.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:14.05 GB) (Free:4.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (OS_TOOLS) (Fixed) (Total:1.95 GB) (Free:1.45 GB) NTFS
Drive h: () (Removable) (Total:7.86 GB) (Free:7.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 64DCB78D)
Partition 1: (Active) - (Size=133 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.9 GB) (Disk ID: 00BFC3BC)
Partition 1: (Active) - (Size=7.9 GB) - (Type=0C)


LastRegBack: 2015-01-28 12:17

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   34.76KB   1 downloads

Edited by Oh My!, 14 February 2015 - 05:19 PM.
Log Posted


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 14 February 2015 - 05:29 PM

Greetings timebender and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run the below for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2015-01-28 12:17
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Are you able to boot your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 timebender

timebender
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 16 February 2015 - 12:10 AM

Hi Gary, Thank you for your help, it is much appreciated. My name is Jody. 
 
I have done the Farbar's Recovery Scan Tool - Run Fix
 
and attempted to boot the computer into Normal Mode and, Safe Mode
===================================================
  • Fixlog:  Is attached
  • Are you able to boot your computer?  The computer will not boot into Normal Mode or Safe Made
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-02-2015
Ran by SYSTEM at 2015-02-11 23:30:18 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
LastRegBack: 2015-01-28 12:17
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog 23:30:25 ====

Attached Files


Edited by Oh My!, 16 February 2015 - 08:52 AM.
Posted log


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 16 February 2015 - 08:58 AM

Hi Jody,

Please do this.

===================================================

Last Known Good Configuration

--------------------
  • Reboot your computer
  • Gently tap the F8 key repeatedly until you are presented with a Windows Advanced Options menu
  • Select Last Known Good Configuration using the arrow keys
  • Press Enter on your keyboard and attempt to boot into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 timebender

timebender
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 16 February 2015 - 04:59 PM

Hi Gary,

 

I have done  Last Known Good Configuration and attempted to boot into Normal Mode. I am now getting a Floppy Diskette Seek Failure, Strike F1 key to continue, F2 to run the set up utility.

 

If I press F1 it loops back to the above command of Floppy Diskette Seek Failure.

 

If I press F2 I can get to start up repair where it asks View Diagnostic and Repair Details or View Advance Options for System Recovery and Support.

 

I have opened the View Advance Options for System Recovery and Support.

 

I am at choose recovery tool. This is where I have stopped.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 16 February 2015 - 05:14 PM

Are you familiar with entering the computer BIOS? (many people are not)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 timebender

timebender
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 16 February 2015 - 05:22 PM

Hi Gary,

 

That I am not



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 16 February 2015 - 05:41 PM

OK, what I would like you to do is:
 

If I press F2 I can get to start up repair where it asks View Diagnostic and Repair Details

 

Let me know the results.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 timebender

timebender
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 16 February 2015 - 05:51 PM

I get this report:

 

Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: 1/28/2015 7:49:29 PM (GMT)
Number of repair attempts: 15

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 374 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 78 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 484 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 421 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 78 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 374 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 62 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 47 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 546 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 452 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 78 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------
Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code =  0x0
Time taken = 15 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 375 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code =  0x0
Time taken = 62 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code =  0x0
Time taken = 47 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code =  0x0
Time taken = 530 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 16 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code =  0x0
Time taken = 406 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code =  0x0
Time taken = 78 ms

Root cause found:
---------------------------
Startup Repair has tried several times but still cannot determine the cause of the problem.

---------------------------
---------------------------



#12 timebender

timebender
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 16 February 2015 - 05:57 PM

sorry I jumped ahead there, by pressing F2 Im at a blue screen with a list: system, drivers, onborad devices, video, performance, security, power management, maintenance, POST behaviour.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 16 February 2015 - 06:06 PM

Thanks, what we want to do (each computer is different) is try to identify the boot order and see what is listed for the top 2 entries, like CD-ROM, Hard Drive, etc.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 timebender

timebender
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 16 February 2015 - 06:14 PM

Under System it has Boot Sequence when I scroll to that the list it provides is  

 

1. Onboard or USB Floppy Drive  (not present)

2. Onboard SATA Hard Drive  (not present)

3. ST3160318AS

4. Onboard or USB CD-Rom Drive

5. USB Device (not present)



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:06 AM

Posted 16 February 2015 - 06:44 PM

Nice work! :thumbsup2:

What I would like you to do is make the top 2 entries as follows:

Onboard or USB CD-Rom Drive
ST3160318AS


Make sure you hit F10 to Save and Exit. See if your computer boots.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users