Jump to content

WINDOWS HAS ENCOUNTED AN CRITICAL ERROR RESTART IN 1 MIN.PLEASE SAVE YOUR WORK..... helllllp!


Recommended Posts

  • Replies 116
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

if you have access to another PC and a usb flashdrive run the following on sick PC...

 

Please download Farbar Recovery Scan Tool from here:                                                                   

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:


Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:


Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 


Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Thanks,

 

Kevin..

Link to post
Share on other sites

here it is kelvin

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by SYSTEM on MININT-RNFVF0E on 31-01-2015 13:25:13
Running from c:\
Platform: Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-09] (Malwarebytes Corporation)
HKLM\...\Run: [blueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [843480 2014-12-12] (BlueStack Systems, Inc.)
HKU\computer\...\Run: [DellSystemDetect] => C:\Users\computer\AppData\Local\Apps\2.0\JBBETH9A.1JX\O70ARKZ1.AHV\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-12-12] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-12-12] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [786136 2014-12-12] (BlueStack Systems, Inc.)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-09] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-20] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-20] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2014-12-12] (BlueStack Systems)
S1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-20] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-31] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-20] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-08-07] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S0 vocwrwc; System32\drivers\eknixqwa.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 13:25 - 2015-01-31 13:25 - 00000000 ____D () C:\FRST
2015-01-31 13:25 - 2015-01-31 13:25 - 00000000 _____ () C:\FRST.txt
2015-01-31 13:24 - 2015-01-31 13:01 - 01122304 _____ (Farbar) C:\FRST.exe
2015-01-31 02:26 - 2015-01-31 02:26 - 00000000 _____ () C:\Users\computer\AppData\Local\{67E55F7D-F49F-451F-8C63-3988B333916E}
2015-01-27 14:09 - 2015-01-27 14:09 - 00000000 ____D () C:\Users\computer\AppData\Roaming\TeamViewer
2015-01-27 14:04 - 2015-01-27 14:05 - 00000000 ____D () C:\Windows\coc
2015-01-27 14:03 - 2015-01-31 11:21 - 00000000 ____D () C:\Program Files\LFROBOT
2015-01-26 08:38 - 2015-01-26 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 10:20 - 2015-01-31 03:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-25 10:19 - 2015-01-25 10:19 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-25 10:19 - 2014-11-20 22:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-01-25 10:19 - 2014-11-20 22:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-01-25 10:19 - 2014-11-20 22:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-01-25 10:17 - 2015-01-25 10:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\computer\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 10:12 - 2015-01-25 10:12 - 00466034 __RSH () C:\IWXRF
2015-01-25 10:08 - 2015-01-25 10:08 - 00000000 ____D () C:\Users\computer\Documents\Windows Loader v2.2.2
2015-01-18 11:56 - 2015-01-18 11:56 - 00001767 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-01-18 11:55 - 2015-01-18 11:55 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-01-18 11:55 - 2015-01-18 11:55 - 00000000 ____D () C:\Program Files\BlueStacks
2015-01-18 11:54 - 2015-01-18 11:54 - 00000000 ____D () C:\Users\computer\AppData\Local\Bluestacks
2015-01-18 08:50 - 2015-01-18 08:52 - 13469152 _____ (BlueStack Systems Inc.) C:\Users\computer\Downloads\BlueStacks-SplitInstaller_native_b.exe
2015-01-16 14:38 - 2015-01-16 14:48 - 00000000 ____D () C:\Program Files\WorldWide Web Research
2015-01-16 14:37 - 2015-01-16 14:48 - 00000000 ____D () C:\Program Files\YTDownloader
2015-01-16 14:37 - 2015-01-16 14:48 - 00000000 ____D () C:\Program Files\Open Deployment
2015-01-16 14:36 - 2015-01-16 14:36 - 00000000 ____D () C:\Users\computer\AppData\Local\CrashRpt
2015-01-16 14:26 - 2015-01-16 14:26 - 00000000 ____D () C:\Program Files\download Manager
2015-01-16 14:25 - 2015-01-16 14:48 - 00000000 ____D () C:\Program Files\turbodiagnosis
2015-01-10 07:07 - 2015-01-10 07:07 - 00000000 ____D () C:\Windows\System32\config\RCCBakup
2015-01-10 06:51 - 2015-01-10 07:08 - 00000000 ____D () C:\Users\computer\AppData\Roaming\Solvusoft
2015-01-10 06:50 - 2012-10-15 09:02 - 00017840 _____ (solvusoft) C:\Windows\System32\roboot.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 11:21 - 2014-02-22 12:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-31 11:21 - 2012-09-24 16:36 - 00000000 ____D () C:\Windows\System32\Macromed
2015-01-31 11:21 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\wfp
2015-01-31 11:21 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2015-01-31 04:40 - 2013-12-15 12:27 - 00086409 _____ () C:\Windows\setupact.log
2015-01-31 03:23 - 2012-09-21 07:11 - 00000000 ___RD () C:\users\computer
2015-01-31 02:30 - 2014-07-22 06:00 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-29 11:49 - 2014-10-04 04:08 - 00000000 ____D () C:\Users\computer\AppData\Local\Adobe
2015-01-26 10:58 - 2012-09-21 06:48 - 01833766 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 08:24 - 2009-07-13 20:34 - 00026080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 08:24 - 2009-07-13 20:34 - 00026080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 13:29 - 2010-11-20 13:48 - 00394568 _____ () C:\Windows\PFRO.log
2015-01-25 10:19 - 2014-07-12 07:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-23 16:44 - 2014-01-25 06:27 - 00000000 ____D () C:\Users\computer\AppData\Local\Mozilla
2015-01-18 12:45 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-18 11:56 - 2009-07-13 18:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-18 07:42 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-01-16 14:48 - 2012-09-24 16:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-16 14:48 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
2015-01-16 14:48 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\Msdtc
2015-01-15 11:38 - 2014-08-23 10:16 - 00000000 ____D () C:\Users\computer\AppData\Local\VirtualStore
2015-01-15 11:37 - 2009-07-13 18:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-06 12:25 - 2010-11-20 13:01 - 00781298 _____ () C:\Windows\System32\PerfStringBackup.INI

Files to move or delete:
====================
C:\ProgramData\msvcp100.dll
C:\ProgramData\msvcr100.dll
C:\ProgramData\nss3.dll
C:\Users\Public\AlexaNSISPlugin.780.dll


Some content of TEMP:
====================
C:\Users\computer\AppData\Local\Temp\bcfcabfcccbb.exe
C:\Users\computer\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\computer\AppData\Local\Temp\System.Data.SQLite4f020404-cdf0-4c77-92d5-960c7aa20326.dll
C:\Users\computer\AppData\Local\Temp\Windows 7 Loader V2 2 1 Downloader__3687_i1456938632_il2318885.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-01-11 07:44:39
Restore point made on: 2015-01-13 08:47:28
Restore point made on: 2015-01-15 11:36:59
Restore point made on: 2015-01-15 11:55:23
Restore point made on: 2015-01-16 10:20:18
Restore point made on: 2015-01-16 13:56:30
Restore point made on: 2015-01-16 14:01:40
Restore point made on: 2015-01-16 14:45:54
Restore point made on: 2015-01-16 15:03:59
Restore point made on: 2015-01-17 06:12:13
Restore point made on: 2015-01-18 06:46:55
Restore point made on: 2015-01-18 07:36:57
Restore point made on: 2015-01-18 07:40:06
Restore point made on: 2015-01-18 11:51:42
Restore point made on: 2015-01-20 08:40:48
Restore point made on: 2015-01-23 09:07:27
Restore point made on: 2015-01-26 10:59:34
Restore point made on: 2015-01-30 11:40:14

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3034.36 MB
Available physical RAM: 2600.47 MB
Total Pagefile: 3032.65 MB
Available Pagefile: 2605.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1957.36 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:223.08 GB) (Free:186.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.79 GB) NTFS
Drive g: (MAHMUDUL) (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-12-21 05:25

==================== End Of Log ============================

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Next,

 

Reboot your system, see if windows will load normally, if so run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Thank you,

 

Kevin.....

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-01-2015
Ran by SYSTEM at 2015-01-31 14:24:04 Run:1
Running from c:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
start
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
c:\program files\settings manager\systemk\x64\sysapcrt.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S0 vocwrwc; System32\drivers\eknixqwa.sys [X]
2015-01-10 06:51 - 2015-01-10 07:08 - 00000000 ____D () C:\Users\computer\AppData\Roaming\Solvusoft
2015-01-10 06:50 - 2012-10-15 09:02 - 00017840 _____ (solvusoft) C:\Windows\System32\roboot.exe
C:\ProgramData\msvcp100.dll
C:\ProgramData\msvcr100.dll
C:\ProgramData\nss3.dll
C:\Users\Public\AlexaNSISPlugin.780.dll
C:\Users\computer\AppData\Local\Temp\bcfcabfcccbb.exe
C:\Users\computer\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\computer\AppData\Local\Temp\System.Data.SQLite4f020404-cdf0-4c77-92d5-960c7aa20326.dll
C:\Users\computer\AppData\Local\Temp\Windows 7 Loader V2 2 1 Downloader__3687_i1456938632_il2318885.exe
Emptytemp:
end



*****************
 

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-01-2015
Ran by SYSTEM at 2015-01-31 17:29:39 Run:2
Running from C:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
start
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
c:\program files\settings manager\systemk\x64\sysapcrt.dll
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S0 vocwrwc; System32\drivers\eknixqwa.sys [X]
2015-01-10 06:51 - 2015-01-10 07:08 - 00000000 ____D () C:\Users\computer\AppData\Roaming\Solvusoft
2015-01-10 06:50 - 2012-10-15 09:02 - 00017840 _____ (solvusoft) C:\Windows\System32\roboot.exe
C:\ProgramData\msvcp100.dll
C:\ProgramData\msvcr100.dll
C:\ProgramData\nss3.dll
C:\Users\Public\AlexaNSISPlugin.780.dll
C:\Users\computer\AppData\Local\Temp\bcfcabfcccbb.exe
C:\Users\computer\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\computer\AppData\Local\Temp\System.Data.SQLite4f020404-cdf0-4c77-92d5-960c7aa20326.dll
C:\Users\computer\AppData\Local\Temp\Windows 7 Loader V2 2 1 Downloader__3687_i1456938632_il2318885.exe
Emptytemp:
end



*****************
 

Link to post
Share on other sites

THE FIRST ONE #1 step

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015
Ran by SYSTEM on MININT-9MMA9RT on 31-01-2015 18:17:10
Running from G:\
Platform: Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-09] (Malwarebytes Corporation)
HKLM\...\Run: [blueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [843480 2014-12-12] (BlueStack Systems, Inc.)
HKU\computer\...\Run: [DellSystemDetect] => C:\Users\computer\AppData\Local\Apps\2.0\JBBETH9A.1JX\O70ARKZ1.AHV\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-12-12] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-12-12] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [786136 2014-12-12] (BlueStack Systems, Inc.)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-09] (Malwarebytes Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-20] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-20] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112856 2014-12-12] (BlueStack Systems)
S1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-20] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-31] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-20] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-24] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-08-07] ()
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 13:25 - 2015-01-31 18:17 - 00000000 ____D () C:\FRST
2015-01-31 02:26 - 2015-01-31 02:26 - 00000000 _____ () C:\Users\computer\AppData\Local\{67E55F7D-F49F-451F-8C63-3988B333916E}
2015-01-27 14:09 - 2015-01-27 14:09 - 00000000 ____D () C:\Users\computer\AppData\Roaming\TeamViewer
2015-01-27 14:04 - 2015-01-27 14:05 - 00000000 ____D () C:\Windows\coc
2015-01-27 14:03 - 2015-01-31 11:21 - 00000000 ____D () C:\Program Files\LFROBOT
2015-01-26 08:38 - 2015-01-26 08:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 10:20 - 2015-01-31 03:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-01-25 10:19 - 2015-01-25 10:19 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-25 10:19 - 2014-11-20 22:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-01-25 10:19 - 2014-11-20 22:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-01-25 10:19 - 2014-11-20 22:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-01-25 10:17 - 2015-01-25 10:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\computer\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 10:12 - 2015-01-25 10:12 - 00466034 __RSH () C:\IWXRF
2015-01-25 10:08 - 2015-01-25 10:08 - 00000000 ____D () C:\Users\computer\Documents\Windows Loader v2.2.2
2015-01-18 11:56 - 2015-01-18 11:56 - 00001767 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-01-18 11:55 - 2015-01-18 11:55 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-01-18 11:55 - 2015-01-18 11:55 - 00000000 ____D () C:\Program Files\BlueStacks
2015-01-18 11:54 - 2015-01-18 11:54 - 00000000 ____D () C:\Users\computer\AppData\Local\Bluestacks
2015-01-18 08:50 - 2015-01-18 08:52 - 13469152 _____ (BlueStack Systems Inc.) C:\Users\computer\Downloads\BlueStacks-SplitInstaller_native_b.exe
2015-01-16 14:38 - 2015-01-16 14:48 - 00000000 ____D () C:\Program Files\WorldWide Web Research
2015-01-16 14:37 - 2015-01-16 14:48 - 00000000 ____D () C:\Program Files\YTDownloader
2015-01-16 14:37 - 2015-01-16 14:48 - 00000000 ____D () C:\Program Files\Open Deployment
2015-01-16 14:36 - 2015-01-16 14:36 - 00000000 ____D () C:\Users\computer\AppData\Local\CrashRpt
2015-01-16 14:26 - 2015-01-16 14:26 - 00000000 ____D () C:\Program Files\download Manager
2015-01-16 14:25 - 2015-01-16 14:48 - 00000000 ____D () C:\Program Files\turbodiagnosis
2015-01-10 07:07 - 2015-01-10 07:07 - 00000000 ____D () C:\Windows\System32\config\RCCBakup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 14:24 - 2009-07-13 18:37 - 00000000 ___RD () C:\users\Public
2015-01-31 14:24 - 2009-07-13 18:37 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2015-01-31 11:21 - 2014-02-22 12:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-31 11:21 - 2012-09-24 16:36 - 00000000 ____D () C:\Windows\System32\Macromed
2015-01-31 11:21 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\wfp
2015-01-31 11:21 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2015-01-31 07:51 - 2013-12-15 12:27 - 00086521 _____ () C:\Windows\setupact.log
2015-01-31 03:23 - 2012-09-21 07:11 - 00000000 ___RD () C:\users\computer
2015-01-31 02:30 - 2014-07-22 06:00 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-01-29 11:49 - 2014-10-04 04:08 - 00000000 ____D () C:\Users\computer\AppData\Local\Adobe
2015-01-26 10:58 - 2012-09-21 06:48 - 01833766 _____ () C:\Windows\WindowsUpdate.log
2015-01-26 08:24 - 2009-07-13 20:34 - 00026080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 08:24 - 2009-07-13 20:34 - 00026080 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 13:29 - 2010-11-20 13:48 - 00394568 _____ () C:\Windows\PFRO.log
2015-01-25 10:19 - 2014-07-12 07:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-23 16:44 - 2014-01-25 06:27 - 00000000 ____D () C:\Users\computer\AppData\Local\Mozilla
2015-01-18 12:45 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-18 11:56 - 2009-07-13 18:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-18 07:42 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2015-01-16 14:48 - 2012-09-24 16:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-16 14:48 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
2015-01-16 14:48 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\Msdtc
2015-01-15 11:38 - 2014-08-23 10:16 - 00000000 ____D () C:\Users\computer\AppData\Local\VirtualStore
2015-01-15 11:37 - 2009-07-13 18:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-06 12:25 - 2010-11-20 13:01 - 00781298 _____ () C:\Windows\System32\PerfStringBackup.INI

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2015-01-11 07:44:39
Restore point made on: 2015-01-13 08:47:28
Restore point made on: 2015-01-15 11:36:59
Restore point made on: 2015-01-15 11:55:23
Restore point made on: 2015-01-16 10:20:18
Restore point made on: 2015-01-16 13:56:30
Restore point made on: 2015-01-16 14:01:40
Restore point made on: 2015-01-16 14:45:54
Restore point made on: 2015-01-16 15:03:59
Restore point made on: 2015-01-17 06:12:13
Restore point made on: 2015-01-18 06:46:55
Restore point made on: 2015-01-18 07:36:57
Restore point made on: 2015-01-18 07:40:06
Restore point made on: 2015-01-18 11:51:42
Restore point made on: 2015-01-20 08:40:48
Restore point made on: 2015-01-23 09:07:27
Restore point made on: 2015-01-26 10:59:34
Restore point made on: 2015-01-30 11:40:14

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3034.36 MB
Available physical RAM: 2587.03 MB
Total Pagefile: 3032.65 MB
Available Pagefile: 2595.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.26 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:223.08 GB) (Free:186.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:4.79 GB) NTFS
Drive e: () (CDROM) (Total:4.38 GB) (Free:0 GB) CDFS
Drive g: (MAHMUDUL) (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.


LastRegBack: 2014-12-21 05:25

==================== End Of Log ============================

Link to post
Share on other sites

mmmm, that log shows that the original fix has been completed and bad entries were removed.... We use the last good registry backup, see if that gets the system to boot correctly....

 

Continue as follows:

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Post that log, also see if windows boots correctly.

 

 

Fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.