Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows\system32\drivers\mbamswissarmy.sys [Closed]

help

  • This topic is locked This topic is locked

#1
Waves

Waves

    New Member

  • Member
  • Pip
  • 3 posts

Ok so i'm posting this from my work PC and i chose this subforum cause i couldn't load the other ones (ehh). (so please do not move the topic if you can because i need to have access to it from work so i can know what to do when i get back home) If this means anything, i have two partitions. The problem was identified in the D: drive, whereas my Windows installation is on C: Now, the problem is that i got a popup (might be from my antivirus) that said something about MBAM's Anti-Rootkit module and that i should restart my PC to fix it. So i did. Then, my PC entered recovery mode (or so it is called) and it made a 30 min. scan and then it said it can't fix anything. I looked into the log and it said that the mbamswissarmy.sys file is missing/corrupted. I tried to boot my PC again but all it did is enter recovery mode and doing that scan loop for errors. Can anyone help bring my PC back to life because i got a lot of stuff i MUST NOT lose. Please and thank you!

 

EDIT: PC is a Windows 7 Professional (64-bit) if that says anything...


Edited by Waves, 14 December 2015 - 01:05 AM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts

Hello Waves,

Welcome to Geekstogo.

Here are some instructions to help you access the Recovery Environment to run a scan.

There are two options shown below. For the first, you will only need a flash drive or some such, for the second, you will need both a flash drive and a Windows Installation Disk..

If you are unable to access the Recovery Environment through the first option and have a Windows Installation disc for that machine then option two will be a good one to try.

Now

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 


  • 0

#3
Waves

Waves

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here it is, i hope u can make a fix for this, cuz it's getting annoying....
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by SYSTEM on MININT-BU7NFL8 (15-12-2015 16:06:22)
Running from H:\
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-10] (Razer Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /bootscan -resetprotection
HKU\Poizoneheart\...\Run: [LightShot] => C:\Users\Poizoneheart\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\Poizoneheart\...\Run: [AdobeBridge] => [X]
HKU\Poizoneheart\...\Run: [Akamai NetSession Interface] => C:\Users\Poizoneheart\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\Users\Poizoneheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk [2014-08-19]
ShortcutTarget: Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-01-04] (Autodesk)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-08] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Apache2.2; "D:\xampp\apache\bin\httpd.exe" -k runservice [X]
S4 MBAMScheduler; "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S2 mi-raysat_3dsMax2009_64; "D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [X]
S2 mysql; D:\xampp\mysql\bin\mysqld.exe --defaults-file=D:\xampp\mysql\bin\my.ini mysql
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-12] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-12] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-12] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-12] (ESET)
S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-12] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-12] (ESET)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-04] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2015-12-12] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-04] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2014-04-13] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-15 16:06 - 2015-12-15 16:06 - 00000000 ____D C:\FRST
2015-12-11 14:07 - 2015-12-11 14:09 - 37508078 _____ C:\Users\Poizoneheart\Downloads\herzx2099 - you.wav
2015-12-11 13:54 - 2015-12-11 14:18 - 1094257274 _____ C:\Users\Poizoneheart\Downloads\Sophie Type Sounds Vol. 1.zip
2015-12-11 07:50 - 2015-12-12 01:58 - 00000000 ____D C:\Users\Poizoneheart\Downloads\l2tower
2015-12-11 05:58 - 2015-12-11 05:59 - 24521612 _____ C:\Users\Poizoneheart\Downloads\cat soup - misqueme.zip
2015-12-10 11:07 - 2015-12-10 11:07 - 35115376 _____ C:\Users\Poizoneheart\Downloads\l2tower.zip
2015-12-10 09:31 - 2015-12-10 09:40 - 43310049 _____ C:\Users\Poizoneheart\Downloads\HudMo 4 FrankOcean.zip
2015-12-10 07:53 - 2015-12-10 07:55 - 42583608 _____ C:\Users\Poizoneheart\Downloads\The Weeknd - The Hills (Acapella) .wav
2015-12-08 08:16 - 2015-12-08 08:31 - 442638341 _____ C:\Users\Poizoneheart\Downloads\Kodyak - the place i call home.zip
2015-12-08 08:16 - 2015-12-08 08:18 - 77939139 _____ C:\Users\Poizoneheart\Downloads\Kodyak - the place i call home (1).zip
2015-12-02 08:27 - 2015-12-02 08:33 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Film Noir cinema BLACK (RNDYSVGE track is missing)
2015-12-02 08:24 - 2015-12-02 08:27 - 77953024 _____ C:\Users\Poizoneheart\Downloads\QUIX SAMPLE PACK.zip
2015-12-01 10:00 - 2015-12-01 10:02 - 42110293 _____ C:\Users\Poizoneheart\Downloads\Bones - HermitOfEastGrandRiver.zip
2015-11-30 08:15 - 2015-11-30 08:16 - 24890515 _____ C:\Users\Poizoneheart\Downloads\esta. - Feathers EP.zip
2015-11-28 06:57 - 2006-02-03 17:50 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2015-11-28 06:57 - 2006-02-03 17:50 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-11-27 23:15 - 2015-11-27 23:21 - 239126022 _____ C:\Users\Poizoneheart\Downloads\Forward Stems (Alexander Lewis).zip
2015-11-27 08:06 - 2015-11-27 08:08 - 93704747 _____ C:\Users\Poizoneheart\Downloads\X Drums.zip
2015-11-25 12:13 - 2015-11-25 12:13 - 29259284 _____ C:\Users\Poizoneheart\Downloads\Magtfuld Future House Sound Pack Volume 1.zip
2015-11-25 11:06 - 2015-11-25 11:09 - 34017049 _____ C:\Users\Poizoneheart\Downloads\NoDJ-Raye-Welcome_To_The_Winter.zip
2015-11-25 08:03 - 2015-11-25 08:21 - 423422050 _____ C:\Users\Poizoneheart\Downloads\STYLSS Sample Pack - Volume Two [Nov 2015].zip
2015-11-25 07:19 - 2015-11-25 07:19 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\RevealSound
2015-11-24 11:44 - 2015-11-24 11:51 - 131515931 _____ C:\Users\Poizoneheart\Downloads\Daruma - Vol. 004.zip
2015-11-24 11:44 - 2015-11-24 11:46 - 26107244 _____ C:\Users\Poizoneheart\Downloads\Culpmixtest2.wav
2015-11-24 08:42 - 2015-11-24 08:45 - 29255922 _____ C:\Users\Poizoneheart\Downloads\Capsun Drumkit.zip
2015-11-24 05:32 - 2015-11-24 05:32 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\ElevatedDiagnostics
2015-11-23 06:13 - 2015-11-23 06:17 - 30660095 _____ C:\Users\Poizoneheart\Downloads\QUIX SAMPLE PACK.rar
2015-11-21 15:10 - 2015-11-21 15:10 - 00084679 _____ C:\Users\Poizoneheart\Downloads\DANKOLDSCHOOLREECE.fst
2015-11-21 03:56 - 2015-11-21 04:08 - 67789674 _____ C:\Users\Poizoneheart\Downloads\Ignant_Shit-(DatPiff.com).zip
2015-11-21 03:55 - 2015-11-21 04:11 - 94517704 _____ C:\Users\Poizoneheart\Downloads\Swavey-(DatPiff.com).zip
2015-11-21 03:54 - 2015-11-21 04:04 - 43853657 _____ C:\Users\Poizoneheart\Downloads\Mr_1_Verse_Killah-(DatPiff.com).zip
2015-11-21 03:53 - 2015-11-21 04:12 - 44688088 _____ C:\Users\Poizoneheart\Downloads\Tory_Lanez_One_Verse_One_Hearse.zip
2015-11-21 03:52 - 2015-11-21 04:06 - 85797952 _____ C:\Users\Poizoneheart\Downloads\Just_Landed-(DatPiff.com).zip
2015-11-21 03:49 - 2015-11-21 04:12 - 93855742 _____ C:\Users\Poizoneheart\Downloads\Tory Lanez - Lost Cause - HotNewHipHop.zip
2015-11-21 03:49 - 2015-11-21 04:10 - 96252871 _____ C:\Users\Poizoneheart\Downloads\Tory Lanez - Conflicts Of My Soul - HotNewHipHop.zip
2015-11-21 03:32 - 2015-11-21 03:36 - 93258683 _____ C:\Users\Poizoneheart\Downloads\Rozz Dyliams & Purpdogg - The Judas Cradle.zip
2015-11-21 00:42 - 2015-11-21 00:55 - 247548153 _____ C:\Users\Poizoneheart\Downloads\drew the architect - vacive.zip
2015-11-21 00:42 - 2015-11-21 00:44 - 51190516 _____ C:\Users\Poizoneheart\Downloads\drew the architect - vacive (1).zip
2015-11-21 00:37 - 2015-11-21 00:37 - 70425452 _____ C:\Users\Poizoneheart\Desktop\zodivk x king sol.zip
2015-11-20 12:11 - 2015-11-20 12:15 - 79272732 _____ C:\Users\Poizoneheart\Downloads\KOAN_Sound_x_Culprate_x_Asa_x_Opiuo_-_If_You_Hadn_39_t.wav
2015-11-20 09:21 - 2015-11-20 09:26 - 2072249756 _____ C:\Users\Poizoneheart\Downloads\1ada01.rar
2015-11-20 09:15 - 2015-11-20 09:26 - 50284557 _____ C:\Users\Poizoneheart\Downloads\KOAN_Sound_x_Culprate_x_Asa_x_Opiuo_-_If_You_Hadn_39_t.flac
2015-11-19 10:51 - 2015-11-19 11:06 - 58997312 _____ C:\Users\Poizoneheart\Downloads\Sober Rob + lux.impala - Nativity.wav
2015-11-19 10:50 - 2015-11-19 10:53 - 37787552 _____ C:\Users\Poizoneheart\Downloads\goldwater - glaciate.wav
2015-11-19 09:03 - 2015-11-19 09:05 - 2379959847 _____ C:\Users\Poizoneheart\Downloads\teamsesh.zip
2015-11-18 11:27 - 2015-11-18 11:28 - 07613138 _____ C:\Users\Poizoneheart\Downloads\JUST-BLAZE-DRUMS.zip
2015-11-18 06:41 - 2015-11-18 07:05 - 470109269 _____ C:\Users\Poizoneheart\Downloads\Culprate Sample Pack.zip
2015-11-17 08:40 - 2015-11-17 08:41 - 00001331 _____ C:\Users\Poizoneheart\Desktop\soundcloud bio.txt
2015-11-17 08:34 - 2015-11-17 08:36 - 34288706 _____ C:\Users\Poizoneheart\Downloads\Cresce_-_Bad_Habits.wav
2015-11-16 09:16 - 2015-11-19 08:33 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Sorsari - The Farplane
2015-11-15 06:39 - 2015-11-15 06:40 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Tory Lanez - Cruel Intentions
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 15:18 - 2014-03-29 09:53 - 00001184 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 15:14 - 2015-01-10 06:02 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-12-12 15:06 - 2015-08-11 10:00 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-12 14:24 - 2009-07-13 20:45 - 00014848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 14:24 - 2009-07-13 20:45 - 00014848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 14:18 - 2015-01-03 05:40 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Akamai
2015-12-12 14:16 - 2015-08-11 10:00 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-12 14:16 - 2014-03-29 09:53 - 00001180 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 14:15 - 2014-03-29 09:37 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-12 14:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-12 09:10 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-12 09:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-12 08:47 - 2014-08-19 03:57 - 00000402 _____ C:\Windows\Tasks\update-S-1-5-21-345066769-3900799609-3403792336-1001.job
2015-12-12 05:59 - 2014-08-19 03:56 - 00000402 _____ C:\Windows\Tasks\update-sys.job
2015-12-10 10:30 - 2014-03-29 09:54 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 08:35 - 2014-05-22 01:43 - 07271424 ___SH C:\Users\Poizoneheart\Downloads\Thumbs.db
2015-12-02 06:13 - 2014-03-29 09:53 - 00004180 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 06:13 - 2014-03-29 09:53 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 08:40 - 2014-04-21 23:08 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\spek
2015-11-29 08:30 - 2014-05-17 07:39 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\Curse Client
2015-11-28 23:26 - 2015-11-09 00:04 - 05052672 _____ C:\Windows\System32\FNTCACHE.DAT
2015-11-28 08:59 - 2015-11-09 00:06 - 00124432 _____ C:\Users\Poizoneheart\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-28 06:50 - 2014-03-29 09:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-27 23:59 - 2014-04-10 10:43 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Battle.net
2015-11-26 06:37 - 2014-09-12 04:31 - 00001456 _____ C:\Users\Poizoneheart\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-11-24 07:41 - 2015-01-30 14:26 - 00000000 ____D C:\Windows\pss
2015-11-24 07:40 - 2014-03-29 09:52 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Deployment
2015-11-24 07:39 - 2015-08-11 10:06 - 00000000 ___RD C:\Users\Poizoneheart\Dropbox
2015-11-24 07:39 - 2015-08-11 09:59 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Dropbox
2015-11-23 11:38 - 2014-04-23 06:45 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-11-23 11:38 - 2014-04-23 02:05 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-11-22 09:46 - 2014-04-23 02:05 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-11-20 12:12 - 2014-03-29 12:00 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\vlc
 
Some files in TEMP:
====================
C:\Users\Poizoneheart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpznejnx.dll
C:\Users\Poizoneheart\AppData\Local\Temp\_is15C9.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4095.12 MB
Available physical RAM: 3443.41 MB
Total Virtual: 4093.27 MB
Available Virtual: 3438.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:0.41 GB) NTFS
Drive e: () (Fixed) (Total:600.98 GB) (Free:309 GB) NTFS
Drive h: () (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E267E267)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=601 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-12-12 09:41
 
==================== End of FRST.txt ============================

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts

Hello Waves,
 
Download the attached fixlist.txt file and save it on the flashdrive as fixlist.txt

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Please enter System Recovery Options, as we've done previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

After that see if you can boot up normally.

 

If you can, please transfer FRST from your USB stick to the desktop of your computer and run a fresh scan with the Addition box ticked.

 

Copy and paste the Frst.txt and Addition.txt back into the thread here.

Attached Files


  • 0

#5
Waves

Waves

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

I'm posting this from my (now) fixed PC! Thanks for ur help!!! 

 

Can you explain what/how this happened and if i can do anything to prevent it from happening again?


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts

All we have done is revert to an earlier version of the machines registry.

 

Now we really need to finish the cleaning process to try and avoid this happening again. :)

 

Note: When downloading the next two tools choose the @Bleepingcompter green button you see. If you are unable to run JRT.txt just move on to AdwCleaner.

 

Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next

 

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

AdwCleaner.jpg

Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

 

So when you return please post

JRT.txt

AdwCleaner log


  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,024 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: help

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP