Jump to content

CAN'T BOOT COMPUTER! mbamswissarmy.sys


Recommended Posts

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to access Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC only when you accessed the Recovery Environment....

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.01.2019
Ran by SYSTEM on MININT-5C4U37I (26-01-2019 17:24:29)
Running from E:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-09] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-06-03] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407968 2013-06-03] (MSI)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2018-01-04] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [488240 2016-04-07] (IVT Corporation)
HKLM-x32\...\Run: [NETGEAR USB Control Center] => C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe [4114944 2013-07-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] C:\Windows\system32\0 [0 2017-07-16] ()
HKU\rick.brower\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\rick.brower\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4596904 2016-08-12] (Fitbit, Inc.)
HKU\rick.brower\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\rick.brower\...\Run: [Google Update] => C:\Users\rick.brower\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-16] (Google Inc.)
HKU\rick.brower\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-10-19] (Apple Inc.)
HKU\rick.brower\...\Run: [Spotify Web Helper] => C:\Users\rick.brower\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-04-22] (Spotify Ltd)
HKU\rick.brower\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5852920 2018-05-02] (NordVPN)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [171384 2017-07-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [149224 2017-07-18] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll IVTCredentialProvider

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-03-07] (SUPERAntiSpyware.com)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-19] (Adobe Systems Incorporated)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [4037424 2016-04-25] (IVT Corporation)
S3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [160560 2016-04-07] (IVT Corporation)
S3 CoordinatorServiceHost; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe [81304 2017-04-20] (Dassault Systèmes SolidWorks Corporation)
S2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [384512 2016-06-27] (Digital Wave Ltd.)
S2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical (2)\server\EwServer.exe [184368 2017-04-19] ()
S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5911720 2016-08-12] (Fitbit, Inc.)
S2 Fog Service; C:\Program Files (x86)\FOG\FOGService.exe [10752 2011-06-15] (FOG)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S2 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [880296 2017-04-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372416 2016-09-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [430840 2018-05-02] ()
S2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation (2)\binCFW\remotesolverdispatcherservice.exe [240136 2017-04-19] (Mentor Graphics Corporation)
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2016-09-23] (Microsoft Corporation)
S2 SWVisualize2017.Queue.Server; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe [26008 2017-04-20] (Dassault Systèmes)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41184 2013-10-08] (IVT Corporation)
S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [28456 2014-10-16] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [53776 2016-01-25] (IVT Corporation.)
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [22568 2014-08-12] (IVT Corporation.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25824 2014-05-06] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
S3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-02-19] (Qualcomm Atheros, Inc.)
S2 LJPortNT; C:\Windows\System32\drivers\LJPortNT.sys [11776 2009-11-10] (LJ Create)
S2 LJPortNT; C:\Windows\SysWOW64\drivers\LJPortNT.sys [10752 2009-11-10] (LJ Create)
S3 MAUSBMOBILEPRE; C:\Windows\System32\DRIVERS\MAudioMobilePre.sys [187912 2009-09-02] (Avid Technology, Inc.)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2018-07-15] (Malwarebytes)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2015-10-28] (MediaMall Technologies, Inc.)
S3 NetgearUDSMBus; C:\Windows\System32\drivers\netgearUDSMBus.sys [113888 2013-07-25] (Windows (R) Codename Longhorn DDK provider)
S3 NetgearUDSMBus; C:\Windows\SysWOW64\drivers\netgearUDSMBus.sys [92160 2012-06-15] (Windows (R) Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\System32\drivers\netgearUDSTcpBus.sys [193248 2013-07-25] (Windows (R) Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\SysWOW64\drivers\netgearUDSTcpBus.sys [153600 2012-06-15] (Windows (R) Codename Longhorn DDK provider)
S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3434976 2014-04-16] (Intel Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-18] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48064 2017-07-18] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-07-18] (NVIDIA Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
S3 TSVAD_PCM; C:\Windows\System32\drivers\tsvadpcm.sys [33552 2016-02-09] (Windows (R) Win 7 DDK provider)
S3 ASUSU7; system32\DRIVERS\ASUSU7.SYS [X]
S2 MediaMall Server; no ImagePath
S3 RSPCIESTOR; system32\DRIVERS\RtsPStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-26 17:24 - 2019-01-26 17:24 - 000000000 ____D C:\FRST

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-26 17:19 - 2018-05-08 01:15 - 000000000 ____D C:\Program Files (x86)\NordVPN
2019-01-26 17:19 - 2017-09-26 01:26 - 000000000 ____D C:\Users\rick.brower\AppData\Roaming\NordVPN
2019-01-26 17:19 - 2017-07-16 06:50 - 000000000 ____D C:\Users\rick.brower\AppData\Local\bluesoleil
2019-01-26 17:19 - 2016-12-03 11:51 - 000000000 ____D C:\ProgramData\FitbitConnect
2019-01-26 17:19 - 2016-09-13 06:26 - 000000000 ____D C:\users\techworkers
2019-01-26 17:19 - 2015-09-28 06:37 - 000000000 ____D C:\users\tim.huff
2019-01-26 17:19 - 2015-09-25 07:44 - 000000000 ____D C:\users\tracey.mcclure
2019-01-26 17:19 - 2015-07-31 01:13 - 000000000 ____D C:\Windows\System32\Tasks\AVAST Software
2019-01-26 17:19 - 2014-09-15 06:07 - 000000000 ____D C:\users\felicia.brower
2019-01-26 17:19 - 2014-06-03 13:05 - 000000000 ___RD C:\Users\rick.brower\Google Drive
2019-01-26 17:19 - 2014-06-03 13:03 - 000000000 ____D C:\users\rick.brower
2019-01-26 17:19 - 2014-06-03 13:03 - 000000000 ____D C:\users\bcstdadmin
2019-01-26 17:19 - 2014-06-03 11:22 - 000000000 ____D C:\users\BCSTT
2019-01-26 17:19 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\System32\NDF
2019-01-26 17:19 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2019-01-26 17:19 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2019-01-26 17:18 - 2014-06-09 07:02 - 000000000 ____D C:\Users\rick.brower\AppData\Local\Adobe
2019-01-26 17:18 - 2014-06-04 06:27 - 000000000 __RHD C:\MSOCache

Some files in TEMP:
====================
2014-09-15 07:07 - 2010-04-07 05:07 - 000607800 ____R (HP) C:\Users\felicia.brower\AppData\Local\Temp\siinst.exe
2014-09-15 07:07 - 2010-04-06 13:41 - 000270336 ____R (HP) C:\Users\felicia.brower\AppData\Local\Temp\strings.dll
2018-05-19 02:22 - 2016-08-21 08:17 - 000138720 _____ (Irfan Skiljan, IrfanView) C:\Users\rick.brower\AppData\Local\Temp\iv_uninstall.exe
2018-04-22 00:53 - 2018-04-22 00:53 - 001884616 _____ (Oracle Corporation) C:\Users\rick.brower\AppData\Local\Temp\jre-8u171-windows-au.exe

==================== KnownDLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2018-05-09 01:20
Restore point date: 2018-05-12 21:48
Restore point date: 2018-05-16 01:20
Restore point date: 2018-05-19 02:17
Restore point date: 2018-05-19 02:17
Restore point date: 2018-05-19 02:17
Restore point date: 2018-05-19 02:17
Restore point date: 2018-05-19 02:21
Restore point date: 2018-05-19 02:22
Restore point date: 2018-05-19 02:22
Restore point date: 2018-05-19 02:23
Restore point date: 2018-05-19 02:23
Restore point date: 2018-05-19 02:24
Restore point date: 2018-05-19 02:24
Restore point date: 2018-05-19 02:25
Restore point date: 2018-05-19 21:48
Restore point date: 2018-05-23 01:19
Restore point date: 2018-05-26 01:21
Restore point date: 2018-05-30 01:21
Restore point date: 2018-06-03 01:21
Restore point date: 2018-06-07 01:21
Restore point date: 2018-06-10 09:25
Restore point date: 2018-07-07 08:32
Restore point date: 2018-07-15 17:09
Restore point date: 2018-07-15 19:01
Restore point date: 2018-07-15 19:01

==================== Memory info =========================== 

Percentage of memory in use: 8%
Total physical RAM: 16303.74 MB
Available physical RAM: 14892.45 MB
Total Virtual: 16301.94 MB
Available Virtual: 14987.59 MB

==================== Drives ================================

Drive 😄 (Windows) (Fixed) (Total:465.76 GB) (Free:142.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive e: (Lexar) (Removable) (Total:29.81 GB) (Free:29.72 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F6B2A6CF)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=07 NTFS)

LastRegBack: 2018-07-07 09:40

==================== End of FRST.txt ============================

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot sick PC, does windows load correctly..?

Thanks,

Kevin

 

fixlist.txt

Link to post
Share on other sites

Continue and make clean install of Malwarebytes...

Download and run the Malwarebytes Support Tool
Accept the EULA and click Advanced tab on the left (not Start Repair)
Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here
 
Let me know if that completed ok for you...

 

 

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.