Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FRST Problem

Started by cassyb , Dec 12 2014 12:34 PM

  • Please log in to reply

#1
cassyb
Posted 12 December 2014 - 12:34 PM

cassyb

    Member

  • Member
  • PipPip
  • 34 posts

I ran The FRST program and now I can't access any programs or internet on my computer. I'm not sure what I did wrong, any advice would be greatly apppreciated


  • 0

Advertisements

#2
RKinner
Posted 12 December 2014 - 05:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

What version of Windows is this?

 

What exactly did you do?  

 

What do you mean you can't access any programs?  Does it boot?  Can you boot into Safe Mode?

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 

 

 

Do you have access to another computer?


  • 0

#3
cassyb
Posted 12 December 2014 - 06:24 PM

cassyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I'm using windows 7

 

Here's what I did, my computer was running very slow so I ran the FRST program and that's when I lost internet and I can't launch any program. the computer is starting up I just can't use anything


  • 0

#4
RKinner
Posted 13 December 2014 - 12:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
When you ran FRST what button did you press?  Just the SCAN button or did you try and run a fixlist?
 
 
It starts up.  Does it get to the desktop? Does the mouse work?   What happens when you click on an icon?  Does the keyboard work?  Can you type anything?
 
 
Can you boot into Safe Mode?
 
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 
 
 
Do you have access to another computer?  Do you have a USB drive?

  • 0

#5
cassyb
Posted 13 December 2014 - 08:36 AM

cassyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I'm thinking I did click fixlist not sure The computer is working some what I just have no intenet access(problems identifying network) I do have have a USB drive I used it to download a walware software it helped I can now open some programs,( system restore, anti virus, internet explore still won't open


  • 0

#6
RKinner
Posted 13 December 2014 - 09:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

FRST  in SCAN mode doesn't really do anything except create a restore point and two notepad files.  If you hit Fix it should say it can't find the fixlist and not do anything.  It's possible you are infected and the malware objected to your running an anti-malware program.  What anti-malware program did you run that helped?

 

How do you connect to the Internet?  With an Ethernet cable or wireless?  What browser are you trying to use?  Does the browser come up but can't connect or what?

 

Since you have a USB drive and apparently access to a second computer:

 

 
Download aswMBR.exe  to your desktop.
Double click aswMBR.exe 
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Double click on ComboFix to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
 
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
 

 
Download OTL from
and Save it to your desktop.
 
 
 
Run OTL (Vista or Win 7 => right click and Run As Administrator)
 
 
Select the All option in the Extra Registry group then Run Scan.
 
You should get two logs.  Please copy and paste both of them.
 

  • 0

#7
cassyb
Posted 13 December 2014 - 07:21 PM

cassyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

UPDATE: Ran aswMBR then ComboFix and it's been going for a couple of hours now it restarted the computer and its still running (keeps opening and closing some blue windows) It looks like the internet is working again I have not touched the computer but it shows that I do have internet. I'll keep up to date on what's going on.

 

I  can't thank you enough for all your help and support!


  • 0

#8
cassyb
Posted 14 December 2014 - 07:31 AM

cassyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I'm still at combofix the window keeps opening and closing it's been doing that for the last 13hrs. The internet is working again, but I don't if I should try and force close the combofix program as it seems to have fixed the problem.


  • 0

#9
RKinner
Posted 14 December 2014 - 07:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Sounds like it is still fighting the infection but unable to completely remove it.  I hate to stop it but 13 hours is a bit ridiculous.  Go ahead and stop it and see if there is a log at c:\combofix.txt or c:\combofix\combofix.txt


  • 0

#10
cassyb
Posted 14 December 2014 - 09:32 AM

cassyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

This is what I found

 

ComboFix 14-12-10.03 - cass 12/13/2014  15:00:02.1.2 - x64
Running from: C:\Users\cass\Desktop\ComboFix.exe
C:\Windows\system32\vbscript.dll is missing

 

 

Internet explore won't open but firefox thus


  • 0

Advertisements

#11
RKinner
Posted 14 December 2014 - 10:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

OK Download the attached vbscript.zip file and right click on it and Extract All to C:\Windows\System32

 

Then try Combofix again.

 

Can you run aswMBR again and this time do not let it download the Avast engine?  It should finish fairly quickly.

 

 


  • 0

#12
cassyb
Posted 14 December 2014 - 12:34 PM

cassyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Still can't open internet explorer when I restarted the computer there was an error message

 

RUNDLL

there was a problem starting \iernonce.dll
The specified module could not be found.

 

 

This is the log from aswMBR

 

12:04:36.695    OS Version: Windows x64 6.1.7601 Service Pack 1
12:04:36.696    Number of processors: 2 586 0x602
12:04:36.697    ComputerName: CASS-PC  UserName: cass
12:04:41.583    Initialize success
12:04:42.045    VM: initialized successfully
12:04:42.046    VM: Amd CPU BiosDisabled
12:07:00.534    AVAST engine defs: 14121400
12:18:08.741    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
12:18:08.747    Disk 0 Vendor: ST375052 HP22 Size: 715404MB BusType: 3
12:18:11.824    Disk 0 statistics 456/0/0 @ 1.59 MB/s
12:18:11.825    Scan stopped
12:18:59.794    Disk 0 MBR has been saved successfully to "C:\Users\cass\Documents\MBR.dat"
12:18:59.916    The log file has been saved successfully to "C:\Users\cass\Documents\aswMBR.txt"


  • 0

#13
RKinner
Posted 14 December 2014 - 01:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The VBScript was to try and fix Combofix.  I think we need to check your file system.  Too many files missing.

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
Ron

  • 0

#14
cassyb
Posted 15 December 2014 - 09:41 AM

cassyb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

The logs were too big so I have posted them as atttachment. Every thing seems to be back to normal except internet explorer and norton I still can't open them but I can use the computer[

 

2014-12-15 09:55:20, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:55:20, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:26, Info                  CSI    0000000c [SR] Verify complete
2014-12-15 09:55:28, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:55:28, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:34, Info                  CSI    00000010 [SR] Verify complete
2014-12-15 09:55:36, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:55:36, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:41, Info                  CSI    00000014 [SR] Verify complete
2014-12-15 09:55:43, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:55:43, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:47, Info                  CSI    00000017 [SR] Cannot verify component files for 39eb8a414c1c62e1498a17a84a023a82, Version = 6.1.7601.18640, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral, manifest is damaged (FALSE)
2014-12-15 09:55:48, Info                  CSI    00000019 [SR] Verify complete
2014-12-15 09:55:50, Info                  CSI    0000001a [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:55:50, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2014-12-15 09:55:56, Info                  CSI    0000001d [SR] Verify complete
2014-12-15 09:55:59, Info                  CSI    0000001e [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:55:59, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:04, Info                  CSI    00000021 [SR] Verify complete
2014-12-15 09:56:06, Info                  CSI    00000022 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:56:06, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:12, Info                  CSI    00000025 [SR] Verify complete
2014-12-15 09:56:15, Info                  CSI    00000026 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:56:15, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:21, Info                  CSI    00000029 [SR] Verify complete
2014-12-15 09:56:23, Info                  CSI    0000002a [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:56:23, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:28, Info                  CSI    0000002d [SR] Verify complete
2014-12-15 09:56:30, Info                  CSI    0000002e [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:56:30, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:33, Info                  CSI    00000031 [SR] Verify complete
2014-12-15 09:56:35, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:56:35, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:39, Info                  CSI    00000035 [SR] Verify complete
2014-12-15 09:56:41, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:56:41, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2014-12-15 09:56:45, Info                  CSI    00000039 [SR] Verify complete
2014-12-15 09:56:47, Info                  CSI    0000003a [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:56:47, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:14, Info                  CSI    0000003d [SR] Verify complete
2014-12-15 09:57:18, Info                  CSI    0000003e [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:57:18, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:27, Info                  CSI    00000041 [SR] Verify complete
2014-12-15 09:57:30, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:57:30, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:37, Info                  CSI    00000045 [SR] Verify complete
2014-12-15 09:57:39, Info                  CSI    00000046 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:57:39, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:44, Info                  CSI    00000049 [SR] Verify complete
2014-12-15 09:57:44, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:57:44, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:49, Info                  CSI    0000004d [SR] Verify complete
2014-12-15 09:57:51, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:57:51, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2014-12-15 09:57:55, Info                  CSI    00000051 [SR] Verify complete
2014-12-15 09:57:57, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:57:57, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:03, Info                  CSI    00000055 [SR] Verify complete
2014-12-15 09:58:04, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:58:04, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:10, Info                  CSI    00000059 [SR] Verify complete
2014-12-15 09:58:11, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:58:11, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:23, Info                  CSI    0000005d [SR] Verify complete
2014-12-15 09:58:23, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:58:23, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:30, Info                  CSI    00000061 [SR] Verify complete
2014-12-15 09:58:30, Info                  CSI    00000062 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:58:30, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:37, Info                  CSI    00000065 [SR] Verify complete
2014-12-15 09:58:39, Info                  CSI    00000066 [SR] Verifying 100 (0x0000000000000064) components
2014-12-15 09:58:39, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2014-12-15 09:58:41, Info                  CSI    00000068 [SR] Cannot repair member file [l:30{15}]"setupcompat.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000069 [SR] Cannot repair member file [l:42{21}]"DVDPlaybackCompat.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    0000006a [SR] Cannot repair member file [l:36{18}]"SBCompatPlugin.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    0000006b [SR] Cannot repair member file [l:30{15}]"TouchCompat.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    0000006c [SR] Cannot repair member file [l:34{17}]"wicainventory.exe" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    0000006d [SR] Cannot repair member file [l:20{10}]"DevInv.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    0000006e [SR] Cannot repair member file [l:22{11}]"sdbapiu.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    0000006f [SR] Cannot repair member file [l:24{12}]"cosquery.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000070 [SR] Cannot repair member file [l:38{19}]"compatResources.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000071 [SR] Cannot repair member file [l:42{21}]"MediaCenterCompat.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000072 [SR] Cannot repair member file [l:32{16}]"compatplugin.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000073 [SR] Cannot repair member file [l:34{17}]"QueryAppBlock.exe" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000074 [SR] Cannot repair member file [l:28{14}]"compatctrl.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000075 [SR] Cannot repair member file [l:22{11}]"wdscore.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000076 [SR] Cannot repair member file [l:28{14}]"generaltel.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000077 [SR] Cannot repair member file [l:18{9}]"aeinv.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000078 [SR] Cannot repair member file [l:16{8}]"wica.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-12-15 09:58:41, Info                  CSI    00000079 [SR] Cannot repair member file [l:40{20}]"GadgetCompliance.dll" of Microsoft-Windows-Application-Experience-Upgrade-Compat-Telemetry, Version = 6.1.7601.18683, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/12/2014 10:23:50 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/12/2014 3:21:35 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 3:20:32 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 3:20:02 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 3:20:02 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 3:10:56 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 3:07:27 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 2:58:28 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 2:54:57 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk2\DR2.

Log: 'System' Date/Time: 15/12/2014 2:50:02 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 2:49:50 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 2:49:12 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 2:43:33 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 2:42:36 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Update service hung on starting.

Log: 'System' Date/Time: 15/12/2014 2:42:12 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 2:41:49 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

Log: 'System' Date/Time: 15/12/2014 2:41:02 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 15/12/2014 2:35:45 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Program Compatibility Assistant Service service terminated with the following error:  The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/12/2014 2:43:33 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name tracker.openbittorrent.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/12/2014 2:35:56 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_MULTI&PROD_FLASH_READER&REV_1.00#058F63666471&0#.


 

Attached Files


  • 0

#15
RKinner
Posted 15 December 2014 - 10:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Download the attached pcasvc.zip file and right click on it and Extract All to c:\windows\system32\

 

Per The System Event log the file is missing so it should go in without an error.

 

Then clear the alarms:

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.
 

 

Run VEW as before. 

 

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply.  Once you copy and paste the log into your reply you should run VEW again but this time select Applications.  Copy and paste the result.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP