[Waves]

Ok so i'm posting this from my work PC and i chose this subforum cause i couldn't load the other ones (ehh). (so please do not move the topic if you can because i need to have access to it from work so i can know what to do when i get back home) If this means anything, i have two partitions. The problem was identified in the D: drive, whereas my Windows installation is on C: Now, the problem is that i got a popup (might be from my antivirus) that said something about MBAM's Anti-Rootkit module and that i should restart my PC to fix it. So i did. Then, my PC entered recovery mode (or so it is called) and it made a 30 min. scan and then it said it can't fix anything. I looked into the log and it said that the mbamswissarmy.sys file is missing/corrupted. I tried to boot my PC again but all it did is enter recovery mode and doing that scan loop for errors. Can anyone help bring my PC back to life because i got a lot of stuff i MUST NOT lose. Please and thank you!

 

EDIT: PC is a Windows 7 Professional (64-bit) if that says anything...

Edited by Waves, 14 December 2015 - 01:05 AM.

[Advertisements]

Hello Waves,

Welcome to Geekstogo.

Here are some instructions to help you access the Recovery Environment to run a scan.

There are two options shown below. For the first, you will only need a flash drive or some such, for the second, you will need both a flash drive and a Windows Installation Disk..

If you are unable to access the Recovery Environment through the first option and have a Windows Installation disc for that machine then option two will be a good one to try.

Now

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select English as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

 To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

[emeraldnzl]

Hello Waves,

Welcome to Geekstogo.

Here are some instructions to help you access the Recovery Environment to run a scan.

There are two options shown below. For the first, you will only need a flash drive or some such, for the second, you will need both a flash drive and a Windows Installation Disk..

If you are unable to access the Recovery Environment through the first option and have a Windows Installation disc for that machine then option two will be a good one to try.

Now

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select English as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

 To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

[Waves]

here it is, i hope u can make a fix for this, cuz it's getting annoying....

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015

Ran by SYSTEM on MININT-BU7NFL8 (15-12-2015 16:06:22)

Running from H:\

Platform: Windows 7 Professional (X64) Language: English (United States)

Internet Explorer Version 8

Boot Mode: Recovery

Default: ControlSet001

ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

 

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)

HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-10] (Razer Inc.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /bootscan -resetprotection

HKU\Poizoneheart\...\Run: [LightShot] => C:\Users\Poizoneheart\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()

HKU\Poizoneheart\...\Run: [AdobeBridge] => [X]

HKU\Poizoneheart\...\Run: [Akamai NetSession Interface] => C:\Users\Poizoneheart\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)

Startup: C:\Users\Poizoneheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk [2014-08-19]

ShortcutTarget: Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-01-04] (Autodesk)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)

S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)

S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)

S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)

S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-08] ()

S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

S2 Apache2.2; "D:\xampp\apache\bin\httpd.exe" -k runservice [X]

S4 MBAMScheduler; "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]

S2 MBAMService; "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]

S2 mi-raysat_3dsMax2009_64; "D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [X]

S2 mysql; D:\xampp\mysql\bin\mysqld.exe --defaults-file=D:\xampp\mysql\bin\my.ini mysql

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()

S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-12] (ESET)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-12] (ESET)

S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-12] (ESET)

S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-12] (ESET)

S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-12] (ESET)

S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-12] (ESET)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-04] (Malwarebytes)

S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2015-12-12] () <==== ATTENTION (zero byte File/Folder)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-04] (Malwarebytes Corporation)

S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)

S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)

S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)

S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)

S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)

S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2014-04-13] (Duplex Secure Ltd.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-12-15 16:06 - 2015-12-15 16:06 - 00000000 ____D C:\FRST

2015-12-11 14:07 - 2015-12-11 14:09 - 37508078 _____ C:\Users\Poizoneheart\Downloads\herzx2099 - you.wav

2015-12-11 13:54 - 2015-12-11 14:18 - 1094257274 _____ C:\Users\Poizoneheart\Downloads\Sophie Type Sounds Vol. 1.zip

2015-12-11 07:50 - 2015-12-12 01:58 - 00000000 ____D C:\Users\Poizoneheart\Downloads\l2tower

2015-12-11 05:58 - 2015-12-11 05:59 - 24521612 _____ C:\Users\Poizoneheart\Downloads\cat soup - misqueme.zip

2015-12-10 11:07 - 2015-12-10 11:07 - 35115376 _____ C:\Users\Poizoneheart\Downloads\l2tower.zip

2015-12-10 09:31 - 2015-12-10 09:40 - 43310049 _____ C:\Users\Poizoneheart\Downloads\HudMo 4 FrankOcean.zip

2015-12-10 07:53 - 2015-12-10 07:55 - 42583608 _____ C:\Users\Poizoneheart\Downloads\The Weeknd - The Hills (Acapella) .wav

2015-12-08 08:16 - 2015-12-08 08:31 - 442638341 _____ C:\Users\Poizoneheart\Downloads\Kodyak - the place i call home.zip

2015-12-08 08:16 - 2015-12-08 08:18 - 77939139 _____ C:\Users\Poizoneheart\Downloads\Kodyak - the place i call home (1).zip

2015-12-02 08:27 - 2015-12-02 08:33 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Film Noir cinema BLACK (RNDYSVGE track is missing)

2015-12-02 08:24 - 2015-12-02 08:27 - 77953024 _____ C:\Users\Poizoneheart\Downloads\QUIX SAMPLE PACK.zip

2015-12-01 10:00 - 2015-12-01 10:02 - 42110293 _____ C:\Users\Poizoneheart\Downloads\Bones - HermitOfEastGrandRiver.zip

2015-11-30 08:15 - 2015-11-30 08:16 - 24890515 _____ C:\Users\Poizoneheart\Downloads\esta. - Feathers EP.zip

2015-11-28 06:57 - 2006-02-03 17:50 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd

2015-11-28 06:57 - 2006-02-03 17:50 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys

2015-11-27 23:15 - 2015-11-27 23:21 - 239126022 _____ C:\Users\Poizoneheart\Downloads\Forward Stems (Alexander Lewis).zip

2015-11-27 08:06 - 2015-11-27 08:08 - 93704747 _____ C:\Users\Poizoneheart\Downloads\X Drums.zip

2015-11-25 12:13 - 2015-11-25 12:13 - 29259284 _____ C:\Users\Poizoneheart\Downloads\Magtfuld Future House Sound Pack Volume 1.zip

2015-11-25 11:06 - 2015-11-25 11:09 - 34017049 _____ C:\Users\Poizoneheart\Downloads\NoDJ-Raye-Welcome_To_The_Winter.zip

2015-11-25 08:03 - 2015-11-25 08:21 - 423422050 _____ C:\Users\Poizoneheart\Downloads\STYLSS Sample Pack - Volume Two [Nov 2015].zip

2015-11-25 07:19 - 2015-11-25 07:19 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\RevealSound

2015-11-24 11:44 - 2015-11-24 11:51 - 131515931 _____ C:\Users\Poizoneheart\Downloads\Daruma - Vol. 004.zip

2015-11-24 11:44 - 2015-11-24 11:46 - 26107244 _____ C:\Users\Poizoneheart\Downloads\Culpmixtest2.wav

2015-11-24 08:42 - 2015-11-24 08:45 - 29255922 _____ C:\Users\Poizoneheart\Downloads\Capsun Drumkit.zip

2015-11-24 05:32 - 2015-11-24 05:32 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\ElevatedDiagnostics

2015-11-23 06:13 - 2015-11-23 06:17 - 30660095 _____ C:\Users\Poizoneheart\Downloads\QUIX SAMPLE PACK.rar

2015-11-21 15:10 - 2015-11-21 15:10 - 00084679 _____ C:\Users\Poizoneheart\Downloads\DANKOLDSCHOOLREECE.fst

2015-11-21 03:56 - 2015-11-21 04:08 - 67789674 _____ C:\Users\Poizoneheart\Downloads\Ignant_Shit-(DatPiff.com).zip

2015-11-21 03:55 - 2015-11-21 04:11 - 94517704 _____ C:\Users\Poizoneheart\Downloads\Swavey-(DatPiff.com).zip

2015-11-21 03:54 - 2015-11-21 04:04 - 43853657 _____ C:\Users\Poizoneheart\Downloads\Mr_1_Verse_Killah-(DatPiff.com).zip

2015-11-21 03:53 - 2015-11-21 04:12 - 44688088 _____ C:\Users\Poizoneheart\Downloads\Tory_Lanez_One_Verse_One_Hearse.zip

2015-11-21 03:52 - 2015-11-21 04:06 - 85797952 _____ C:\Users\Poizoneheart\Downloads\Just_Landed-(DatPiff.com).zip

2015-11-21 03:49 - 2015-11-21 04:12 - 93855742 _____ C:\Users\Poizoneheart\Downloads\Tory Lanez - Lost Cause - HotNewHipHop.zip

2015-11-21 03:49 - 2015-11-21 04:10 - 96252871 _____ C:\Users\Poizoneheart\Downloads\Tory Lanez - Conflicts Of My Soul - HotNewHipHop.zip

2015-11-21 03:32 - 2015-11-21 03:36 - 93258683 _____ C:\Users\Poizoneheart\Downloads\Rozz Dyliams & Purpdogg - The Judas Cradle.zip

2015-11-21 00:42 - 2015-11-21 00:55 - 247548153 _____ C:\Users\Poizoneheart\Downloads\drew the architect - vacive.zip

2015-11-21 00:42 - 2015-11-21 00:44 - 51190516 _____ C:\Users\Poizoneheart\Downloads\drew the architect - vacive (1).zip

2015-11-21 00:37 - 2015-11-21 00:37 - 70425452 _____ C:\Users\Poizoneheart\Desktop\zodivk x king sol.zip

2015-11-20 12:11 - 2015-11-20 12:15 - 79272732 _____ C:\Users\Poizoneheart\Downloads\KOAN_Sound_x_Culprate_x_Asa_x_Opiuo_-_If_You_Hadn_39_t.wav

2015-11-20 09:21 - 2015-11-20 09:26 - 2072249756 _____ C:\Users\Poizoneheart\Downloads\1ada01.rar

2015-11-20 09:15 - 2015-11-20 09:26 - 50284557 _____ C:\Users\Poizoneheart\Downloads\KOAN_Sound_x_Culprate_x_Asa_x_Opiuo_-_If_You_Hadn_39_t.flac

2015-11-19 10:51 - 2015-11-19 11:06 - 58997312 _____ C:\Users\Poizoneheart\Downloads\Sober Rob + lux.impala - Nativity.wav

2015-11-19 10:50 - 2015-11-19 10:53 - 37787552 _____ C:\Users\Poizoneheart\Downloads\goldwater - glaciate.wav

2015-11-19 09:03 - 2015-11-19 09:05 - 2379959847 _____ C:\Users\Poizoneheart\Downloads\teamsesh.zip

2015-11-18 11:27 - 2015-11-18 11:28 - 07613138 _____ C:\Users\Poizoneheart\Downloads\JUST-BLAZE-DRUMS.zip

2015-11-18 06:41 - 2015-11-18 07:05 - 470109269 _____ C:\Users\Poizoneheart\Downloads\Culprate Sample Pack.zip

2015-11-17 08:40 - 2015-11-17 08:41 - 00001331 _____ C:\Users\Poizoneheart\Desktop\soundcloud bio.txt

2015-11-17 08:34 - 2015-11-17 08:36 - 34288706 _____ C:\Users\Poizoneheart\Downloads\Cresce_-_Bad_Habits.wav

2015-11-16 09:16 - 2015-11-19 08:33 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Sorsari - The Farplane

2015-11-15 06:39 - 2015-11-15 06:40 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Tory Lanez - Cruel Intentions

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-12-12 15:18 - 2014-03-29 09:53 - 00001184 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-12-12 15:14 - 2015-01-10 06:02 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys

2015-12-12 15:06 - 2015-08-11 10:00 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

2015-12-12 14:24 - 2009-07-13 20:45 - 00014848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-12-12 14:24 - 2009-07-13 20:45 - 00014848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-12-12 14:18 - 2015-01-03 05:40 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Akamai

2015-12-12 14:16 - 2015-08-11 10:00 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job

2015-12-12 14:16 - 2014-03-29 09:53 - 00001180 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-12-12 14:15 - 2014-03-29 09:37 - 00000000 ____D C:\ProgramData\NVIDIA

2015-12-12 14:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-12-12 09:10 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\System32\PerfStringBackup.INI

2015-12-12 09:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf

2015-12-12 08:47 - 2014-08-19 03:57 - 00000402 _____ C:\Windows\Tasks\update-S-1-5-21-345066769-3900799609-3403792336-1001.job

2015-12-12 05:59 - 2014-08-19 03:56 - 00000402 _____ C:\Windows\Tasks\update-sys.job

2015-12-10 10:30 - 2014-03-29 09:54 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-12-02 08:35 - 2014-05-22 01:43 - 07271424 ___SH C:\Users\Poizoneheart\Downloads\Thumbs.db

2015-12-02 06:13 - 2014-03-29 09:53 - 00004180 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-12-02 06:13 - 2014-03-29 09:53 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-11-29 08:40 - 2014-04-21 23:08 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\spek

2015-11-29 08:30 - 2014-05-17 07:39 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\Curse Client

2015-11-28 23:26 - 2015-11-09 00:04 - 05052672 _____ C:\Windows\System32\FNTCACHE.DAT

2015-11-28 08:59 - 2015-11-09 00:06 - 00124432 _____ C:\Users\Poizoneheart\AppData\Local\GDIPFONTCACHEV1.DAT

2015-11-28 06:50 - 2014-03-29 09:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-11-27 23:59 - 2014-04-10 10:43 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Battle.net

2015-11-26 06:37 - 2014-09-12 04:31 - 00001456 _____ C:\Users\Poizoneheart\AppData\Local\Adobe Save for Web 12.0 Prefs

2015-11-24 07:41 - 2015-01-30 14:26 - 00000000 ____D C:\Windows\pss

2015-11-24 07:40 - 2014-03-29 09:52 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Deployment

2015-11-24 07:39 - 2015-08-11 10:06 - 00000000 ___RD C:\Users\Poizoneheart\Dropbox

2015-11-24 07:39 - 2015-08-11 09:59 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Dropbox

2015-11-23 11:38 - 2014-04-23 06:45 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2015-11-23 11:38 - 2014-04-23 02:05 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2015-11-22 09:46 - 2014-04-23 02:05 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2015-11-20 12:12 - 2014-03-29 12:00 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\vlc

 

Some files in TEMP:

====================

C:\Users\Poizoneheart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpznejnx.dll

C:\Users\Poizoneheart\AppData\Local\Temp\_is15C9.exe

 

 

==================== Known DLLs (Whitelisted) =========================

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\dnsapi.dll => MD5 is legit

C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE Association (Whitelisted) =============

 

 

==================== Restore Points =========================

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 15%

Total physical RAM: 4095.12 MB

Available physical RAM: 3443.41 MB

Total Virtual: 4093.27 MB

Available Virtual: 3438.05 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:97.56 GB) (Free:0.41 GB) NTFS

Drive e: () (Fixed) (Total:600.98 GB) (Free:309 GB) NTFS

Drive h: () (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E267E267)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=601 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

 

LastRegBack: 2015-12-12 09:41

 

==================== End of FRST.txt ============================

[emeraldnzl]

Hello Waves,
 
Download the attached fixlist.txt file and save it on the flashdrive as fixlist.txt

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

After that see if you can boot up normally.

 

If you can, please transfer FRST from your USB stick to the desktop of your computer and run a fresh scan with the Addition box ticked.

 

Copy and paste the Frst.txt and Addition.txt back into the thread here.

Attached Files

•  fixlist.txt   29bytes   857 downloads

[Waves]

I'm posting this from my (now) fixed PC! Thanks for ur help!!! 

 

Can you explain what/how this happened and if i can do anything to prevent it from happening again?

[emeraldnzl]

All we have done is revert to an earlier version of the machines registry.

 

Now we really need to finish the cleaning process to try and avoid this happening again.

 

Note: When downloading the next two tools choose the @Bleepingcompter green button you see. If you are unable to run JRT.txt just move on to AdwCleaner.

 

Please download Junkware Removal Tool to your desktop.
 

• Shut down your protection software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

Next

 

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.



Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

 

So when you return please post

JRT.txt

AdwCleaner log

[emeraldnzl]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.