Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System will not boot; FRST run from Recovery Environment


  • This topic is locked This topic is locked
3 replies to this topic

#1 Ephs05msm

Ephs05msm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 15 September 2016 - 12:06 AM

Family member's computer will not boot.  Post-BIOS blinking cursor.  Can reach command prompt via recovery environment.  FRST log file attached.  Thank you very much for the help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by SYSTEM on MININT-INU48IS (14-09-2016 21:14:05)
Running from e:\
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK.
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [VX6000] => C:\WINDOWS\vVX6000.exe [764256 2009-06-30] (Microsoft Corporation
)
HKLM\...\Run: [DNS7reminder] => "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4045432 2012-10-25] (VIA)
HKLM\...\Run: [VideoDownloadConverter Search Scope Monitor] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe [44784 2013-09-19] (MindSpark)
HKLM\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] => C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe [30096 2013-09-19] (VER_COMPANY_NAME)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap.dll [1316000 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [MapsGalaxy EPM Support] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39medint.exe [12872 2015-02-02] (Mindspark)
HKLM\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\Program Files\MapsGalaxy_39\bar\1.bin\APPINTEGRATOR.EXE [225864 2015-02-02] (Mindspark)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-05] (Apple Inc.)
HKLM-x32\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKU\Default\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [7805120 2015-10-29] (Microsoft Corporation)
HKU\Default User\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [7805120 2015-10-29] (Microsoft Corporation)
HKU\DefaultAppPool\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [7805120 2015-10-29] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2015-10-29] (Microsoft Corporation)
HKU\Guest.Matthew-Spaleta\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [7805120 2015-10-29] (Microsoft Corporation)
HKU\Guest.Matthew-Spaleta\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2015-10-29] (Microsoft Corporation)
HKU\Matthew\...\Run: [Google Update] => C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-21] (Google Inc.)
HKU\Matthew\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-05] (Acresso Corporation)
HKU\Matthew\...\Run: [NextLive] => C:\Users\Matthew\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-13] (NewNextDotMe)
HKU\Matthew\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\Matthew\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\Matthew\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
HKU\Matthew\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-07-08] (Apple Inc.)
HKU\Matthew\...\Run: [GoogleChromeAutoLaunch_1DCACA8C0EC1716DD73D162837173624] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
HKU\Matthew\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.)
HKU\Matthew\...\Run: [BingSvc] => C:\Users\Matthew\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-20] (© 2015 Microsoft Corporation)
HKU\Matthew\...\Run: [iCloudPhotos] => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-07-08] (Apple Inc.)
HKU\Matthew\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [515584 2015-10-29] (Microsoft Corporation)
HKU\Nancy.Matthew-Spaleta\...\RunOnce: [Uninstall C:\Users\Nancy.Matthew-Spaleta\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nancy.Matthew-Spaleta\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2012-02-14]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (No File)
Startup: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-07-19]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
Startup: C:\Users\Shelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010-01-13]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (No File)
GroupPolicyUsers\S-1-5-21-1196513593-2060879267-4276345258-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1196513593-2060879267-4276345258-1001\User: Restriction <======= ATTENTION
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [82128 2016-06-25] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [250808 2012-12-11] (Adobe Systems Incorporated)
S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [67384 2016-03-02] (Apple Inc.)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [45752 2015-10-29] (Microsoft Corporation)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2011-06-05] (Nuance Communications, Inc.)
S2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43696 2015-10-23] (Microsoft Corporation)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-01-31] (Freemake)
S3 fsssvc; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [1512448 2012-09-12] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [918160 2015-03-27] (NVIDIA Corporation)
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-21] (Google Inc.)
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-09-21] (Google Inc.)
S3 gusvc; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-11] (Google)
S2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [90696 2015-02-02] (Mindspark)
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20696720 2015-03-27] (NVIDIA Corporation)
S3 odserv; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\W32X86\3\PrintConfig.dll [2718208 2016-06-30] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [327296 2015-07-09] (Skype Technologies)
S3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [836288 2015-04-09] (Valve Corporation)
S2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [409800 2015-02-03] (NVIDIA Corporation)
S2 TeamViewer7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2869040 2015-05-29] (TeamViewer GmbH)
S2 TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S2 VideoDownloadConverter_4zService; C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe [42504 2013-09-19] (COMPANYVERS_NAME)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [401408 2015-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-29] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2016-06-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athr; C:\Windows\System32\drivers\athwn.sys [3205632 2015-10-29] (Qualcomm Atheros Communications, Inc.)
S3 CompFilter; C:\Windows\System32\drivers\lvbusflt.sys [21096 2012-10-26] (Logitech Inc.)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2015-10-29] (Intel Corporation)
S3 iaioi2c; C:\Windows\System32\drivers\iaioi2c.sys [61936 2015-10-29] (Intel Corporation)
S3 lvrs; C:\Windows\system32\DRIVERS\lvrs.sys [298984 2012-10-26] (Logitech Inc.)
S3 LVUVC; C:\Windows\system32\DRIVERS\lvuvc.sys [4255592 2012-10-26] (Logitech Inc.)
S3 NVNET; C:\Windows\System32\drivers\nvmf6232.sys [291456 2015-10-29] (NVIDIA Corporation)
S0 nvstor32; C:\Windows\System32\drivers\nvstor32.sys [110624 2007-08-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-03-27] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2015-11-05] (Apple, Inc.)
S3 VX6000; C:\Windows\system32\DRIVERS\VX6000Xp.sys [2074464 2009-06-30] (Microsoft Corporation
)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [37400 2015-10-29] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [246104 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [98648 2015-10-29] (Microsoft Corporation)
S3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-14 21:13 - 2016-09-14 21:13 - 00000000 ____D C:\FRST
2016-08-22 09:33 - 2016-08-02 21:32 - 00260448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2016-08-22 09:33 - 2016-08-02 20:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryClient.dll
2016-08-22 09:33 - 2016-08-02 20:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryBroker.dll
2016-08-22 09:33 - 2016-08-02 20:43 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\bthserv.dll
2016-08-22 09:33 - 2016-08-02 20:40 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2016-08-22 09:33 - 2016-08-02 20:32 - 01467392 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2016-08-22 09:33 - 2016-08-02 20:32 - 00951808 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2016-08-22 09:33 - 2016-08-02 20:19 - 02180096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepository.dll
2016-08-22 09:32 - 2016-08-02 21:43 - 00023776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2016-08-22 09:32 - 2016-08-02 21:33 - 00051128 _____ (Microsoft Corporation) C:\Windows\System32\SensorsNativeApi.dll
2016-08-22 09:32 - 2016-08-02 21:32 - 00413024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2016-08-22 09:32 - 2016-08-02 21:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2016-08-22 09:32 - 2016-08-02 21:30 - 00465760 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2016-08-22 09:32 - 2016-08-02 21:29 - 01337680 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2016-08-22 09:32 - 2016-08-02 21:29 - 00633192 _____ (Microsoft Corporation) C:\Windows\System32\sppwinob.dll
2016-08-22 09:32 - 2016-08-02 21:18 - 00346464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2016-08-22 09:32 - 2016-08-02 20:57 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\tdlrecover.exe
2016-08-22 09:32 - 2016-08-02 20:48 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\musdialoghandlers.dll
2016-08-22 09:32 - 2016-08-02 20:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2016-08-22 09:32 - 2016-08-02 20:44 - 00050688 _____ (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
2016-08-22 09:32 - 2016-08-02 20:44 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\TpmTasks.dll
2016-08-22 09:32 - 2016-08-02 20:41 - 00330240 _____ (Microsoft Corporation) C:\Windows\System32\MusUpdateHandlers.dll
2016-08-22 09:32 - 2016-08-02 20:37 - 00239616 _____ (Microsoft Corporation) C:\Windows\System32\SensorService.dll
2016-08-22 09:32 - 2016-08-02 20:37 - 00219136 _____ (Microsoft Corporation) C:\Windows\System32\VEEventDispatcher.dll
2016-08-22 09:32 - 2016-08-02 20:35 - 00396288 _____ (Microsoft Corporation) C:\Windows\System32\tileobjserver.dll
2016-08-22 09:32 - 2016-08-02 20:34 - 00792064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2016-08-22 09:32 - 2016-08-02 20:34 - 00400896 _____ (Microsoft Corporation) C:\Windows\System32\OneDriveSettingSyncProvider.dll
2016-08-22 09:32 - 2016-08-02 20:33 - 01223168 _____ (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2016-08-22 09:32 - 2016-08-02 20:33 - 01152512 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2016-08-22 09:32 - 2016-08-02 20:32 - 00291840 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2016-08-22 09:32 - 2016-08-02 20:31 - 06743040 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2016-08-22 09:32 - 2016-08-02 20:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2016-08-22 09:32 - 2016-08-02 20:28 - 03663360 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2016-08-22 09:32 - 2016-08-02 20:27 - 02973696 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2016-08-22 09:32 - 2016-08-02 20:23 - 05660672 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2016-08-22 09:32 - 2016-08-02 20:23 - 01799680 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Logon.dll
2016-08-22 09:32 - 2016-08-02 20:22 - 01900544 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2016-08-22 09:31 - 2016-08-02 21:52 - 05793632 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2016-08-22 09:31 - 2016-08-02 21:52 - 00083808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2016-08-22 09:31 - 2016-08-02 21:34 - 00501592 _____ (Microsoft Corporation) C:\Windows\System32\NetSetupEngine.dll
2016-08-22 09:31 - 2016-08-02 21:34 - 00084832 _____ (Microsoft Corporation) C:\Windows\System32\NetSetupApi.dll
2016-08-22 09:31 - 2016-08-02 21:31 - 02921368 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2016-08-22 09:31 - 2016-08-02 21:30 - 00255168 _____ (Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
2016-08-22 09:31 - 2016-08-02 21:28 - 00505136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2016-08-22 09:31 - 2016-08-02 21:28 - 00139616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2016-08-22 09:31 - 2016-08-02 21:21 - 01712992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2016-08-22 09:31 - 2016-08-02 21:21 - 00483680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2016-08-22 09:31 - 2016-08-02 21:21 - 00335712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2016-08-22 09:31 - 2016-08-02 20:58 - 00072192 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2016-08-22 09:31 - 2016-08-02 20:43 - 00180736 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll
2016-08-22 09:31 - 2016-08-02 20:40 - 00145920 _____ (Microsoft Corporation) C:\Windows\System32\NetSetupSvc.dll
2016-08-22 09:31 - 2016-08-02 20:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\IdCtrls.dll
2016-08-22 09:31 - 2016-08-02 20:39 - 19351040 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2016-08-22 09:31 - 2016-08-02 20:39 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2016-08-22 09:31 - 2016-08-02 20:37 - 00335872 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2016-08-22 09:31 - 2016-08-02 20:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\System32\SensorsApi.dll
2016-08-22 09:31 - 2016-08-02 20:33 - 18677760 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2016-08-22 09:31 - 2016-08-02 20:33 - 00687616 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2016-08-22 09:31 - 2016-08-02 20:32 - 12585984 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2016-08-22 09:31 - 2016-08-02 20:32 - 01526272 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2016-08-22 09:31 - 2016-08-02 20:32 - 00434688 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2016-08-22 09:31 - 2016-08-02 20:29 - 12133376 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2016-08-22 09:31 - 2016-08-02 20:25 - 04078080 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2016-08-22 09:31 - 2016-08-02 20:22 - 02501120 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2016-08-22 09:31 - 2016-08-02 20:22 - 01086976 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2016-08-22 09:31 - 2016-08-02 20:21 - 01708032 _____ (Microsoft Corporation) C:\Windows\System32\ActiveSyncProvider.dll
2016-08-22 09:31 - 2016-08-02 20:20 - 03483648 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2016-08-22 09:30 - 2016-08-02 22:27 - 01303744 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2016-08-22 09:30 - 2016-08-02 22:27 - 00081088 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2016-08-22 09:30 - 2016-08-02 22:27 - 00045760 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2016-08-22 09:30 - 2016-08-02 21:52 - 00034088 _____ (Microsoft Corporation) C:\Windows\System32\wldp.dll
2016-08-22 09:30 - 2016-08-02 21:31 - 00957608 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2016-08-22 09:30 - 2016-08-02 20:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\wshbth.dll
2016-08-22 09:30 - 2016-08-02 20:42 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\BluetoothApis.dll
2016-08-22 09:30 - 2016-08-02 20:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2016-08-22 09:30 - 2016-08-02 20:35 - 00178688 _____ (Microsoft Corporation) C:\Windows\System32\wevtutil.exe
2016-08-22 09:30 - 2016-08-02 20:33 - 02050048 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2016-08-22 09:30 - 2016-08-02 20:25 - 05323776 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2016-08-22 09:30 - 2016-08-02 20:22 - 01502208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2016-08-22 09:29 - 2016-08-02 20:27 - 01903104 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2016-08-22 09:29 - 2016-08-02 20:24 - 01735680 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 09:26 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\AppReadiness
2016-08-30 09:23 - 2015-10-29 21:48 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-30 09:20 - 2015-10-29 21:47 - 00000000 ____D C:\Windows\INF
2016-08-30 09:19 - 2013-12-07 18:34 - 00004172 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AFB96465-6C47-4656-99C6-A74EA0425CD6}
2016-08-30 09:10 - 2013-08-09 02:14 - 00000000 ____D C:\Windows\System32\MRT
2016-08-30 09:09 - 2012-06-28 12:17 - 144884648 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-08-30 09:08 - 2012-11-25 11:10 - 00000000 ____D C:\Users\Matthew\AppData\Roaming\Skype
2016-08-30 09:08 - 2012-06-23 08:02 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-30 09:06 - 2016-03-25 16:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-30 09:06 - 2016-02-13 04:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-30 09:01 - 2016-02-13 04:06 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-30 09:01 - 2015-10-29 21:48 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-30 09:01 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\System32\appraiser
2016-08-30 09:01 - 2015-10-29 21:13 - 00786432 ___SH C:\Windows\System32\config\BBI
2016-08-30 09:01 - 2012-07-17 05:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-30 08:55 - 2015-10-29 21:48 - 00000000 ____D C:\Windows\System32\SecureBootUpdates
2016-08-30 08:55 - 2015-10-29 21:39 - 00000000 ____D C:\Windows\CbsTemp
2016-08-22 14:31 - 2012-12-27 18:13 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1196513593-2060879267-4276345258-1001UA.job
2016-08-22 14:05 - 2012-06-23 08:02 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-22 12:48 - 2015-01-01 19:59 - 00003496 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-08-22 08:01 - 2012-06-23 08:02 - 00000000 ____D C:\Program Files\Google
2016-08-22 07:47 - 2016-03-25 16:48 - 00988244 _____ C:\Windows\System32\PerfStringBackup.INI
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\clbcatq.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\combase.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\coml2.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\DifxApi.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\gdiplus.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\IMM32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\NORMALIZ.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\NSI.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\PSAPI.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\sechost.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION
[2016-07-26 14:07] - [2016-06-30 20:19] - 0569752 ____A (Microsoft Corporation) C:\Windows\System32\SHCORE.dll
C:\Windows\SysWOW64\SHCORE.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2016-06-28 08:33] - [2016-04-22 20:14] - 0494592 ____A (Microsoft Corporation) 4A618D1B1D6D46B2FE635A85A3B10F3E
 
C:\Windows\System32\wininit.exe
[2016-06-28 08:32] - [2016-04-22 21:07] - 0192704 ____A (Microsoft Corporation) C3063049D15E3C93194463E0A7F213A5
 
C:\Windows\explorer.exe
[2016-07-26 14:03] - [2016-06-30 20:19] - 4074160 ____A (Microsoft Corporation) B6113983ED77D6FE99BDEE461E7BE004
 
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\System32\svchost.exe
[2015-10-29 21:44] - [2015-10-29 21:44] - 0037256 ____A (Microsoft Corporation) 6A1212077C0559029CDFB9C39580C835
 
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\System32\services.exe
[2016-02-13 03:57] - [2016-02-13 03:57] - 0364168 ____A (Microsoft Corporation) 0B202554398DBFDEE5777CDC2E6C8254
 
C:\Windows\System32\User32.dll
[2016-06-28 08:33] - [2016-04-22 21:00] - 1273720 ____A (Microsoft Corporation) 588454298D5160155B522C58EFD81DC4
 
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe
[2015-10-29 21:44] - [2015-10-29 21:44] - 0026112 ____A (Microsoft Corporation) A878CF325C93723B5017642E6FDB80E8
 
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION
C:\Windows\System32\rpcss.dll
[2015-10-29 21:44] - [2015-10-29 21:44] - 0754176 ____A (Microsoft Corporation) 4C0499B1D34B8E097DAD8B26DC26BCB2
 
C:\Windows\System32\dnsapi.dll
[2016-06-28 08:33] - [2016-03-29 01:28] - 0535080 ____A (Microsoft Corporation) 6A7ACABAE92C837F5C1330188EAE36AE
 
C:\Windows\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Drivers\volsnap.sys
[2015-10-29 21:44] - [2015-10-29 21:44] - 0349536 ____A (Microsoft Corporation) 2E5522E831E616B37F06908B7B56C3B3
 
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 18%
Total physical RAM: 4095.3 MB
Available physical RAM: 3342.97 MB
Total Virtual: 4095.3 MB
Available Virtual: 3374.02 MB
 
==================== Drives ================================
 
Drive c: (1TB) (Fixed) (Total:931.07 GB) (Free:700.19 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
Drive e: (SPALETAUSB) (Removable) (Total:0.47 GB) (Free:0.46 GB) FAT
Drive f: (Repair disc Windows 10 64-bit) (CDROM) (Total:0.37 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E47B0052)
Partition 1: (Active) - (Size=931.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 476.8 MB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.
 
 
LastRegBack: 2016-08-22 08:13
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,018 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 17 September 2016 - 08:08 AM

Greetings Ephs05msm and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

It appears you downloaded the 64 bit version of FRST but my guess is you have a 32 bit computer. Please download this version and run another scan.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,018 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 23 September 2016 - 08:40 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,018 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 01 October 2016 - 05:47 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users