1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Defender Offline Removed Root kit now Windows wont load

Discussion in 'Virus & Other Malware Removal' started by Kevier, May 7, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    I was Running Windows Security Defender it said i had a Root Kit Virus and needed to download Windows Defender offline so i did
    ran it it foud 2 so i removed them and it restarted and now while loading Windows it flashes blue screen and restarts i dont have a boot disk and i really need help
     
  2. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    im running windows 7 and cant access safe mode

    dont know if this will help but i ran FRST64

    Results

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
    Ran by SYSTEM on MININT-KRNF8R6 on 07-05-2014 01:27:15
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NapsterShell] => C:\Program Files (x86)\Napster\napster.exe [323280 2010-01-19] (Napster)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1675160 2011-11-22] (McAfee, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1557160 2012-04-09] (Ask)
    HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
    HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\cherylandshannon\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-05] (Google Inc.)
    HKU\cherylandshannon\...\Run: [lime pro] => "C:\Program Files (x86)\Lime PRO\LimePro.exe" -h
    HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
    HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
    Startup: C:\Users\cherylandshannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files (x86)\FrostWire 5\FrostWire.exe (FrostWire)

    ==================== Services (Whitelisted) =================

    S2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
    S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
    S2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
    S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
    S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
    S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
    S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
    S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [502032 2011-10-18] (McAfee, Inc.)
    S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
    S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
    S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
    S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
    S2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-12-06] (McAfee, Inc.)
    S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
    S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
    S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

    ==================== Drivers (Whitelisted) ====================

    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
    S3 mfeavfk01; No ImagePath
    S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
    S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
    S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
    S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-01] (Realtek Semiconductor Corp.)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-07 01:26 - 2014-05-07 01:27 - 00000000 ____D () C:\FRST
    2014-05-04 23:11 - 2014-05-04 23:11 - 55574528 _____ () C:\Windows\System32\config\SOFTWARE4b533101
    2014-05-04 23:00 - 2014-05-04 23:58 - 00000000 ____D () C:\Windows\Microsoft Antimalware
    2014-05-04 13:48 - 2014-05-04 13:50 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\Mozilla
    2014-05-04 13:47 - 2014-05-04 13:50 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Roaming\Mozilla
    2014-05-04 13:46 - 2014-05-04 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-04 13:46 - 2014-05-04 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-04 13:46 - 2014-05-04 13:46 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-05-04 13:42 - 2014-05-04 13:42 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\SearchProtect
    2014-05-04 13:41 - 2014-05-04 13:42 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
    2014-05-04 13:14 - 2014-05-04 23:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-05-04 13:14 - 2014-05-04 23:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-05-04 13:03 - 2014-05-04 13:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-05-04 13:00 - 2014-05-04 12:53 - 13829304 _____ (Microsoft Corporation) C:\Users\cherylandshannon\Desktop\MSEInstall.exe

    ==================== One Month Modified Files and Folders =======

    2014-05-07 01:27 - 2014-05-07 01:26 - 00000000 ____D () C:\FRST
    2014-05-04 23:58 - 2014-05-04 23:00 - 00000000 ____D () C:\Windows\Microsoft Antimalware
    2014-05-04 23:53 - 2014-05-04 13:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-05-04 23:53 - 2014-05-04 13:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-05-04 23:53 - 2014-05-04 13:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-05-04 23:53 - 2012-05-07 16:32 - 00000000 ____D () C:\Program Files (x86)\Ask.com
    2014-05-04 23:53 - 2012-05-07 16:29 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5
    2014-05-04 23:53 - 2012-01-06 15:49 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
    2014-05-04 23:53 - 2011-12-26 04:27 - 00000000 ____D () C:\Program Files (x86)\Rhapsody
    2014-05-04 23:53 - 2011-10-09 10:57 - 00000000 ____D () C:\Program Files\McAfee
    2014-05-04 23:53 - 2011-10-09 10:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-05-04 23:53 - 2011-09-27 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-05-04 23:53 - 2011-07-08 14:25 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2014-05-04 23:53 - 2011-07-08 13:30 - 00000000 ____D () C:\ProgramData\McAfee
    2014-05-04 23:53 - 2011-06-28 19:32 - 00000000 ____D () C:\users\cherylandshannon
    2014-05-04 23:53 - 2011-06-28 19:32 - 00000000 ____D () C:\Program Files (x86)\OEM
    2014-05-04 23:53 - 2009-11-05 10:10 - 00000000 ____D () C:\Program Files\Google
    2014-05-04 23:53 - 2009-11-05 10:10 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-04 23:53 - 2009-07-13 23:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-05-04 23:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
    2014-05-04 23:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
    2014-05-04 23:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
    2014-05-04 23:52 - 2011-10-09 10:57 - 00000000 ____D () C:\Program Files\McAfee.com
    2014-05-04 23:52 - 2011-09-27 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-04 23:52 - 2009-11-05 10:10 - 00000000 ____D () C:\ProgramData\Google
    2014-05-04 23:48 - 2014-05-04 13:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-04 23:48 - 2014-05-04 13:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-04 23:11 - 2014-05-04 23:11 - 55574528 _____ () C:\Windows\System32\config\SOFTWARE4b533101
    2014-05-04 14:40 - 2009-11-05 09:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-05-04 13:50 - 2014-05-04 13:48 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\Mozilla
    2014-05-04 13:50 - 2014-05-04 13:47 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Roaming\Mozilla
    2014-05-04 13:46 - 2014-05-04 13:46 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-05-04 13:42 - 2014-05-04 13:42 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\SearchProtect
    2014-05-04 13:42 - 2014-05-04 13:41 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
    2014-05-04 13:05 - 2011-06-28 19:43 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\Google
    2014-05-04 12:53 - 2014-05-04 13:00 - 13829304 _____ (Microsoft Corporation) C:\Users\cherylandshannon\Desktop\MSEInstall.exe
    2014-05-04 12:00 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-04 12:00 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-04 11:58 - 2011-09-28 09:07 - 01720159 _____ () C:\Windows\WindowsUpdate.log
    2014-05-04 11:53 - 2011-09-28 15:55 - 00021215 _____ () C:\Windows\setupact.log
    2014-05-04 11:53 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-04 11:44 - 2011-07-04 10:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-04 11:32 - 2009-07-13 21:13 - 00005152 _____ () C:\Windows\System32\PerfStringBackup.INI

    Some content of TEMP:
    ====================
    C:\Users\cherylandshannon\AppData\Local\Temp\0114831325893763mcinst.exe
    C:\Users\cherylandshannon\AppData\Local\Temp\0304161318173103mcinst.exe
    C:\Users\cherylandshannon\AppData\Local\Temp\installhelper.dll
    C:\Users\cherylandshannon\AppData\Local\Temp\SRAssetsHelper.dll
    C:\Users\cherylandshannon\AppData\Local\Temp\WiseUpdX.exe
    C:\Users\cherylandshannon\AppData\Local\Temp\_is2273.exe
    C:\Users\cherylandshannon\AppData\Local\Temp\_is58AA.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== Restore Points =========================

    Restore point made on: 2012-05-24 02:44:57
    Restore point made on: 2012-05-26 11:40:10
    Restore point made on: 2012-05-26 23:27:48
    Restore point made on: 2012-05-31 13:11:20
    Restore point made on: 2012-06-01 12:50:41
    Restore point made on: 2012-06-01 12:53:20
    Restore point made on: 2012-06-04 14:17:22
    Restore point made on: 2012-06-06 13:41:47
    Restore point made on: 2014-05-04 12:19:05
    Restore point made on: 2014-05-04 13:06:13
    Restore point made on: 2014-05-04 13:11:17
    Restore point made on: 2014-05-04 13:41:38

    ==================== Memory info ===========================

    Percentage of memory in use: 21%
    Total physical RAM: 3001.98 MB
    Available physical RAM: 2368.32 MB
    Total Pagefile: 3000.13 MB
    Available Pagefile: 2363.32 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:220.78 GB) (Free:166.1 GB) NTFS
    Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.86 GB) NTFS
    Drive g: (WDO_MEDIA64) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ATTENTION: Malware custom entry on BCD on drive y: detected.

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: F85E7820)
    Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
    Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=2 GB) - (Type=0B)


    LastRegBack: 2014-05-04 12:11

    ==================== End Of Log ============================
     
  3. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Kevier and welcome to TSG. As this is a Malware problem I have requested it is move to the Malware forum where I will assist you in cleaning up the machine.

    You still have a Rootkit infection on the PC and I suspect removing it with an Anti Virus program has caused some damage to the MBR which is why it won't boot normally.

    We first need to remove the infection which FRST found.

    On your functioning PC: Open Notepad and Copy & Paste the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select Copy then right click in the Notepad window and select Paste. Save it to the flashdrive as fixlist.txt <--- it is very important to spell this name exactly as written here.

    Code:
    TDL4: custom:26000022 <===== ATTENTION!
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Plug the Flash Drive back into the infected PC and enter the System Recovery Options and select the Command Prompt using the same instructions you followed to run the first scan.

    • In the command window type e:\frst.exe (or for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
      NOTE: if you receive an error message "the system cannot find the drive specified" go back into Notepad and check the drive letter for the Flash Drive.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log on the flashdrive (Fixlog.txt) please Copy & Paste it into your next reply.


    When this is complete try to boot the defective PC and let me know what happens.

    Please also tell me what OS is on your functional PC, including the bit rate.
     
  4. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    sorry for the delay

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2014
    Ran by SYSTEM at 2014-05-07 10:52:50 Run:1
    Running from G:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************


    TDL4: custom:26000022 <===== ATTENTION!
    *****************


    The operation completed successfully.
    The operation completed successfully.

    ==== End of Fixlog ====

    Both computers are Windows 7 64bit
     
  5. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    sorry forgot to say Infected PC started fine have to fix a few things because i tried system restore to try to fix the problem earlier
     
  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Good news, but don't go away as we should run some more checks to make sure there are no more remnants and none of the system services are damaged. Now the PC is booting up it will make things a little easier.

    I only asked about the other PC in case we needed to make a boot disc, but that won't be required now.

    Don't use system restore again as it will most likely re-infect the system, once we have made sure the system is clean you can create a fresh restore point and delete all the old ones.

    Please don't make any changes to the system or run any other scans apart from those I am asking you to do as this can cause great confusion in the logs.

    The next check is to run FRST on the system while it is booted up, you won't need a Flash Drive again as long as you can connect to the internet. The second scan is just to check your system is clear of any Adware. Please download a fresh copy of FRST onto the system as the one on the Flash Drive may need updating.

    Please run these scans in the order listed:

    The first scan is to remove all your temp files as some infections are saved in temporary files.

    SCAN 1
    NOTE: This will empty your recycle bin, if you have anything you need in there please save it before you run this scan.
    Download Temporary file cleaner and save it to the desktop. Make sure you do not use the Download button in the advert at the top of the page, use the button right next to the name TFC - Temp File Cleaner by Old Timer.
    Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
    When the window opens click on Start. It will close all running programs and clear the desktop icons.
    When complete you may be asked to reboot, if so accept the request and your PC will reboot automatically.

    NOTE: There is no need to post the log, just confirm in your next post that it ran without a problem. At times it may appear to freeze, which is perfectly normal, it may take a while to complete the clean up depending on the amount of temporary files there are on the system.


    SCAN 2
    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

    [​IMG]


    SCAN 3
    Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

    Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
    • The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You should have run TFC first then Adwcleaner then FRST so it only showed anything that was left over.

    Maybe you got to my instructions while I was still editing them.

    Complete the run with TFC, then do Adwcleaner and post the log. Then run FRST again, this time you will need to put a check mark next to Addition.txt in the opening window or it will only produce one log.

    To keep the thread organized for easy reference please go back, click on the Edit button at the bottom of you last post and select Delete to remove it.
     
  8. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    just wanna make sure this is normal but during restart it went straight to Startup repair and its attempting repairs
     
  9. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The system has obviously found something wrong in the boot sector which is where the infection was, let me know what happens next. Don't forget to delete the log above as suggested
     
  10. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    it said Startup Repair cannont Repair This Computer Automatically what do you want me to do form here
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    :eek: sounds like it may have re-infected, do another scan with FRST using your Flash Drive just as you did to produce the first log and post it back here.
     
  12. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
    Ran by SYSTEM on MININT-5KNO2VA on 07-05-2014 12:49:52
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NapsterShell] => C:\Program Files (x86)\Napster\napster.exe [323280 2010-01-19] (Napster)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2011-12-12] (PC Tools)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\cherylandshannon\...\Run: [lime pro] => "C:\Program Files (x86)\Lime PRO\LimePro.exe" -h
    HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()
    HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-21] ()

    ==================== Services (Whitelisted) =================

    S2 0100941399475305mcinstcleanup; C:\Users\cherylandshannon\AppData\Local\Temp\0100941399475305mcinst.exe [827456 2012-01-26] (McAfee, Inc.)
    S2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
    S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
    S2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
    S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
    S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
    S2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-12-06] (McAfee, Inc.)
    S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2011-12-12] (PC Tools)
    S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-03] (Acer)

    ==================== Drivers (Whitelisted) ====================

    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
    S3 mfeavfk01; No ImagePath
    S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
    S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
    S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
    S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
    S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-01] (Realtek Semiconductor Corp.)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-05-07 07:59 - 2014-05-07 08:00 - 00024618 _____ () C:\Users\cherylandshannon\Downloads\Addition.txt
    2014-05-07 07:58 - 2014-05-07 08:00 - 00022523 _____ () C:\Users\cherylandshannon\Downloads\FRST.txt
    2014-05-07 07:26 - 2014-05-07 12:32 - 00000000 ____D () C:\eff74ccb47279cbec46d9985a8d40624
    2014-05-07 07:26 - 2014-05-07 07:26 - 00000000 ____D () C:\Windows\System32\EventProviders
    2014-05-07 07:23 - 2014-05-07 07:23 - 00001160 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-05-07 07:21 - 2014-05-07 07:21 - 00282960 _____ (Mozilla) C:\Users\cherylandshannon\Downloads\Firefox Setup Stub 29.0.exe
    2014-05-07 07:20 - 2014-05-07 07:22 - 00000000 ____D () C:\Windows\System32\MRT
    2014-05-07 07:18 - 2014-05-07 07:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-05-07 07:13 - 2014-05-07 07:13 - 00000351 _____ () C:\Users\cherylandshannon\Desktop\Network - Shortcut.lnk
    2014-05-07 07:12 - 2014-05-07 07:12 - 00000355 _____ () C:\Users\cherylandshannon\Desktop\Computer - Shortcut.lnk
    2014-05-07 01:26 - 2014-05-07 12:49 - 00000000 ____D () C:\FRST
    2014-05-04 23:11 - 2014-05-04 23:11 - 55574528 _____ () C:\Windows\System32\config\SOFTWARE4b533101
    2014-05-04 23:00 - 2014-05-04 23:58 - 00000000 ____D () C:\Windows\Microsoft Antimalware
    2014-05-04 13:48 - 2014-05-04 13:50 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\Mozilla
    2014-05-04 13:47 - 2014-05-04 13:50 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Roaming\Mozilla
    2014-05-04 13:46 - 2014-05-07 07:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-04 13:46 - 2014-05-07 07:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-04 13:46 - 2014-05-04 13:46 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-05-04 13:42 - 2014-05-04 13:42 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\SearchProtect
    2014-05-04 13:41 - 2014-05-04 13:42 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
    2014-05-04 13:14 - 2014-05-04 23:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-05-04 13:14 - 2014-05-04 23:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-05-04 13:03 - 2014-05-04 23:53 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-05-04 13:00 - 2014-05-04 12:53 - 13829304 _____ (Microsoft Corporation) C:\Users\cherylandshannon\Desktop\MSEInstall.exe

    ==================== One Month Modified Files and Folders =======

    2014-05-07 12:49 - 2014-05-07 01:26 - 00000000 ____D () C:\FRST
    2014-05-07 12:33 - 2011-06-28 19:32 - 00000000 ____D () C:\users\cherylandshannon
    2014-05-07 12:32 - 2014-05-07 07:26 - 00000000 ____D () C:\eff74ccb47279cbec46d9985a8d40624
    2014-05-07 12:32 - 2011-11-29 15:18 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-05-07 12:32 - 2011-09-27 16:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-05-07 12:32 - 2009-11-05 09:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-05-07 12:32 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2014-05-07 12:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
    2014-05-07 12:27 - 2011-09-27 16:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-07 08:00 - 2014-05-07 07:59 - 00024618 _____ () C:\Users\cherylandshannon\Downloads\Addition.txt
    2014-05-07 08:00 - 2014-05-07 07:58 - 00022523 _____ () C:\Users\cherylandshannon\Downloads\FRST.txt
    2014-05-07 07:26 - 2014-05-07 07:26 - 00000000 ____D () C:\Windows\System32\EventProviders
    2014-05-07 07:26 - 2011-09-28 09:07 - 01858999 _____ () C:\Windows\WindowsUpdate.log
    2014-05-07 07:23 - 2014-05-07 07:23 - 00001160 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-05-07 07:23 - 2014-05-04 13:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-07 07:23 - 2014-05-04 13:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-07 07:22 - 2014-05-07 07:20 - 00000000 ____D () C:\Windows\System32\MRT
    2014-05-07 07:21 - 2014-05-07 07:21 - 00282960 _____ (Mozilla) C:\Users\cherylandshannon\Downloads\Firefox Setup Stub 29.0.exe
    2014-05-07 07:18 - 2014-05-07 07:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-05-07 07:18 - 2009-11-05 10:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-05-07 07:13 - 2014-05-07 07:13 - 00000351 _____ () C:\Users\cherylandshannon\Desktop\Network - Shortcut.lnk
    2014-05-07 07:12 - 2014-05-07 07:12 - 00000355 _____ () C:\Users\cherylandshannon\Desktop\Computer - Shortcut.lnk
    2014-05-07 07:07 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-07 07:07 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-07 07:06 - 2011-06-28 19:43 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\Google
    2014-05-07 07:06 - 2009-11-05 10:10 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-05-07 07:02 - 2011-07-08 13:30 - 00000000 ____D () C:\ProgramData\McAfee
    2014-05-07 06:59 - 2011-07-04 10:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-07 06:59 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-04 23:58 - 2014-05-04 23:00 - 00000000 ____D () C:\Windows\Microsoft Antimalware
    2014-05-04 23:53 - 2014-05-04 13:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2014-05-04 23:53 - 2014-05-04 13:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2014-05-04 23:53 - 2014-05-04 13:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
    2014-05-04 23:53 - 2012-01-06 15:49 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
    2014-05-04 23:53 - 2011-12-26 04:27 - 00000000 ____D () C:\Program Files (x86)\Rhapsody
    2014-05-04 23:53 - 2011-10-09 10:57 - 00000000 ____D () C:\Program Files\McAfee
    2014-05-04 23:53 - 2011-10-09 10:57 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-05-04 23:53 - 2011-07-08 14:25 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2014-05-04 23:53 - 2009-11-05 10:10 - 00000000 ____D () C:\Program Files\Google
    2014-05-04 23:53 - 2009-07-13 23:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-05-04 23:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
    2014-05-04 23:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
    2014-05-04 23:52 - 2011-10-09 10:57 - 00000000 ____D () C:\Program Files\McAfee.com
    2014-05-04 23:52 - 2009-11-05 10:10 - 00000000 ____D () C:\ProgramData\Google
    2014-05-04 23:11 - 2014-05-04 23:11 - 55574528 _____ () C:\Windows\System32\config\SOFTWARE4b533101
    2014-05-04 13:50 - 2014-05-04 13:48 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\Mozilla
    2014-05-04 13:50 - 2014-05-04 13:47 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Roaming\Mozilla
    2014-05-04 13:46 - 2014-05-04 13:46 - 00000000 ____D () C:\ProgramData\Mozilla
    2014-05-04 13:42 - 2014-05-04 13:42 - 00000000 ____D () C:\Users\cherylandshannon\AppData\Local\SearchProtect
    2014-05-04 13:42 - 2014-05-04 13:41 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
    2014-05-04 12:53 - 2014-05-04 13:00 - 13829304 _____ (Microsoft Corporation) C:\Users\cherylandshannon\Desktop\MSEInstall.exe
    2014-05-04 11:44 - 2011-07-04 10:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-04 11:32 - 2009-07-13 21:13 - 00005152 _____ () C:\Windows\System32\PerfStringBackup.INI

    Some content of TEMP:
    ====================
    C:\Users\cherylandshannon\AppData\Local\Temp\0100941399475305mcinst.exe
    C:\Users\cherylandshannon\AppData\Local\Temp\_is58AA.exe
    C:\Users\cherylandshannon\AppData\Local\Temp\_isECAE.exe


    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points =========================

    Restore point made on: 2014-05-07 07:27:41

    ==================== Memory info ===========================

    Percentage of memory in use: 21%
    Total physical RAM: 3001.98 MB
    Available physical RAM: 2364.25 MB
    Total Pagefile: 3000.13 MB
    Available Pagefile: 2359.69 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Drives ================================

    Drive c: (eMachines) (Fixed) (Total:220.78 GB) (Free:176.16 GB) NTFS
    Drive e: (PQSERVICE) (Fixed) (Total:12 GB) (Free:1.86 GB) NTFS
    Drive g: (WDO_MEDIA64) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: F85E7820)
    Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
    Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=2 GB) - (Type=0B)


    LastRegBack: 2014-05-04 12:11

    ==================== End Of Log ============================
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    No sign of the infection so not too sure what may have gone wrong.

    Please repeat the instructions used in post 3 using the script in the code box below, let me know if that fixes it.

    I will be out for the rest of the evening, I am on GMT +2. I shall have a look back later. If this does not work you can try running the Startup Repair several times in a row to see if it fixes the problem. Please don't run anything else until I get back.

    Code:
    CMD: bootrec /FixMbr
    
     
  14. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    its acting like its updating saying preparing to configure windows do not turn off you computer
    gets to 30% then shuts down and then goes into startup repair

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-05-2014
    Ran by SYSTEM at 2014-05-07 13:13:06 Run:2
    Running from G:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    CMD: bootrec /FixMbr
    *****************


    ========= bootrec /FixMbr =========

    ??T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

    ========= End of CMD: =========
     
  15. Kevier

    Kevier Thread Starter

    Joined:
    May 7, 2014
    Messages:
    233
    i was reading the Diagnosis and Repair details

    The Root Cause Found
    Boot Critical File d:\windows\system32\kdcom.dll is corrupt.
    Repair Action: File Repair
    Result: Failed. Error Code = 0xa
    time Taken = 5757 ms

    Repair action: system Restore
    Result: Failed. Error code = 0x1f
    time Taken = 485163 ms

    Repair action: System Files Integrity Check and Repair
    Result: Failed. Error Code = 0xa
    time Taken = 6084 ms
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1125553

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice