Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot into Windows 10


  • This topic is locked This topic is locked
19 replies to this topic

#1 rauwija2

rauwija2

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 09 October 2016 - 02:01 PM

So, this is my youngster's pc. Powering up this pc immediately displays what appears to me to be a bogus error message. And that's it. Can't get to windows 10. I think I've managed at this point to boot it into safe mode. I hate to admit it but I'm still running XP on my machine so don't have a lot of familiarity with the new OS. Ran the Farbar Recovery tool through a thumbdrive and am pasting the results below. and attaching the addition text file to this post. 

 

Thanks, Jim

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by Jim (administrator) on HOME (09-10-2016 14:40:56)
Running from F:\
Loaded Profiles: Jim (Available Profiles: Cat & Jim & Molly & Anita & Surplus & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-16] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\...\MountPoints2: {a2fff1b6-1034-11e5-827b-c82443e120f5} - "E:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-04] (Hightail Inc.)
Startup: C:\Users\Cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6EFEC362-CE77-4B5E-86AA-529A517EC73E}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6EFEC362-CE77-4B5E-86AA-529A517EC73E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B5EDA2BE-DE5A-4A65-BA52-E2A76AA01728}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-11] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-11] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-20] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2015-07-21] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-29] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-11] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-20] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-02-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
S4 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2735408 2015-05-06] (ClientConnect LTD)
S4 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-06-13] (BioWare)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [238376 2015-06-11] (EasyAntiCheat Ltd)
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
S4 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-16] () [File not signed]
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [532224 2014-04-22] (Lenovo)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S4 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
S4 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S4 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S4 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S4 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-14] (Nitro PDF Software)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3534784 2015-04-01] (INCA Internet Co., Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-19] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-19] (Electronic Arts)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-09 14:40 - 2016-10-09 14:40 - 00000000 ____D C:\FRST
2016-10-07 20:58 - 2016-10-07 20:58 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Hightail for Lenovo
2016-10-07 20:08 - 2016-10-07 20:08 - 00033132 _____ C:\Users\Jim\Desktop\Removed Apps.html
2016-10-07 19:58 - 2016-10-07 21:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2942843194-2648226075-3252564554-1006
2016-09-30 20:42 - 2016-09-30 20:42 - 00001457 _____ C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-30 20:42 - 2016-09-30 20:42 - 00000020 ___SH C:\Users\Jim\ntuser.ini
2016-09-30 20:42 - 2016-09-30 20:42 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Adobe
2016-09-30 20:42 - 2016-09-30 20:42 - 00000000 ____D C:\Users\Jim\AppData\Local\VirtualStore
2016-09-30 20:42 - 2016-09-30 20:42 - 00000000 ____D C:\Users\Jim\AppData\Local\Google
2016-09-18 01:57 - 2016-09-18 01:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-09-17 18:31 - 2016-09-17 18:31 - 00000000 ____D C:\Users\Cat\.QtWebEngineProcess
2016-09-17 18:31 - 2016-09-17 18:31 - 00000000 ____D C:\Users\Cat\.Origin
2016-09-10 01:40 - 2016-09-10 01:40 - 00000041 _____ C:\Users\Cat\Desktop\sib gizmo.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-09 14:41 - 2015-12-04 00:40 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d12e4de98e3aa3.job
2016-10-09 14:40 - 2014-03-18 05:53 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-09 14:40 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-10-09 14:36 - 2015-06-11 17:20 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-07 22:10 - 2015-06-11 17:20 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-07 20:50 - 2016-05-10 17:35 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1ab03da0e4430.job
2016-10-07 20:50 - 2015-07-15 19:30 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf563e89592c.job
2016-10-07 20:22 - 2015-06-11 17:11 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-10-07 19:34 - 2016-07-28 18:40 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1e92117c1dbde.job
2016-10-07 19:34 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-30 21:27 - 2015-06-11 17:06 - 00000000 ____D C:\Users\Jim
2016-09-30 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-30 20:42 - 2015-06-07 10:08 - 00000000 ____D C:\Users\Jim\AppData\Local\Packages
2016-09-30 20:19 - 2015-06-11 17:06 - 00000000 ____D C:\Users\Cat
2016-09-30 20:19 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-30 20:00 - 2015-06-11 17:06 - 00000000 ____D C:\Users\Cat\AppData\Local\SweetLabs App Platform
2016-09-23 21:43 - 2015-10-02 18:25 - 00000000 ____D C:\Users\Cat\Desktop\Witchery
2016-09-23 20:19 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-21 06:48 - 2015-10-30 23:06 - 00003280 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform
2016-09-20 22:21 - 2015-06-11 17:33 - 00000000 ____D C:\Users\Cat\AppData\Roaming\Origin
2016-09-20 06:54 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-20 06:53 - 2015-03-19 13:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-19 18:46 - 2015-06-11 17:28 - 00000000 ____D C:\ProgramData\Origin
2016-09-19 18:46 - 2015-06-11 17:28 - 00000000 ____D C:\Program Files (x86)\Origin
2016-09-19 18:45 - 2015-06-11 17:33 - 00000000 ____D C:\Users\Cat\AppData\Local\Origin
2016-09-19 18:45 - 2015-06-06 12:50 - 00000000 __RDO C:\Users\Cat\OneDrive
2016-09-19 18:44 - 2015-06-11 17:28 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-19 18:44 - 2013-08-22 09:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-18 02:29 - 2015-06-11 17:24 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2942843194-2648226075-3252564554-1001
2016-09-16 19:36 - 2015-06-11 17:21 - 00002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 19:36 - 2015-06-11 17:21 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-14 21:48 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps

==================== Files in the root of some directories =======

2015-03-19 13:17 - 2015-03-19 13:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Cat\AppData\Local\Temp\oct70DD.tmp.exe
C:\Users\Cat\AppData\Local\Temp\oct8CCD.tmp.exe
C:\Users\Molly\AppData\Local\Temp\octCCFF.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-07 21:11

==================== End of FRST.txt ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 AM

Posted 11 October 2016 - 10:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove the programs in bold via the Control Panel > Programs > Programs and Features.
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.60.37 - ClientConnect LTD) <==== ATTENTION
Start Menu (HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\...\Pokki) (Version: 0.269.2.471 - Pokki)

Do you need Adode Air?
https://get.adobe.com/air/

If not then remove this old version.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
S4 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2735408 2015-05-06] (ClientConnect LTD)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
Task: {2D665075-4B40-4565-948A-A76C0F091572} - System32\Tasks\SweetLabs App Platform => C:\Users\Jim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
AlternateDataStreams: C:\Windows:nlsPreferences [386]
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
C:\Users\Cat\AppData\Local\Temp\oct70DD.tmp.exe
C:\Users\Cat\AppData\Local\Temp\oct8CCD.tmp.exe
C:\Users\Molly\AppData\Local\Temp\octCCFF.tmp.exe
C:\Users\Jim\AppData\Local\SweetLabs App Platform

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

When you can start the computer normally please update these programs

Your version(s) of Adobe Flash are out-or-date and vulnerable.
Go to Start > Control Panel > Programs and Features and uninstall the following programs:
Adobe Flash Player 16 NPAPI

Go to this page with Firefox to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader Via the Control Panel > Programs > Programs and Features.
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Please post the Fixlog.txt file and let me know if you now can start the computer normally.

..

p.s.
The Operating system is Windows 8.1

#3 rauwija2

rauwija2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 11 October 2016 - 04:53 PM

Ok. Uninstalled

 

Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.16.60.37 - ClientConnect LTD) <==== ATTENTION
Start Menu (HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\...\Pokki) (Version: 0.269.2.471 - Pokki)

 

Ran FRST and  Fix..

Restarted the computer.
 

Now immediately loads me as the user. Took forever with the "busy" icon showing whenever putting  the cursor in the windows task bar. Eventually stopped. The mouse buttons wouldn't work although the cursor moved on the screen. Tried powering up and down a number of times with the same result. Eventually put it into safe mode. Couldn't access the internet (though I assume that's a feature of safe mode) so didn't finish with the adobe or java updates.  Pasting the fixlog text below.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-10-2016
Ran by Jim (11-10-2016 14:07:48) Run:1
Running from F:\
Loaded Profiles: Jim (Available Profiles: Cat & Jim & Molly & Anita & Surplus & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
S4 CltMngSvc; C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe [2735408 2015-05-06] (ClientConnect LTD)
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
Task: {2D665075-4B40-4565-948A-A76C0F091572} - System32\Tasks\SweetLabs App Platform => C:\Users\Jim\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
AlternateDataStreams: C:\Windows:nlsPreferences [386]
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe
C:\Users\Cat\AppData\Local\Temp\oct70DD.tmp.exe
C:\Users\Cat\AppData\Local\Temp\oct8CCD.tmp.exe
C:\Users\Molly\AppData\Local\Temp\octCCFF.tmp.exe
C:\Users\Jim\AppData\Local\SweetLabs App Platform

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2942843194-2648226075-3252564554-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value not found.
CltMngSvc => service removed successfully
xhunter1 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D665075-4B40-4565-948A-A76C0F091572}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D665075-4B40-4565-948A-A76C0F091572}" => key removed successfully
C:\WINDOWS\System32\Tasks\SweetLabs App Platform => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform" => key removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\Program Files (x86)\LenovoBrowserGuard\Main\bin\CltMngSvc.exe => moved successfully
C:\Users\Cat\AppData\Local\Temp\oct70DD.tmp.exe => moved successfully
C:\Users\Cat\AppData\Local\Temp\oct8CCD.tmp.exe => moved successfully
C:\Users\Molly\AppData\Local\Temp\octCCFF.tmp.exe => moved successfully
"C:\Users\Jim\AppData\Local\SweetLabs App Platform" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5282240 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 4008607 B
Edge => 0 B
Chrome => 19052172 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Cat => 19847390 B
Jim => 9545002 B
Molly => 1349809812 B
Anita => 0 B
Surplus => 67782098 B
Administrator => 12266 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:08:02 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 AM

Posted 12 October 2016 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run this fix and restart the computer normally (normally or in save mode.)

If you only get safe mode you can select the option to connect to the internet.

Keep me posted.

Forget about the Adobe and Java updates for now,
Do it when all is well.

#5 rauwija2

rauwija2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 12 October 2016 - 12:57 PM

ok. did that and will paste the log.  Still doing the same thing. It did start one time like it was a totally new start. said hi to me then " lets get started" took me along to talk about loading or getting apps.  One time it loaded and gave me an error message: c:\windows\system32\config\systemprofile\desktop is unavailable. And then one time it loaded and gave me a big blue band across the screen which said that the pc had been unprotected for 262 days and would i like to renew mcaffee or turn on windows defender. Anyway, here's the log...

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-10-2016
Ran by Jim (12-10-2016 13:05:45) Run:2
Running from F:\
Loaded Profiles: Jim (Available Profiles: Cat & Jim & Molly & Anita & Surplus & Administrator)
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
 
An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
 
An error occurred while attempting to contact the  Windows Firewall service. Make sure that the service is running and try your request again.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.
 
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 13:05:47 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 AM

Posted 13 October 2016 - 09:25 AM


From the Windows Start > Run box execute this command. chkdsk /f C:

The Check Disk then performs an analysis of the disk and returns a status message regarding any problems it encounters.Unless you specify further options, Check Disk won’t repair problems, however.To find and repair errors on drive C, use this command:
chkdsk /f C:

===

When completed run this SFC command as suggested below.

From the Windows Start > Run box.

Run the command sfc /scannow at an administrative command prompt to check for errors and to repair the file if necessary.

===

When all is completed run this tool and post the log for my review.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 AM

Posted 19 October 2016 - 10:49 AM

Are you still with me?

#8 rauwija2

rauwija2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 31 October 2016 - 01:03 PM

Ok Nasdaq. From your last set of instructions I tried to run the chkdsk command.  Returns this: Chkdsk cannot run because the volume is in use by another process.

 

No other apps are open when I run the command and I"m currently in safe mode.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 AM

Posted 01 November 2016 - 09:12 AM


Execute the CMD from as an Administrator.

How to Windows 8.1
https://commandwindows.com/windows-8-commands.htm

These are the commands you can use.

/F Fixes errors on the disk.
/V On FAT/FAT32: Displays the full path and name of every file on the disk. On NTFS: Displays cleanup messages if any.
/R Locates bad sectors and recovers readable information (implies /F).
/L:size NTFS only: Changes the log file size to the specified number of kilobytes. If size is not specified, displays current size.
/X Forces the volume to dismount first if necessary. All opened handles to the volume would then be invalid (implies /F).
/I NTFS only: Performs a less vigorous check of index entries.
/C NTFS only: Skips checking of cycles within the folder structure.
/B NTFS only: Re-evaluates bad clusters on the volume (implies /R)
"CHKDSK x: /F /R" would perform a full scan (including bad sectors) and attempt to fix them. <- x: is the drive you wish to check yours would be c:

First try CHKDSK C: /F

Any luck?

p.s.
Your FRST logs shows that you have Windows 8.1 installed.
Platform: Windows 8.1 (Update) (X64) Language: English (United States)

#10 rauwija2

rauwija2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 02 November 2016 - 05:14 PM

Ok. Ran chkdsk.

 

Ran sfc /scannow. There were a number of files it couldn't repair. Attached to this post as CBS.log.Attached File  CBS.log   736.09KB   0 downloads

 

Ran FSS utility. Results pasted below.

 

Farbar Service Scanner Version: 27-01-2016
Ran by Jim (administrator) on 02-11-2016 at 17:46:07
Running from "C:\Users\Jim\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Network
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 AM

Posted 03 November 2016 - 09:14 AM


Lets fix some settings to the default value.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    10 - Remove Policies Set By Infections
    13 - Repair Winsock & DNS Cache
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    28.02 - Repair Windows 8/10 Apps Store (Completely Reset Apps Store)
    29 - Repair Windows 8/10 Component Store
    30 - Repair Windows 8/10 COM+ Unmarshalers
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    Let me know what problem persists.





#12 rauwija2

rauwija2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 November 2016 - 01:50 PM

ok. ran the tweak program repair section (twice as recommended with a hard power shut down). Attaching the error logs generated.

 

Will try a regular reboot and report results in my next post.

 

Attached Files



#13 rauwija2

rauwija2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 04 November 2016 - 02:35 PM

Regular Reboot resulted in:

 

Start up flashed the log in screen and then loaded my profile immediately

The cursor showed up on a black screen

After a long while the task  bar showed up at the bottom

After about 5 minutes the screen went to a solid dark blue then returned to the black screen with taskbar at the bottom

No icons showed on the screen.

The cursor remained visible and responded to mouse movement but nothing happened when I clicked the mouse buttons.

The hard drive light lit up occasionally.

 

So, about the same.  Although in safe mode it loaded much faster.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:43 AM

Posted 05 November 2016 - 07:49 AM


It could be caused by a wrong version or drivers or your Graphics card is failling.

Lets check the drivers.

How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
Follow the instructions on this page.


http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/

===

Secunia is NOW OWNED BY Flexera Software


Navigate to this page.
http://learn.flexerasoftware.com/SVM-EVAL-Personal-Software-Inspector

Download and run the Flexera Software Personal Software Inspector.

p.s.
I think you can run this check in safe mode.

#15 rauwija2

rauwija2
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 07 November 2016 - 02:35 PM

Ok.

 

Secunia checked for windows update and said it was not installed. The update page directed me to search for it on my pc. So I discovered that the search function does not work. The icon is in the charms bar and in the list of commands in the windows start button but nothing happens. I also discovered that the change pc settings function doesn't do anything either. 

 

Secunia software says that it won't work properly without windows update running.  I'm doing this in safemode but I think these functions ought to be available.

 

Thoughts?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users