Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System recovery boot loop

Started by Pickledsoul , Apr 26 2017 03:29 PM

  • Please log in to reply

#1
Pickledsoul
Posted 26 April 2017 - 03:29 PM

Pickledsoul

    New Member

  • Member
  • Pip
  • 2 posts

I believe it's related to mbamswissarmy.sys corruption. No restore points.

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2017
Ran by SYSTEM on MININT-ONFOF2B (26-04-2017 14:16:10)
Running from f:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs51388835.exe [5138944 2014-02-18] ()
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [VIRTU MVP 2.0] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\MVPControlPanel20.Exe [1238248 2014-04-29] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [D-Link D-Link DWA-566] => C:\Program Files (x86)\D-Link\DWA-566\AirNCFG.exe [1074496 2011-08-12] (D-Link Corp.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-10] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\USIM Editor\iconcs51388835.exe [5138944 2014-02-18] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\Gaming Keyboard\Gaminghid.exe [245760 2010-04-20] ()
HKLM-x32\...\Run: [GamingKeyboardOSD] => C:\Program Files (x86)\Gaming Keyboard\OSD.exe [1797120 2010-04-20] (OSD)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [532200 2014-04-29] (Lucidlogix Inc.)
AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [482536 2014-04-29] (Lucidlogix Inc.)
Startup: C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-05-19]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
GroupPolicy: Restriction <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2014-02-18] ()
S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-06-30] ()
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-04-05] ()
S2 D_Link_DWA-566_WPS; C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe [53248 2010-07-12] ()
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LucidSvc; C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe [20712 2014-04-29] (LucidLogix)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-16] (Electronic Arts)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [743320 2012-10-02] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel® Corporation)
S2 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 athr; C:\Windows\System32\DRIVERS\Dathrx.sys [2798592 2012-03-19] (Atheros Communications, Inc.)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-12] ()
S3 GamingKB; C:\Windows\System32\drivers\GamingKB.sys [24576 2010-04-21] ()
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-29] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-24] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [0 2017-04-26] () <==== ATTENTION (zero byte File/Folder)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-04-26] () <==== ATTENTION (zero byte File/Folder)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [177952 2015-06-12] (Intel Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 Tosrfcom; no ImagePath
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2017-04-24] ()
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-26 14:15 - 2017-04-26 14:16 - 00000000 ____D C:\FRST
2017-04-26 09:47 - 2017-04-26 09:47 - 00000000 _____ C:\Windows\System32\Drivers\0A6B4757.sys
2017-04-26 09:38 - 2017-04-26 09:38 - 00000218 _____ C:\Users\William\AppData\Local\recently-used.xbel
2017-04-26 09:34 - 2017-04-26 09:38 - 645136781 _____ C:\Users\William\Downloads\Factorio.v0.15.0.rar
2017-04-24 09:18 - 2017-04-24 09:18 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2017-04-14 17:49 - 2017-04-14 17:51 - 194953231 _____ C:\Users\William\Downloads\[snahp.it]rick.and.morty.s03e01.720p.hdtv.x265-Snahp.mkv
2017-03-30 16:03 - 2017-03-30 16:03 - 14990142 _____ C:\Users\William\Downloads\The Anarchist Cookbook by William Powell (1971).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-26 10:06 - 2017-01-19 00:06 - 00000274 _____ C:\Windows\Tasks\{79D0B2F9-CA58-53FD-FD93-58D840A7059F}.job
2017-04-26 09:49 - 2017-01-28 14:05 - 00000000 ____D C:\Users\William\Downloads\New folder
2017-04-26 09:47 - 2017-03-22 09:17 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-04-26 09:47 - 2017-03-22 09:17 - 00000000 _____ C:\Windows\System32\Drivers\mbam.sys
2017-04-26 09:33 - 2015-02-16 11:31 - 00000000 ____D C:\Users\William\AppData\Roaming\deluge
2017-04-26 08:32 - 2017-03-22 09:17 - 00082720 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-04-26 01:59 - 2009-07-13 20:45 - 00022656 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-26 01:59 - 2009-07-13 20:45 - 00022656 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-25 18:19 - 2012-10-21 22:22 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-04-24 21:26 - 2016-11-15 10:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-24 09:25 - 2012-10-23 20:28 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-24 09:24 - 2009-07-13 21:13 - 00862168 _____ C:\Windows\System32\PerfStringBackup.INI
2017-04-24 09:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-04-24 09:21 - 2016-11-16 09:18 - 00000000 ____D C:\Users\William\AppData\LocalLow\Mozilla
2017-04-24 09:19 - 2017-03-22 09:17 - 00111544 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-04-24 09:18 - 2012-10-21 22:31 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2017-04-24 09:18 - 2012-10-21 22:22 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-04-24 09:17 - 2012-10-21 23:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-24 09:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-19 23:06 - 2017-01-20 07:00 - 00000318 _____ C:\Users\William\AppData\Roaming\WB.CFG
2017-04-14 17:52 - 2013-01-19 23:33 - 00000000 ____D C:\Users\William\AppData\Roaming\vlc
2017-04-12 14:41 - 2017-03-22 09:17 - 00077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-04-11 17:06 - 2016-11-11 16:29 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 17:06 - 2014-12-19 12:29 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 17:06 - 2014-12-19 12:29 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 17:06 - 2012-10-22 01:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 17:06 - 2012-10-22 01:08 - 00000000 ____D C:\Windows\System32\Macromed
2017-04-11 07:28 - 2014-04-26 13:06 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 07:28 - 2014-04-26 13:06 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-08 12:46 - 2014-12-29 00:38 - 00000000 ____D C:\Users\William\AppData\Roaming\.minecraft
2017-04-08 11:17 - 2015-09-27 21:10 - 00001005 _____ C:\Users\William\Desktop\nativelog.txt
2017-04-08 11:17 - 2014-12-29 00:37 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-04-07 14:06 - 2012-10-21 23:42 - 00532136 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2017-04-05 14:29 - 2014-04-26 13:07 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 09:15 - 2013-03-25 20:28 - 00000000 ____D C:\Users\William\Documents\Camtasia Studio
2017-03-30 16:04 - 2012-12-17 13:13 - 00000000 ____D C:\Program Files\PeerBlock
2017-03-29 10:42 - 2017-03-22 09:18 - 00186304 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys

Files to move or delete:
====================
C:\Windows\Tasks\{79D0B2F9-CA58-53FD-FD93-58D840A7059F}.job


Some files in TEMP:
====================
2017-01-18 20:48 - 2017-01-18 20:48 - 0739904 _____ (Oracle Corporation) C:\Users\William\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-09-20 09:18 - 2016-09-20 09:18 - 6417944 _____ (Black Tree Gaming                                           ) C:\Users\William\AppData\Local\Temp\Nexus Mod Manager-0.62.0.exe
2016-01-21 05:11 - 2016-01-21 05:11 - 6350128 _____ (Black Tree Gaming                                           ) C:\Users\William\AppData\Local\Temp\Nexus%20Mod%20Manager-0.61.6.exe
2016-02-02 14:07 - 2016-02-02 14:09 - 263289648 _____ (AMD Inc.) C:\Users\William\AppData\Local\Temp\tmp8AD1.exe
2016-04-01 16:11 - 2016-04-01 16:11 - 28849904 _____ () C:\Users\William\AppData\Local\Temp\vlc-2.2.1-win32.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8086.02 MB
Available physical RAM: 7221.64 MB
Total Virtual: 8084.17 MB
Available Virtual: 7227.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:1.64 GB) NTFS
Drive f: () (Removable) (Total:14.92 GB) (Free:7.46 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CB39B662)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 73696D20)
No partition Table on disk 1.

LastRegBack: 2017-03-04 00:38

==================== End of FRST.txt ============================


Edited by Pickledsoul, 26 April 2017 - 03:30 PM.

  • 0

Advertisements

#2
zep516
Posted 26 April 2017 - 04:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Download the attached file Attached File  fixlist.txt   1.27KB   190 downloads save it to the same location FRST64 is
  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    Boot in Normal Mode and let me know the outcome.

  • 1

#3
Pickledsoul
Posted 26 April 2017 - 04:48 PM

Pickledsoul

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

First off, you're a lifesaver. thank you.

 

i was able to restore full functionality back to my PC thanks to your script.

 

here is the log, in case you need it:

 

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
GroupPolicy: Restriction <======= ATTENTION
S2 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-24] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [0 2017-04-26] () <==== ATTENTION (zero byte File/Folder)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-04-26] () <==== ATTENTION (zero byte File/Folder)
S3 Tosrfcom; no ImagePath
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
2017-04-26 09:47 - 2017-03-22 09:17 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-04-26 09:47 - 2017-03-22 09:17 - 00000000 _____ C:\Windows\System32\Drivers\mbam.sys
C:\Windows\Tasks\{79D0B2F9-CA58-53FD-FD93-58D840A7059F}.job
Emptytemp:
*****************

CloseProcesses: => Error: This directive works only outside recovery mode.
Error: Restore point can only be created in normal mode.
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. => Error: No automatic fix found for this entry.
C:\Windows\System32\GroupPolicy\Machine => moved successfully
C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\ControlSet001\Services\MBAMService => key removed successfully
MBAMService => service removed successfully
HKLM\System\ControlSet001\Services\MBAMFarflt => key removed successfully
MBAMFarflt => service removed successfully
HKLM\System\ControlSet001\Services\MBAMProtection => key removed successfully
MBAMProtection => service removed successfully
HKLM\System\ControlSet001\Services\MBAMSwissArmy => key removed successfully
MBAMSwissArmy => service removed successfully
HKLM\System\ControlSet001\Services\Tosrfcom => key removed successfully
Tosrfcom => service removed successfully
HKLM\System\ControlSet001\Services\AthBTPort => key removed successfully
AthBTPort => service removed successfully
HKLM\System\ControlSet001\Services\BTATH_A2DP => key removed successfully
BTATH_A2DP => service removed successfully
HKLM\System\ControlSet001\Services\BTATH_BUS => key removed successfully
BTATH_BUS => service removed successfully
HKLM\System\ControlSet001\Services\BTATH_HCRP => key removed successfully
BTATH_HCRP => service removed successfully
HKLM\System\ControlSet001\Services\BTATH_RCP => key removed successfully
BTATH_RCP => service removed successfully
HKLM\System\ControlSet001\Services\BtFilter => key removed successfully
BtFilter => service removed successfully
HKLM\System\ControlSet001\Services\WinRing0_1_2_0 => key removed successfully
WinRing0_1_2_0 => service removed successfully
C:\Windows\System32\Drivers\MBAMSwissArmy.sys => moved successfully
C:\Windows\System32\Drivers\mbam.sys => moved successfully
C:\Windows\Tasks\{79D0B2F9-CA58-53FD-FD93-58D840A7059F}.job => moved successfully
Emptytemp: => Error: This directive works only outside recovery mode.

==== End of Fixlog 15:37:36 ====


  • 0

#4
zep516
Posted 26 April 2017 - 04:53 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Drive c: () (Fixed) (Total:465.66 GB) (Free:1.64 GB) NTFS

Better make some room there. Windows needs at least 15% free space of the total drive, perhaps that's why you do not have any restore points. Windows does not have enough room to create them. Other odd problems can occur because of this.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP