Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with recovery loop using Farbar Please Help!!


  • This topic is locked This topic is locked
11 replies to this topic

#1 smallchange38

smallchange38

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 12 February 2016 - 08:14 AM

Mod Edit: Moved to Malware Removal Logs forum ~~ boopme

So obviously I don't need to explain the recovery loop to you guys. My computer has never really had any problems before and I'm extremely particular about running my antivirus programs (I use Malware-Bytes and Spybot S&D). A few days ago my Dell Inspiron n5050 laptop with Windows 7 64-bit (not sure which make or version I'm running) took a crap on me and went into an infinite recovery options/reboot loop. I have a copy of the most current version of Farbar and my most recent FRST.txt file is posted below, so I've gotten as far as running the program, scanning the drive, and saving the .txt file. I'm hoping someone here can direct me as to what to do next. I REALLY need my computer back as there's extremely important work saved that I hadn't had a chance to move to my external yet. Hope someone can help me. I'll gladly follow instructions on whatever is suggested. Also, I should add, at this point I cannot boot my computer at all. Not even in safe mode. 

-SmallChange-
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by SYSTEM on MININT-1IMCLRQ (12-02-2016 07:51:38)
Running from G:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-20] (Dropbox, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2015-10-07] (Windows ® Win 7 DDK provider)
S3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [75584 2015-10-07] (ASUS Corporation)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-14] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-07] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [122624 2011-01-12] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-12] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [122624 2011-01-12] (ZTE Incorporated)
S3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 07:25 - 2016-02-12 07:51 - 00000000 ____D C:\FRST
2016-02-09 16:07 - 2016-02-09 16:07 - 00000000 ____D C:\Windows\System32\config\mybackup
2016-02-07 21:35 - 2016-02-07 21:35 - 00000000 ____D C:\Users\Owner\Downloads\Crossroads 1986 720p HDTV x264 aac vice
2016-02-07 07:38 - 2016-02-07 07:42 - 00000000 ____D C:\Users\Owner\Downloads\Smokin' Aces (2006)
2016-02-06 16:12 - 2016-02-06 16:56 - 00000000 ____D C:\Users\Owner\Downloads\License To Drive 1988 DvDrip XviD greenbud1969 (HDScene-Release)
2016-02-03 21:43 - 2016-02-03 21:44 - 00000000 ____D C:\Users\Owner\Downloads\Beethoven[1992]720p.HDTV.x264-r3mnants
2016-02-03 17:39 - 2016-02-03 18:00 - 00000000 ____D C:\Users\Owner\Downloads\Ghost Dog The Way of the Samurai KLAXXON
2016-02-03 17:06 - 2016-02-03 17:07 - 00000000 ____D C:\Users\Owner\Downloads\American Gangster (2007) UNRATED
2016-02-02 21:24 - 2016-02-03 17:49 - 00000000 ____D C:\Users\Owner\Downloads\Foul Play
2016-02-02 21:23 - 2016-02-03 18:16 - 734270528 _____ C:\Users\Owner\Downloads\Modern Problems.avi
2016-02-02 21:23 - 2016-02-02 21:23 - 00000000 ____D C:\Users\Owner\Downloads\Funny Farm 1988 BRRiP {SiMbA}HD4ALL
2016-02-02 21:22 - 2016-02-03 20:36 - 1506752957 _____ C:\Users\Owner\Downloads\All Of Me.mkv
2016-02-02 21:13 - 2016-02-04 11:12 - 674608356 _____ C:\Users\Owner\Downloads\N0V0CA1NE.avi
2016-02-01 16:00 - 2016-02-01 16:29 - 00000000 ____D C:\Users\Owner\Downloads\Bowfinger.1999.720p.HDTV.x264.DD5.1-FGT
2016-02-01 15:38 - 2016-02-03 20:15 - 00000000 ____D C:\Users\Owner\Downloads\The Rocketeer 1991 1080p BluRay x264 AAC - Ozlem
2016-02-01 15:38 - 2016-02-01 15:38 - 00000000 ____D C:\Users\Owner\Downloads\What's Eating Gilbert Grape (1993) [1080p]
2016-02-01 12:37 - 2016-02-01 14:35 - 00000000 ____D C:\Users\Owner\Downloads\The Phantom (1996) [1080p] {5.1}
2016-02-01 12:37 - 2016-02-01 12:37 - 00000000 ____D C:\Users\Owner\Downloads\The Shadow 1994 1080p BDRip H264 AAC - IceBane (Kingdom Release)
2016-01-30 19:28 - 2016-01-31 16:52 - 00000000 ____D C:\Users\Owner\Downloads\TRUE LIFE - NEW SEASON
2016-01-30 16:08 - 2016-01-30 16:21 - 00000000 ____D C:\Users\Owner\Downloads\The Big Chill (1983) [1080p]
2016-01-30 14:20 - 2016-01-30 14:20 - 00000000 ____D C:\Users\Owner\Downloads\Richie Rich 1994 720p WEB-DL x264 AAC - Ozlem
2016-01-30 04:38 - 2016-01-30 11:46 - 00000000 ____D C:\Users\Owner\Downloads\www.Torrentday.com - Jake Speed (1986)
2016-01-29 22:04 - 2016-01-29 22:04 - 00000000 ____D C:\Users\Owner\Downloads\Father.Hood.1993.720p.BluRay.x264-FilmHD [PublicHD]
2016-01-29 21:59 - 2016-01-29 23:05 - 732874752 _____ C:\Users\Owner\Downloads\House.Arrest.1996.DVDrip.avi
2016-01-29 21:48 - 2016-01-29 22:02 - 00000000 ____D C:\Users\Owner\Downloads\[ www.Torrenting.com ] - Camp.Nowhere.1994.DVDRip.x264-NoRBiT
2016-01-29 08:56 - 2016-01-29 08:56 - 00000000 ____D C:\Users\Owner\Downloads\My.Girl.1991.720p.WEB-DL.H264-HDStar [PublicHD]
2016-01-27 23:17 - 2016-01-28 00:07 - 00000000 ____D C:\Users\Owner\Downloads\My Girl 1 & 2 DvDrip[Eng]-greenbud1969
2016-01-27 23:12 - 2016-01-27 23:13 - 00000000 ____D C:\Users\Owner\Downloads\The.Unauthorized.Saved.by.the.Bell.Story.2014.720p.HDTV.x264-FiNCH
2016-01-27 23:08 - 2016-01-27 23:33 - 595801454 _____ C:\Users\Owner\Downloads\the.unauthorized.saved.by.the.bell.story.2014.hdtv.x264-daview.mp4
2016-01-27 20:51 - 2016-01-27 20:51 - 535472989 _____ C:\Windows\MEMORY.DMP
2016-01-27 20:51 - 2016-01-27 20:51 - 00287704 _____ C:\Windows\Minidump\012716-19110-01.dmp
2016-01-27 20:51 - 2016-01-27 20:51 - 00000000 ____D C:\Windows\Minidump
2016-01-25 22:24 - 2016-01-25 22:26 - 00000000 ____D C:\Users\Owner\Downloads\The.Whole.Nine.Yards.2000.1080p.WEB-DL.H264.AC3.5.1.BADASSMEDIA
2016-01-25 10:52 - 2016-01-25 10:52 - 00000000 ____D C:\Users\Owner\Downloads\Teen.Wolf.1985.720p.BRRip.x264.AAC-ETRG
2016-01-25 05:16 - 2016-01-25 05:18 - 00000000 ____D C:\Users\Owner\Downloads\The.Mummy.1999.1080p.BluRay.x264.AC3-ETRG
2016-01-24 04:23 - 2016-01-24 04:37 - 733324992 _____ C:\Users\Owner\Downloads\Bringing.Down.The.House.DVDRip.aXXo.[UsaBit.com].avi
2016-01-23 16:06 - 2016-01-23 16:22 - 00000000 ____D C:\Users\Owner\Downloads\Big.Stan.[2007]720p.BRRip.H264(BINGOWINGZ-UKB-RG)
2016-01-23 15:04 - 2016-01-23 15:04 - 00000000 ____D C:\Users\Owner\Downloads\Snow Day (2000) 720p WEB-DL
2016-01-23 14:55 - 2016-01-23 15:50 - 00000000 ____D C:\Users\Owner\Downloads\Funny.Money[2006]DvDrip[Eng]-aXXo
2016-01-23 14:42 - 2016-01-24 05:09 - 00000000 ____D C:\Users\Owner\Downloads\Fathers' Day (1997)DVD5 (NL subs)NLtoppers
2016-01-23 14:38 - 2016-01-23 16:26 - 00000000 ____D C:\Users\Owner\Downloads\And the Band Played On 1993 DvdRip x264 multi- HighCode
2016-01-23 14:37 - 2016-01-24 07:10 - 00000000 ____D C:\Users\Owner\Downloads\Parenthood.1989.720p.BluRay.H264.AAC-RARBG
2016-01-23 14:26 - 2016-01-23 14:46 - 00000000 ____D C:\Users\Owner\Downloads\Cheaper.By.the.Dozen.2003.720p.WEB-DL.DD5.1.H.264-BS [PublicHD]
2016-01-23 03:07 - 2016-01-23 07:20 - 00000000 ____D C:\Users\Owner\Downloads\Alexander (2004) 1080p BluRay x264 aac [TuGAZx]
2016-01-22 13:44 - 2016-01-22 13:44 - 00003318 _____ C:\Windows\System32\Tasks\{2D816804-4D19-46FA-B284-2F6C0F0085DE}
2016-01-21 18:18 - 2016-01-21 18:19 - 00000000 ____D C:\Users\Owner\Downloads\Nothing.But.Trouble.1991.1080p.WEB-DL.AAC.2.0.BADASSMEDIA
2016-01-21 03:27 - 2016-01-21 21:20 - 00000000 ____D C:\Users\Owner\Downloads\The Stupids
2016-01-20 11:24 - 2016-01-20 11:31 - 00000000 ____D C:\Users\Owner\Downloads\Running.with.Scissors.2006.720p.BluRay.H264.AAC-RARBG
2016-01-20 11:17 - 2016-01-20 11:23 - 00000000 ____D C:\Users\Owner\Downloads\National.Lampoons.Van.Wilder.Unrated.2002.1080p.BluRay.x264.AAC-ETRG
2016-01-20 08:06 - 2016-01-20 08:31 - 00000000 ____D C:\Users\Owner\Downloads\Kuffs.1992.720p.WEB-DL.AAC2.0.H264-USM
2016-01-20 08:05 - 2016-01-20 08:05 - 00000000 ____D C:\Users\Owner\Downloads\The.Revenant.2015.DVDSCR.X264.AC3-EVO
2016-01-20 05:19 - 2016-01-20 05:19 - 00000000 ____D C:\Users\Owner\Downloads\Orange.County.2002.720p.WEB-DL.AAC2.0.H264-RARBG
2016-01-19 12:13 - 2016-01-19 12:31 - 733062550 _____ C:\Users\Owner\Downloads\Domestic Disturbance.mp4
2016-01-19 08:03 - 2016-01-19 08:03 - 00000000 ____D C:\Users\Owner\Downloads\Shamus (1973) DVD
2016-01-19 05:52 - 2016-01-19 06:26 - 00000000 ____D C:\Users\Owner\Downloads\Frailty (2001) [1080p]
2016-01-19 05:32 - 2016-01-19 06:15 - 00000000 ____D C:\Users\Owner\Downloads\Carpool.1996.720p.WEB-DL.x264-FGT
2016-01-19 05:28 - 2016-01-19 05:35 - 00000000 ____D C:\Users\Owner\Downloads\Dodgeball A True Underdog Story (2004) [1080p]
2016-01-19 05:07 - 2016-01-19 05:37 - 00000000 ____D C:\Users\Owner\Downloads\I am Sam (2001) [1080p]
2016-01-19 04:13 - 2016-01-19 04:13 - 00000000 ____D C:\Users\Owner\Downloads\Honey.I.Shrunk.the.Kids.1989.720p.WEB-DL.H264-fiend [PublicHD]
2016-01-19 03:20 - 2016-01-19 03:23 - 00000000 ____D C:\Users\Owner\Downloads\The Fugitive.1993.1080p.BluRay.x264.AC3-ETRG
2016-01-19 02:55 - 2016-01-19 07:29 - 735264768 _____ C:\Users\Owner\Downloads\The.Kid.And.I.(2005).LiMiTED.DVDRip.XviD-iMMORTALs.avi
2016-01-19 02:44 - 2016-01-19 03:15 - 00000000 ____D C:\Users\Owner\Downloads\The.Boat.That.Rocked.2009.720p.Bluray.x264.anoXmous
2016-01-19 02:31 - 2016-01-19 02:41 - 00000000 ____D C:\Users\Owner\Downloads\Serpico 1973 1080p Bluray x264 AAC - Ozlem
2016-01-17 01:51 - 2016-01-17 01:53 - 00000000 ____D C:\Users\Owner\Downloads\Dogma (1999) [1080p]
2016-01-17 01:50 - 2016-01-17 02:36 - 00000000 ____D C:\Users\Owner\Downloads\Chasing Amy (1997) [1080p]
2016-01-17 00:30 - 2016-01-17 00:30 - 00000000 ____D C:\Users\Owner\Downloads\Mallrats.1995.HDRip.XviD.AC3-VLiS
2016-01-16 07:23 - 2016-01-16 07:23 - 00000000 ____D C:\Users\Owner\Downloads\Freddy Got Fingered (2001)
2016-01-15 18:52 - 2016-01-15 19:29 - 00000000 ____D C:\Users\Owner\Downloads\Clerks [The First Cut].1994.BRRip.XviD.AC3[5.1]-VLiS
2016-01-14 22:33 - 2016-01-14 22:34 - 00000000 ____D C:\Users\Owner\Downloads\[Ahashare.com] Theres Something About Mary [1998] BRRip 480p x264 - PiRATE
2016-01-13 11:52 - 2016-01-13 12:58 - 00000000 ____D C:\Users\Owner\Downloads\James Bond A View To A Kill (1985) [1080p]
2016-01-13 11:52 - 2016-01-13 12:49 - 00000000 ____D C:\Users\Owner\Downloads\License To Kill (1989) 720p BLuRay x264 Dual Audio [Eng DD 5.1-Hindi] XdesiArsenal [ExD-XMR]
2016-01-13 11:21 - 2016-01-13 12:17 - 00000000 ____D C:\Users\Owner\Downloads\James Bond Octopussy (1983) [1080p]
2016-01-13 10:21 - 2016-01-13 11:39 - 00000000 ____D C:\Users\Owner\Downloads\James Bond Live And Let Die (1973) [1080p]
2016-01-13 10:20 - 2016-01-13 11:14 - 00000000 ____D C:\Users\Owner\Downloads\James Bond The Man With The Golden Gun (1974) [1080p]
2016-01-13 10:18 - 2016-01-13 11:26 - 00000000 ____D C:\Users\Owner\Downloads\Unforgiven 1992 1080p.BluRay.5.1.x264 . NVEE
2016-01-13 10:16 - 2016-01-13 10:17 - 00000000 ____D C:\Users\Owner\Downloads\The.Outlaw.Josey.Wales.1976.1080p.BluRay.H264.AAC-RARBG
2016-01-13 10:13 - 2016-01-13 10:39 - 00000000 ____D C:\Users\Owner\Downloads\Once.Upon.a.Time.in.America.1984.EXTENDED.BDRip.x264-ARCHiViST[et]
2016-01-13 02:27 - 2016-01-13 02:31 - 00000000 ____D C:\Users\Owner\Downloads\The Ringer (2005) [1080p]
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 04:38 - 2014-01-28 16:25 - 01248986 _____ C:\Windows\ntbtlog.txt
2016-02-08 00:39 - 2014-01-28 16:20 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-02-08 00:27 - 2013-12-17 15:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-08 00:07 - 2015-12-13 10:48 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\BitTorrent
2016-02-08 00:07 - 2013-12-18 16:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BitTorrent
2016-02-07 23:54 - 2015-09-20 15:49 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-07 23:51 - 2013-12-18 00:21 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-07 17:08 - 2015-09-20 15:49 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-07 16:56 - 2015-02-28 21:35 - 00192216 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-02-07 03:51 - 2013-12-18 00:21 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 01:11 - 2013-12-18 20:16 - 00000000 ____D C:\Program Files\MPC-HC
2016-02-06 22:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-02-05 17:23 - 2009-07-13 20:45 - 00020688 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-05 17:22 - 2009-07-13 20:45 - 00020688 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-05 17:21 - 2009-07-13 21:13 - 00781298 _____ C:\Windows\System32\PerfStringBackup.INI
2016-02-05 17:13 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-05 14:41 - 2013-12-16 21:08 - 00000000 ____D C:\report
2016-02-04 16:52 - 2013-12-18 00:23 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-03 10:32 - 2013-12-27 04:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-02-02 03:46 - 2013-12-18 00:21 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 03:46 - 2013-12-18 00:21 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 00:34 - 2015-11-05 12:03 - 00000000 ____D C:\Users\Owner\Downloads\Corinne's Folder
2016-01-31 05:33 - 2015-12-31 01:54 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2016-01-26 03:31 - 2016-01-07 02:01 - 00000000 ____D C:\Users\Owner\Downloads\[ www.TorrentDay.com ] - The.King.Of.Arcades.2014.HDRip.XviD.AC3-EVO
2016-01-20 08:27 - 2013-12-17 15:59 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 08:27 - 2013-12-17 15:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 08:27 - 2013-12-17 15:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 02:23 - 2014-01-30 19:28 - 00000000 ____D C:\Users\Owner\Downloads\MOVIES MOVIES MOVIES MOVIES MOVIES MOVIES MOVIES MOVIES MOVIES MOVIES MOVIES MOVIES MOVIES
2016-01-17 01:01 - 2013-12-16 18:47 - 00000000 ____D C:\Users\Owner\Documents\Bluetooth Folder
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\AskSLib.dll
C:\Users\Owner\AppData\Local\Temp\cres.dll
C:\Users\Owner\AppData\Local\Temp\cshell.dll
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatguzx.dll
C:\Users\Owner\AppData\Local\Temp\guninst.exe
C:\Users\Owner\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Owner\AppData\Local\Temp\SIntf16.dll
C:\Users\Owner\AppData\Local\Temp\SIntf32.dll
C:\Users\Owner\AppData\Local\Temp\SIntfNT.dll
C:\Users\Owner\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Owner\AppData\Local\Temp\sres.dll
C:\Users\Owner\AppData\Local\Temp\vcredist_2013_x86.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 13%
Total physical RAM: 6052.27 MB
Available physical RAM: 5217.18 MB
Total Virtual: 6050.47 MB
Available Virtual: 5206.97 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:882.59 GB) (Free:325.19 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:991.56 GB) NTFS
Drive g: () (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT
Drive h: () (Removable) (Total:1.94 GB) (Free:0.01 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: E665D1E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=882.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1887ECC0)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 3 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2016-02-07 21:01
 
==================== End of FRST.txt ============================

Edited by boopme, 12 February 2016 - 09:10 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 12 February 2016 - 05:38 PM

Greetings smallchange38 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please run this program for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X]
2016-01-22 13:44 - 2016-01-22 13:44 - 00003318 _____ C:\Windows\System32\Tasks\{2D816804-4D19-46FA-B284-2F6C0F0085DE}
C:\Users\Owner\AppData\Local\Temp\AskSLib.dll
C:\Users\Owner\AppData\Local\Temp\cres.dll
C:\Users\Owner\AppData\Local\Temp\cshell.dll
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatguzx.dll
C:\Users\Owner\AppData\Local\Temp\guninst.exe
C:\Users\Owner\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Owner\AppData\Local\Temp\SIntf16.dll
C:\Users\Owner\AppData\Local\Temp\SIntf32.dll
C:\Users\Owner\AppData\Local\Temp\SIntfNT.dll
C:\Users\Owner\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Owner\AppData\Local\Temp\sres.dll
C:\Users\Owner\AppData\Local\Temp\vcredist_2013_x86.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.2.1-win32.exe
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
  • If your computer will not boot complete the next step
===================================================

Diagnose Blue Screen of Death (BSOD) Errors by Disabling Automatic Restart

--------------------
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select Disable Automatic Restart on System Failure, as shown here:

advancedoptions.png

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Blue Screen information, if applicable

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 smallchange38

smallchange38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 13 February 2016 - 05:13 PM

Thank you so much for helping me. 

Here is the BSOD Stop code

STOP: c000021a {fatal system error}
The windows subsystem process terminated unexpectedly with a status of ox
c0000006 (0x76d2c29b 0x0010ef00).
The system has been shut down.

Here is my fixlog.txt
 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by SYSTEM (2016-02-13 16:58:59) Run:1
Running from H:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
S3 ALSysIO; \??\C:\Users\Owner\AppData\Local\Temp\ALSysIO64.sys [X]
2016-01-22 13:44 - 2016-01-22 13:44 - 00003318 _____ C:\Windows\System32\Tasks\{2D816804-4D19-46FA-B284-2F6C0F0085DE}
C:\Users\Owner\AppData\Local\Temp\AskSLib.dll
C:\Users\Owner\AppData\Local\Temp\cres.dll
C:\Users\Owner\AppData\Local\Temp\cshell.dll
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatguzx.dll
C:\Users\Owner\AppData\Local\Temp\guninst.exe
C:\Users\Owner\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Users\Owner\AppData\Local\Temp\SIntf16.dll
C:\Users\Owner\AppData\Local\Temp\SIntf32.dll
C:\Users\Owner\AppData\Local\Temp\SIntfNT.dll
C:\Users\Owner\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Owner\AppData\Local\Temp\sres.dll
C:\Users\Owner\AppData\Local\Temp\vcredist_2013_x86.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Owner\AppData\Local\Temp\vlc-2.2.1-win32.exe
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
ALSysIO => service removed successfully
C:\Windows\System32\Tasks\{2D816804-4D19-46FA-B284-2F6C0F0085DE} => moved successfully
C:\Users\Owner\AppData\Local\Temp\AskSLib.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\cres.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\cshell.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpatguzx.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\guninst.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\SIntf16.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\SIntf32.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\SIntfNT.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\SpotifyUninstall.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\sres.dll => moved successfully
C:\Users\Owner\AppData\Local\Temp\vcredist_2013_x86.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\vlc-2.1.3-win32.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\vlc-2.1.5-win32.exe => moved successfully
C:\Users\Owner\AppData\Local\Temp\vlc-2.2.1-win32.exe => moved successfully
 
==== End of Fixlog 16:59:00 ====


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 13 February 2016 - 07:44 PM

Thank you, please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
LastRegBack: 2016-02-07 21:01
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Attempt to boot your computer iinto Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 smallchange38

smallchange38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 14 February 2016 - 05:10 AM

I'm assuming you meant to save the fixlist.txt to the desktop folder in the C drive on the hard drive of the infected computer? That's where I put it and this here is the fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by SYSTEM (2016-02-14 05:31:09) Run:3
Running from H:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
LastRegBack: 2016-02-07 21:01
 
*****************
 
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
 
==== End of Fixlog 05:31:14 ====

Edited by smallchange38, 14 February 2016 - 06:28 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 14 February 2016 - 09:21 AM

My apologies, I gave you the right fix but the wrong instructions.

I see you modified your first post where you said your computer does not boot and then removed that information. Can you boot?

Edited by Oh My!, 14 February 2016 - 09:28 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 smallchange38

smallchange38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 14 February 2016 - 03:06 PM

No I still cannot boot. In normal or safe modes.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 14 February 2016 - 03:35 PM

OK, thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Boot to the System Recovery Options again and run FRST using your USB device
  • Type the following in the Search Field
csrss.exe;lsass.exe
  • Click Search File(s) button
  • A Search.txt document will be saved to your USB device
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 smallchange38

smallchange38
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 14 February 2016 - 04:01 PM

Here is the search log you requested:
 

Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by SYSTEM (2016-02-14 15:42:00)
Running from G:\
Boot Mode: Recovery
 
================== Search Files: "csrss.exe;lsass.exe" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[2013-12-16 19:03][2013-09-24 17:08] 0030720 ____A (Microsoft Corporation) F021DAFB1F87616FCEBA159C2ED7042F
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[2013-12-17 08:12][2012-08-24 09:43] 0031232 ____A (Microsoft Corporation) 77119F1F9B492B260030C34F9BE327FA
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2013-12-16 19:32][2012-06-03 23:51] 0031232 ____A (Microsoft Corporation) 79C908CAA6F43021EB05F4C733A927D1
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2013-12-16 19:17][2011-11-16 22:20] 0031232 ____A (Microsoft Corporation) 0A10B74FBB437FF9A23F1D5DE4446A83
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2013-12-16 19:03][2013-09-24 17:03] 0030720 ____A (Microsoft Corporation) 4D71227301DD8D09097B9E4CC6527E5A
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[2013-12-16 19:17][2011-11-16 22:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2013-12-16 19:17][2011-11-16 22:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2013-12-16 19:17][2011-11-16 22:33] 0031232 ____A (Microsoft Corporation) C118A82CD78818C29AB228366EBF81C3
 
C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2009-07-13 15:20][2009-07-13 17:39] 0031232 ____A (Microsoft Corporation) 0793F40B9B8A1BDD266296409DBD91EA
 
C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2009-07-13 15:19][2009-07-13 17:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72
 
C:\Windows\System32\csrss.exe
[2009-07-13 15:19][2009-07-13 17:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72
 
C:\Windows\System32\lsass.exe
[2013-12-16 19:03][2013-09-24 17:03] 0030720 ____A (Microsoft Corporation) 4D71227301DD8D09097B9E4CC6527E5A
 
X:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2010-11-20 01:21][2009-07-13 17:39] 0031232 ____A (Microsoft Corporation) 0793F40B9B8A1BDD266296409DBD91EA
 
X:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7601.17514_none_b709e946fab5388d\csrss.exe
[2010-11-20 01:18][2009-07-13 17:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72
 
X:\Windows\System32\csrss.exe
[2010-11-20 01:18][2009-07-13 17:39] 0007680 ____A (Microsoft Corporation) 60C2862B4BF0FD9F582EF344C2B1EC72
 
X:\Windows\System32\lsass.exe
[2010-11-20 01:21][2009-07-13 17:39] 0031232 ____A (Microsoft Corporation) 0793F40B9B8A1BDD266296409DBD91EA
 
====== End of Search ======


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 14 February 2016 - 11:05 PM

Those files look fine.

I would like you to go through a progression of steps.

===================================================

Last Known Good Configuration

--------------------
  • Reboot your computer
  • Gently tap the F8 key repeatedly until you are presented with a Windows Advanced Options menu
  • Select Last Known Good Configuration using the arrow keys
  • Press Enter on your keyboard and attempt to boot into Normal Mode or if not, Safe Mode
===================================================

System Restore from System Recovery Options

--------------------

Use one of the following two ways to enter System Recovery Options from the Advanced Boot Options:

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select System Restore (please be patient as it may take a minute or two to load)
  • Select Next
  • If necessary check Show restore points older than 5 days
  • Left click on the Restore Point dated prior to the onset of your symptoms, then click Next
  • If you receive a caution screen, make sure your System Drive (C:) is checked, then click Next
  • Click Finish and allow System Restore to run.
  • Attempt to boot your computer into Normal Mode or, if unsuccessful, Safe Mode
===================================================

Copying a File or Folder in the Recovery Environment

--------------------
  • Boot your computer into the Recovery Environment
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • Click File then select Open
  • Navigate to the following file/folder

C:\Windows\Minidump

  • Right click on the file/folder, then select Copy
  • Nagivate to your USB device, right click, then select Paste
  • Attach the Minidump folder to your reply
===================================================

Entering Safe Mode with Command Prompt

--------------------
  • Restart your computer
  • When the machine first starts gently tap the F8 key repeatedly until you are presented with a Advanced Boot Options menu
  • Select the option for Safe Mode with Command Prompt using the arrow keys then press Enter
  • If you are able to successfully complete this step stop and let me know
===================================================

If you are unable to boot please describe exactly what you see when you try to boot into Normal and Safe Mode.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results of steps
  • Attached Minidump file
  • Description of boot process

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 17 February 2016 - 10:53 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:51 PM

Posted 19 February 2016 - 10:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users