Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows not running properly


  • Please log in to reply

#31
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

But what does show at the top?  Can I see another screenshot?

 

Go back in to Device Manager.  (Search for device manager and hit Enter)  Right click on your network adapter and Disable.  

 

Not a big fan of driver scanners.  Too much adware.  Select properties on the network adapters then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.

 

I second that, with the driver scanners just getting a little desperate. Will go back into normal mode now to make the adjustments and try and get another screenshot.

 

PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06
 


  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP

That's a REALTEK 8168.  Realtek has been having a lot of problems with their drivers lately.  

 

Their download page is at:

 

http://www.realtek.c...3&GetDown=false

 

tho you may have to look for an older version of the driver if you already have the latest.  

 

IF you run SFC /scannow again (perhaps with the network adapter disabled)  and it still fails then:

 

as soon as you do:

 

Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close notepad.  Close the Command Window.  That may show us what it is having problems with.
 
There is also sfcfix:
 
 
If you run it right after sfc then it sometimes can fix problems.

  • 0

#33
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Sorry the post was too long to post in reply, so I've attached a copy.\

 

SFCFIX:

 

SFCFix version 3.0.0.0 by niemiro.
Start time: 2017-08-06 00:31:35.763
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.




AutoAnalysis::
WARNING: Failed to get store name from identity name with return code 2 for component prnhp004.inf and file Amd64\hpc4500t.dll. File is reported as corrupt by SFC.
CORRUPT: Amd64\hpc4500t.dll of component prnhp004.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnhp004.inf and file Amd64\hpb8500t.dll. File is reported as corrupt by SFC.
CORRUPT: Amd64\hpb8500t.dll of component prnhp004.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnhp004.inf and file Amd64\hpb8500t.vdf. File is reported as corrupt by SFC.
CORRUPT: Amd64\hpb8500t.vdf of component prnhp004.inf.

WARNING: Failed to get store name from identity name with return code 2 for component ntprint.inf and file Amd64\UNIDRV.DLL. File is reported as corrupt by SFC.
CORRUPT: Amd64\UNIDRV.DLL of component ntprint.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnhp003.inf and file Amd64\hpfspw71.rpo. File is reported as corrupt by SFC.
CORRUPT: Amd64\hpfspw71.rpo of component prnhp003.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnep00l.inf and file Amd64\EP0LVRA5.DLL. File is reported as corrupt by SFC.
CORRUPT: Amd64\EP0LVRA5.DLL of component prnep00l.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnca00b.inf and file Amd64\CNBJ3460.TBL. File is reported as corrupt by SFC.
CORRUPT: Amd64\CNBJ3460.TBL of component prnca00b.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnca00b.inf and file Amd64\CNBJ3030.TBL. File is reported as corrupt by SFC.
CORRUPT: Amd64\CNBJ3030.TBL of component prnca00b.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnca00a.inf and file Amd64\CNBJ3260.TBL. File is reported as corrupt by SFC.
CORRUPT: Amd64\CNBJ3260.TBL of component prnca00a.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnsh002.inf and file Amd64\SH_1_RES.DLL. File is reported as corrupt by SFC.
CORRUPT: Amd64\SH_1_RES.DLL of component prnsh002.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnbr002.inf and file Amd64\brio06ab.bcm. File is reported as corrupt by SFC.
CORRUPT: Amd64\brio06ab.bcm of component prnbr002.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnhp005.inf and file Amd64\hpfvp6en.rpo. File is reported as corrupt by SFC.
CORRUPT: Amd64\hpfvp6en.rpo of component prnhp005.inf.

WARNING: Failed to get store name from identity name with return code 2 for component prnhp005.inf and file Amd64\hp8500at.dll. File is reported as corrupt by SFC.
CORRUPT: Amd64\hp8500at.dll of component prnhp005.inf.



WARNING: File C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_7.1.7601.16398_none_4c74c95d487eb914\types.ps1xml was not backed up as that would replace the current backup.
FIXED: Corruption at C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_7.1.7601.16398_none_4c74c95d487eb914\types.ps1xml has been successfully repaired from C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml.


CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_fbf16a81c9f1ea8f\user32.amx
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_064614d3fe52ac8a\user32.amx
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_fbf16a81c9f1ea8f\advapi32.amx
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7601.17514_none_916b7987c832cdee\MCEWMDRMNDBootstrap.dll
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-ehome-disp-calibration_31bf3856ad364e35_6.1.7600.16385_none_3855776f8128d121\SS51.dvr-ms
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-i..nese-domainlexicons_31bf3856ad364e35_6.1.7600.16385_none_4475ba47a78dc96f\PINTLGDM.IMD
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.23572_none_b7f0903530e7e229\IMTCTC.CHM
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.23572_none_b7f0903530e7e229\IMTCEN.CHM
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_76e39d87a834545e\dccw.exe
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\WinMail.exe
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025\msdt.exe
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-n..rity-domain-clients_31bf3856ad364e35_6.1.7601.17514_none_7900814808d54728\ipsecsnp.dll
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-netcorehelperclasses_31bf3856ad364e35_6.1.7601.17964_none_40183b629449ca7e\netcorehc.dll
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-parentalcontrolspanel_31bf3856ad364e35_6.1.7601.17514_none_ff675a2d4d66d4bc\wpccpl.dll
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdclt.exe
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4\TabletPC.cpl
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7601.17514_none_fa6a47c21b85ab79\wlansec.dll
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-wlanui_31bf3856ad364e35_6.1.7601.17514_none_cab225b60372e411\wlanui.dll
CORRUPT: C:\Windows\winsxs\amd64_microsoft-windows-wpd-status_31bf3856ad364e35_6.1.7601.17514_none_6a89387bf013b2bb\PortableDeviceStatus.dll
CORRUPT: C:\Windows\winsxs\amd64_oxpsconverter_31bf3856ad364e35_6.1.7601.17933_none_0804e1f7c5c64bf1\OxpsConverter.exe
CORRUPT: C:\Windows\winsxs\amd64_wpf-uiautomationclientsideproviders_31bf3856ad364e35_6.1.7600.16385_none_b0b1020c6817631f\UIAutomationClientsideProviders.dll
CORRUPT: C:\Windows\winsxs\msil_microsoft.powershell.commands.management_31bf3856ad364e35_7.1.7601.16398_none_e2fdfab6146517b0\Microsoft.PowerShell.Commands.Management.dll
CORRUPT: C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_7.1.7601.16398_none_3b5873aeacf5d475\wbemcore.dll
CORRUPT: C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-appmgr_31bf3856ad364e35_6.1.7601.17514_none_fcc0c5ed143b8eb0\appmgr.dll
CORRUPT: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\WMIMigrationPlugin.dll
CORRUPT: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.1.7600.16385_none_0f472a3521bdcfd4\mswstr10.dll
CORRUPT: C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetvba_31bf3856ad364e35_6.1.7600.16385_none_7568a7acf374dfed\expsrv.dll
CORRUPT: C:\Windows\winsxs\x86_microsoft-windows-p..ellextensionhandler_31bf3856ad364e35_6.1.7600.16385_none_fb76df1af3b240bf\XPSSHHDR.dll
CORRUPT: C:\Windows\winsxs\x86_microsoft-windows-systemcpl_31bf3856ad364e35_6.1.7601.17514_none_e2dcde6fbc50dc4f\systemcpl.dll
CORRUPT: C:\Windows\winsxs\x86_microsoft.ink_31bf3856ad364e35_1.7.7600.16385_none_c87c51e0123d40da\Microsoft.Ink.dll
CORRUPT: C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_d024215ad264fb95\bthport.sys
CORRUPT: C:\Windows\winsxs\amd64_adpahci.inf_31bf3856ad364e35_6.1.7600.16385_none_c03269cd9f4f5ed2\adpahci.sys
CORRUPT: C:\Windows\winsxs\amd64_mdmcxpv6.inf_31bf3856ad364e35_6.1.7600.16385_none_1f3c6efc8093e1d7\VSTDPV6.SYS
CORRUPT: C:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f\VSTDPV6.SYS
CORRUPT: C:\Windows\winsxs\amd64_netnvm64.inf_31bf3856ad364e35_6.1.7600.16385_none_2a8cc318dd2573b8\nvm62x64.sys
CORRUPT: C:\Windows\winsxs\amd64_wialx003.inf_31bf3856ad364e35_6.1.7600.16385_none_052cf8278181a4b2\lxa2usb1.DLL


SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     50
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        1
   SURT total detected corruption count:          0
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 6 datablocks.
Finish time: 2017-08-06 00:33:48.171
----------------------EOF-----------------------

Attached Files

  • Attached File  1.txt   325.37KB   266 downloads

Edited by Bosscoe, 05 August 2017 - 08:34 AM.

  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP

50 corrupt files.  Not good. No wonder it's unhappy.   We can try to replace the files.  First let's look at a bunch of them with FRST.  Copy the next line:

adpahci.sys;bthport.sys;VSTDPV6.SYS;VSTDPV6.SYS;user32.amx;advapi32.amx;MCEWMDRMNDBootstrap.dll;SS51.dvr-ms;PINTLGDM.IMD;dccw.exe;WinMail.exe;msdt.exe;systemcpl.dll

Start up FRST (right click and Run As Admin)  Hit Search Files.  You will get one log.  Please copy and paste it into a Reply (or attach)


  • 0

#35
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

50 corrupt files.  Not good. No wonder it's unhappy.   We can try to replace the files.  First let's look at a bunch of them with FRST.  Copy the next line:

adpahci.sys;bthport.sys;VSTDPV6.SYS;VSTDPV6.SYS;user32.amx;advapi32.amx;MCEWMDRMNDBootstrap.dll;SS51.dvr-ms;PINTLGDM.IMD;dccw.exe;WinMail.exe;msdt.exe;systemcpl.dll

Start up FRST (right click and Run As Admin)  Hit Search Files.  You will get one log.  Please copy and paste it into a Reply (or attach)

 

My apologies, but I dont understand what FRST is?


  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP

OOPS.  Forgot we weren't in the malware forum where FRST is the first thing we run.  

 

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  64 bit
Right click to run as administrator. When the tool opens click Yes to disclaimer. 
 
Then you can copy and paste in the list of files from my last post.

  • 0

#37
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Thank you, had me searching on google for windows abbreviations lol.

 

Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Bosscoe (06-08-2017 01:39:47)
Running from F:\Firefox Downloads\Firefox Downloads
Boot Mode: Safe Mode (with Networking)

================== Search Files: "adpahci.sys;bthport.sys;VSTDPV6.SYS;VSTDPV6.SYS;user32.amx;advapi32.amx;MCEWMDRMNDBootstrap.dll;SS51.dvr-ms;PINTLGDM.IMD;dccw.exe;WinMail.exe;msdt.exe;systemcpl.dll" =============

C:\Windows\winsxs\x86_microsoft-windows-systemcpl_31bf3856ad364e35_6.1.7601.17514_none_e2dcde6fbc50dc4f\systemcpl.dll
[2010-11-21 13:24][2010-11-21 13:24] 000410624 _____ () BD0856633932B448BB5C4541D9B5AD77 [File not signed]

C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe
[2009-07-14 09:42][2009-07-14 11:14] 000396800 ___SH (Microsoft Corporation) 2BF10B03F6845661ED8BD58A8CB34B2F [File is digitally signed]

C:\Windows\winsxs\x86_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7601.17514_none_354cde040fd55cb8\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:25][2010-11-21 13:25] 000312168 _____ (Microsoft Corporation) 477B711EBF491226FA40301290F66BAC [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0bcbfdec6b984220\msdt.exe
[2009-07-14 09:20][2009-07-14 11:14] 000983040 _____ (Microsoft Corporation) F67A64C46DE10425045AF682802F5BA6 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_813847d9dc951659\dccw.exe
[2009-07-14 09:25][2009-07-14 11:14] 000868352 _____ (Microsoft Corporation) 12E8D1D2F8C3C7DF6E2C8ED37217B5DE [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_064614d3fe52ac8a\advapi32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000442806 _____ () 3148A5F50BE18B943970355D131C3749 [File is digitally signed]

C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_064614d3fe52ac8a\user32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000367164 _____ () 55A7E6BEF79845734555FCE56B166907 [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-systemcpl_31bf3856ad364e35_6.1.7601.17514_none_3efb79f374ae4d85\systemcpl.dll
[2010-11-21 13:24][2010-11-21 13:24] 000419840 _____ (Microsoft Corporation) BB074F35B49EB2EA416962B596281E1E [File is digitally signed]

C:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025\msdt.exe
[2009-07-14 09:32][2009-07-14 11:39] 001076736 _____ () 1288607B99A457B01FAC4727110323D0 [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\WinMail.exe
[2009-07-14 09:58][2009-07-14 11:39] 000398848 ___SH () FFA42C35C0922480C32673E86DEBB8D6 [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_76e39d87a834545e\dccw.exe
[2009-07-14 09:38][2009-07-14 11:39] 000881664 _____ () E543B9DAD7842AF38682FBB03DE4F43D [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-i..nese-domainlexicons_31bf3856ad364e35_6.1.7600.16385_none_4475ba47a78dc96f\PINTLGDM.IMD
[2009-07-14 06:24][2009-06-11 07:02] 000328419 _____ () 9DCCEF92DF6C804917F0F572FD4EC897 [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-ehome-disp-calibration_31bf3856ad364e35_6.1.7600.16385_none_3855776f8128d121\SS51.dvr-ms
[2009-07-14 08:25][2009-06-11 07:04] 000657931 _____ () 22FF3C74022A9D212E34EF95FE5E8DE9 [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7601.17514_none_916b7987c832cdee\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:24][2010-11-21 13:24] 000433512 _____ () B2B6903323CE40642BF31802E400EDB9 [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_fbf16a81c9f1ea8f\advapi32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000443820 _____ () 5A811F0E145FB7614529DA8563F14B90 [File not signed]

C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_fbf16a81c9f1ea8f\user32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000342524 _____ () 86B0FCB3A65589412CF2FC215B8A9DB0 [File not signed]

C:\Windows\winsxs\amd64_mdmcxpv6.inf_31bf3856ad364e35_6.1.7600.16385_none_1f3c6efc8093e1d7\VSTDPV6.SYS
[2009-07-14 08:04][2009-06-11 07:01] 001485312 _____ () 6664574150AE7966BBB3F5D861C2E691 [File not signed]

C:\Windows\winsxs\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.1.7600.16385_none_064a4eb4ec0af80f\VSTDPV6.SYS
[2009-07-14 08:04][2009-06-11 07:01] 001485312 _____ () 6664574150AE7966BBB3F5D861C2E691 [File not signed]

C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8\bthport.sys
[2012-08-16 02:25][2012-07-07 05:58] 000552960 _____ (Microsoft Corporation) F4199097323B13F0D4976FB410673177 [File is digitally signed]

C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_d024215ad264fb95\bthport.sys
[2012-08-16 02:25][2012-07-07 06:07] 000552960 _____ () E4C7C667EFCD16150D9180E71F2504D1 [File not signed]

C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\bthport.sys
[2010-11-21 13:23][2010-11-21 13:23] 000552448 _____ () 26383832436110A5FF669A183BC187C6 [File not signed]

C:\Windows\winsxs\amd64_adpahci.inf_31bf3856ad364e35_6.1.7600.16385_none_c03269cd9f4f5ed2\adpahci.sys
[2009-07-14 07:59][2009-07-14 11:52] 000339536 _____ () 14739DDB48A2A80E51B29437419D91FE [File not signed]

C:\Windows\SysWOW64\dccw.exe
[2009-07-14 09:25][2009-07-14 11:14] 000868352 _____ (Microsoft Corporation) 12E8D1D2F8C3C7DF6E2C8ED37217B5DE [File is digitally signed]

C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:25][2010-11-21 13:25] 000312168 _____ (Microsoft Corporation) 477B711EBF491226FA40301290F66BAC [File is digitally signed]

C:\Windows\SysWOW64\msdt.exe
[2009-07-14 09:20][2009-07-14 11:14] 000983040 _____ (Microsoft Corporation) F67A64C46DE10425045AF682802F5BA6 [File is digitally signed]

C:\Windows\SysWOW64\systemcpl.dll
[2010-11-21 13:24][2010-11-21 13:24] 000410624 _____ () BD0856633932B448BB5C4541D9B5AD77 [File not signed]

C:\Windows\SysWOW64\manifeststore\advapi32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000442806 _____ () 3148A5F50BE18B943970355D131C3749 [File is digitally signed]

C:\Windows\SysWOW64\manifeststore\user32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000367164 _____ () 55A7E6BEF79845734555FCE56B166907 [File not signed]

C:\Windows\System32\dccw.exe
[2009-07-14 09:38][2009-07-14 11:39] 000881664 _____ () E543B9DAD7842AF38682FBB03DE4F43D [File not signed]

C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:24][2010-11-21 13:24] 000433512 _____ () B2B6903323CE40642BF31802E400EDB9 [File not signed]

C:\Windows\System32\msdt.exe
[2009-07-14 09:32][2009-07-14 11:39] 001076736 _____ () 1288607B99A457B01FAC4727110323D0 [File not signed]

C:\Windows\System32\systemcpl.dll
[2010-11-21 13:24][2010-11-21 13:24] 000419840 _____ (Microsoft Corporation) BB074F35B49EB2EA416962B596281E1E [File is digitally signed]

C:\Windows\System32\manifeststore\advapi32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000443820 _____ () 5A811F0E145FB7614529DA8563F14B90 [File not signed]

C:\Windows\System32\manifeststore\user32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000342524 _____ () 86B0FCB3A65589412CF2FC215B8A9DB0 [File not signed]

C:\Windows\System32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\VSTDPV6.SYS
[2009-07-14 08:04][2009-06-11 07:01] 001485312 _____ () 6664574150AE7966BBB3F5D861C2E691 [File not signed]

C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\VSTDPV6.SYS
[2009-07-14 08:04][2009-06-11 07:01] 001485312 _____ () 6664574150AE7966BBB3F5D861C2E691 [File not signed]

C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\bthport.sys
[2010-11-21 13:23][2010-11-21 13:23] 000552448 _____ () 26383832436110A5FF669A183BC187C6 [File not signed]

C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
[2012-08-16 02:25][2012-07-07 06:07] 000552960 _____ () E4C7C667EFCD16150D9180E71F2504D1 [File not signed]

C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\adpahci.sys
[2009-07-14 07:59][2009-07-14 11:52] 000339536 _____ () 14739DDB48A2A80E51B29437419D91FE [File not signed]

C:\Windows\System32\drivers\adpahci.sys
[2009-07-14 07:59][2009-07-14 11:52] 000339536 _____ (Adaptec, Inc.) 597F78224EE9224EA1A13D6350CED962 [File is digitally signed]

C:\Windows\IME\IMESC5\DICTS\PINTLGDM.IMD
[2009-07-14 06:24][2009-06-11 07:02] 000328419 _____ () 9DCCEF92DF6C804917F0F572FD4EC897 [File not signed]

C:\Windows\ehome\SS51.dvr-ms
[2009-07-14 08:25][2009-06-11 07:04] 000657931 _____ () 22FF3C74022A9D212E34EF95FE5E8DE9 [File not signed]

C:\Program Files (x86)\Windows Mail\WinMail.exe
[2009-07-14 09:42][2009-07-14 11:14] 000396800 ___SH (Microsoft Corporation) 2BF10B03F6845661ED8BD58A8CB34B2F [File is digitally signed]

C:\Program Files\Windows Mail\WinMail.exe
[2009-07-14 09:58][2009-07-14 11:39] 000398848 ___SH () FFA42C35C0922480C32673E86DEBB8D6 [File not signed]

====== End of Search ======


Edited by Bosscoe, 05 August 2017 - 09:41 AM.

  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP

Let's do a trial to see if we can replace the files with those from my PC.  I think we will start with these since they are in System32 which means they are 64 bit files:

 

C:\Windows\System32\dccw.exe
[2009-07-14 09:38][2009-07-14 11:39] 000881664 _____ () E543B9DAD7842AF38682FBB03DE4F43D [File not signed]

C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:24][2010-11-21 13:24] 000433512 _____ () B2B6903323CE40642BF31802E400EDB9 [File not signed]

C:\Windows\System32\msdt.exe
[2009-07-14 09:32][2009-07-14 11:39] 001076736 _____ () 1288607B99A457B01FAC4727110323D0 [File not signed]

 

 

You can see they all say File Not Signed.  On mine they say [File is digitally signed].  I'm going to give you the three files in zipped format.

 

 

 Download, Save then right click on each and Extract All, (point to C:\Temp), Extract.  It's important that the files be in C:\Temp as that is where FRST will look for them when I tell it to replace the files.  Then download the attached fixlist.txt file to the same location where you put FRST.

 

 

 Right click on FRST and Run as Admin then hit the FIX button.  (It may need to reboot in order to replace the files.) If it doesn't reboot then reboot anyway to make sure the copies survive a reboot.   Then copy the next line:

msdt.exe;MCEWMDRMNDBootstrap.dll;dccw.exe

Paste it into the FRST Search Box and hit Search Files.  


  • 0

#39
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Bosscoe (06-08-2017 09:34:21)
Running from F:\Firefox Downloads\Firefox Downloads
Boot Mode: Safe Mode (with Networking)

================== Search Files: "msdt.exe;MCEWMDRMNDBootstrap.dll;dccw.exe" =============

C:\Windows\winsxs\x86_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7601.17514_none_354cde040fd55cb8\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:25][2010-11-21 13:25] 000312168 _____ (Microsoft Corporation) 477B711EBF491226FA40301290F66BAC

C:\Windows\winsxs\wow64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0bcbfdec6b984220\msdt.exe
[2009-07-14 09:20][2009-07-14 11:14] 000983040 _____ (Microsoft Corporation) F67A64C46DE10425045AF682802F5BA6

C:\Windows\winsxs\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_813847d9dc951659\dccw.exe
[2009-07-14 09:25][2009-07-14 11:14] 000868352 _____ (Microsoft Corporation) 12E8D1D2F8C3C7DF6E2C8ED37217B5DE

C:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025\msdt.exe
[2009-07-14 09:32][2009-07-14 11:39] 001076736 _____ () 1288607B99A457B01FAC4727110323D0

C:\Windows\winsxs\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_76e39d87a834545e\dccw.exe
[2009-07-14 09:38][2009-07-14 11:39] 000881664 _____ () E543B9DAD7842AF38682FBB03DE4F43D

C:\Windows\winsxs\amd64_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7601.17514_none_916b7987c832cdee\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:24][2010-11-21 13:24] 000433512 _____ () B2B6903323CE40642BF31802E400EDB9

C:\Windows\SysWOW64\dccw.exe
[2009-07-14 09:25][2009-07-14 11:14] 000868352 _____ (Microsoft Corporation) 12E8D1D2F8C3C7DF6E2C8ED37217B5DE

C:\Windows\SysWOW64\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:25][2010-11-21 13:25] 000312168 _____ (Microsoft Corporation) 477B711EBF491226FA40301290F66BAC

C:\Windows\SysWOW64\msdt.exe
[2009-07-14 09:20][2009-07-14 11:14] 000983040 _____ (Microsoft Corporation) F67A64C46DE10425045AF682802F5BA6

C:\Windows\System32\dccw.exe
[2009-07-14 09:38][2009-07-13 21:39] 000881664 ____C (Microsoft Corporation) A46CEE731351EB4146DB8E8A63A5C520

C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2010-11-21 13:24][2010-11-20 23:24] 000433512 ____C (Microsoft Corporation) 89C92686DED63EEAF1DB03F97A1898F2

C:\Windows\System32\msdt.exe
[2009-07-14 09:32][2009-07-13 21:39] 001076736 ____C (Microsoft Corporation) AECB7B09566B1F83F61D5A4B44AE9C7E

====== End of Search ======


  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP

Looked like it worked OK.  Tho I wonder why we didn't get the note about being signed this time.

 

Guess we can do a few more.

 

 

Same procedure as before but don't bother rebooting.  This time after you finish do sfc /scannnow again followed by sfcfix and post the sfcfix log

 

Let's make sure this is doing some good.

 

 

 


  • 0

Advertisements


#41
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Bosscoe (06-08-2017 11:06:09) Run:5
Running from F:\Firefox Downloads\Firefox Downloads
Loaded Profiles: Bosscoe (Available Profiles: Bosscoe & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Move: C:\Temp\adpahci.sys C:\Windows\System32\adpahci.sys
Move: C:\Temp\advapi32.amx  C:\Windows\System32\advapi32.amx
Move: C:\Temp\user32.amx  C:\Windows\System32\user32.amx
Move: C:\Temp\systemcpl.dll  C:\Windows\System32\systemcpl.dll


*****************

C:\Windows\System32\adpahci.sys => moved successfully
"C:\Temp\adpahci.sys" moved successfully to C:\Windows\System32\adpahci.sys
C:\Windows\System32\advapi32.amx => moved successfully
"C:\Temp\advapi32.amx " moved successfully to C:\Windows\System32\advapi32.amx
"C:\Temp\user32.amx " moved successfully to C:\Windows\System32\user32.amx
C:\Windows\System32\systemcpl.dll => moved successfully
"C:\Temp\systemcpl.dll " moved successfully to C:\Windows\System32\systemcpl.dll

==== End of Fixlog 11:06:09 ====


  • 0

#42
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Bosscoe (06-08-2017 11:08:06)
Running from F:\Firefox Downloads\Firefox Downloads
Boot Mode: Safe Mode (with Networking)

================== Search Files: "adpahci.sys;advapi32.amxl;user32.amx;systemcpl.dll" =============

C:\Windows\winsxs\x86_microsoft-windows-systemcpl_31bf3856ad364e35_6.1.7601.17514_none_e2dcde6fbc50dc4f\systemcpl.dll
[2010-11-21 13:24][2010-11-21 13:24] 000410624 _____ () BD0856633932B448BB5C4541D9B5AD77

C:\Windows\winsxs\wow64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_064614d3fe52ac8a\user32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000367164 _____ () 55A7E6BEF79845734555FCE56B166907

C:\Windows\winsxs\amd64_microsoft-windows-systemcpl_31bf3856ad364e35_6.1.7601.17514_none_3efb79f374ae4d85\systemcpl.dll
[2010-11-21 13:24][2010-11-21 13:24] 000419840 _____ (Microsoft Corporation) BB074F35B49EB2EA416962B596281E1E

C:\Windows\winsxs\amd64_microsoft-windows-a..structure-manifests_31bf3856ad364e35_6.1.7601.17514_none_fbf16a81c9f1ea8f\user32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000342524 _____ () 86B0FCB3A65589412CF2FC215B8A9DB0

C:\Windows\winsxs\amd64_adpahci.inf_31bf3856ad364e35_6.1.7600.16385_none_c03269cd9f4f5ed2\adpahci.sys
[2009-07-14 07:59][2009-07-14 11:52] 000339536 _____ () 14739DDB48A2A80E51B29437419D91FE

C:\Windows\SysWOW64\systemcpl.dll
[2010-11-21 13:24][2010-11-21 13:24] 000410624 _____ () BD0856633932B448BB5C4541D9B5AD77

C:\Windows\SysWOW64\manifeststore\user32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000367164 _____ () 55A7E6BEF79845734555FCE56B166907

C:\Windows\System32\adpahci.sys
[2017-08-06 10:56][2009-07-13 21:52] 000339536 ____C (Adaptec, Inc.) 597F78224EE9224EA1A13D6350CED962

C:\Windows\System32\systemcpl.dll
[2010-11-21 13:24][2010-11-20 23:24] 000410624 ____C (Microsoft Corporation) 4AC64014668BB2B4834A66B73406AB63

C:\Windows\System32\user32.amx
[2017-08-06 10:56][2010-11-20 23:24] 000342524 ____C () 2FFFCC20E95D9DF2A4046328F6BB7AEC

C:\Windows\System32\manifeststore\user32.amx
[2010-11-21 13:24][2010-11-21 13:24] 000342524 _____ () 86B0FCB3A65589412CF2FC215B8A9DB0

C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\adpahci.sys
[2009-07-14 07:59][2009-07-14 11:52] 000339536 _____ () 14739DDB48A2A80E51B29437419D91FE

C:\Windows\System32\drivers\adpahci.sys
[2009-07-14 07:59][2009-07-14 11:52] 000339536 _____ (Adaptec, Inc.) 597F78224EE9224EA1A13D6350CED962

====== End of Search ======


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,367 posts
  • MVP

 I messed up that time.  Can you repeat the last 4 with this fixlist:  

 

 

You may have to reextract the files from the zips as I think FRST moves the files from the Temp folder.

 

 


  • 0

#44
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Bosscoe (06-08-2017 11:23:04) Run:7
Running from F:\Firefox Downloads\Firefox Downloads
Loaded Profiles: Bosscoe (Available Profiles: Bosscoe & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Move: C:\Temp\systemcpl.dll C:\Windows\SysWOW64\systemcpl.dll
Move: C:\Temp\advapi32.amx  :\Windows\System32\manifeststore\advapi32.amx
Move: C:\Temp\user32.amx  C:\Windows\System32\manifeststore\user32.amx
Move: C:\Temp\adpahci.sys C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\adpahci.sys




*****************

C:\Windows\SysWOW64\systemcpl.dll => moved successfully
"C:\Temp\systemcpl.dll" moved successfully to C:\Windows\SysWOW64\systemcpl.dll
"Move: C:\Temp\advapi32.amx  :\Windows\System32\manifeststore\advapi32.amx" => not found
C:\Windows\System32\manifeststore\user32.amx => moved successfully
"C:\Temp\user32.amx " moved successfully to C:\Windows\System32\manifeststore\user32.amx
C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\adpahci.sys => moved successfully
"C:\Temp\adpahci.sys" moved successfully to C:\Windows\System32\DriverStore\FileRepository\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\adpahci.sys

==== End of Fixlog 11:23:04 ====

 

Just adding C: to advapi32.amx now


Edited by Bosscoe, 05 August 2017 - 07:26 PM.

  • 0

#45
Bosscoe

Bosscoe

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts

C:\Windows\System32\manifeststore\advapi32.amx => moved successfully
"C:\Temp\advapi32.amx" moved successfully to C:\Windows\System32\manifeststore\advapi32.amx


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP