TechSpot

Windows 7 PC messed up bad!

By Shroomfarmer
May 2, 2013
  1. So I'm in desperate need of help, I let a family member borrow my pc while they were in the hospital and when I got it back it was totally fubar! It takes about a half hour to boot up and when it finally does it only works for a few seconds before everything completely locks up. I have Avira antivirus but I can't get past 3% of a scan without it freezing. I have the same problem in safe mode. I'm having to post on this board from my IPod because I can't even bring up 1 web page. Please please help!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. Shroomfarmer

    Shroomfarmer TS Rookie Topic Starter

    Thanks, I'm working on getting this done but had to find another computer and a flash drive. I'm hoping to have it by tomorrow. Just didn't want you to think I'm ignoring you. Just going to take me a bit
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  5. Shroomfarmer

    Shroomfarmer TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2013
    Ran by SYSTEM on 04-05-2013 07:36:20
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15871520 2009-04-29] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2009-04-29] (NVIDIA Corporation)
    HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-11] (Synaptics, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [4119552 2008-12-22] (Dell Inc.)
    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Winlogon\Notify\WB: C:\PROGRA~2\stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [405639 2009-01-09] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [FAStartup] [x]
    HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)
    HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-02-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [98488 2011-04-23] (Sensible Vision )
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-18] (Apple Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-04-29] (Avira Operations GmbH & Co. KG)
    HKU\Shane\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
    HKU\Shane\...\Run: [Google Update] "C:\Users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-23] (Google Inc.)
    HKU\Shane\...\Run: [Spotify Web Helper] "C:\Users\Shane\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-10-27] (Spotify Ltd)
    HKU\Shane\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-26] (Google Inc.)
    Lsa: [Notification Packages] scecli
    FAPassSync
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc)
    SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No File
    ==================== Services (Whitelisted) =================
    S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [89600 2009-03-30] (Andrea Electronics Corporation)
    S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-29] (Avira Operations GmbH & Co. KG)
    S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-29] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [565472 2013-04-29] (Avira Operations GmbH & Co. KG)
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2012-12-05] (BlueStack Systems, Inc.)
    S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-12-05] (BlueStack Systems, Inc.)
    S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-11-02] ()
    S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\STacSV64.exe [268288 2009-03-30] (IDT, Inc.)
    S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-22] (Dell Inc.)
    ==================== Drivers (Whitelisted) ====================
    S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2012-12-05] (BlueStack Systems)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
    S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [27912 2007-08-10] ()
    S2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
    S1 avipbb; system32\DRIVERS\avipbb.sys [x]
    S1 avkmgr; system32\DRIVERS\avkmgr.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-05-04 07:36 - 2013-05-04 07:36 - 00000000 ____D C:\FRST
    2013-04-29 12:31 - 2013-04-29 12:31 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Avira
    2013-04-29 12:26 - 2013-04-29 12:26 - 00002068 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
    2013-04-29 12:26 - 2013-04-29 12:26 - 00000000 ____D C:\Program Files (x86)\Avira
    2013-04-29 12:26 - 2013-04-29 12:24 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
    2013-04-29 12:26 - 2013-04-29 12:24 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
    2013-04-29 12:26 - 2013-04-29 12:24 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
    ==================== One Month Modified Files and Folders =======
    2013-05-04 07:36 - 2013-05-04 07:36 - 00000000 ____D C:\FRST
    2013-05-02 18:01 - 2012-10-13 09:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-02 17:37 - 2009-10-31 06:49 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-02 17:28 - 2012-01-16 08:14 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640876440-3813629251-4272508459-1000UA.job
    2013-05-02 14:22 - 2012-11-23 18:11 - 00000356 ____A C:\Windows\Tasks\AmiUpdXp.job
    2013-05-02 13:17 - 2009-09-19 11:43 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Mozilla
    2013-05-02 10:27 - 2009-08-17 15:33 - 00017408 ____A C:\Windows\System32\rpcnetp.exe
    2013-05-02 10:26 - 2009-11-02 07:46 - 00088915 ____A C:programData\nvModes.001
    2013-05-02 10:26 - 2009-10-31 06:49 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-02 10:26 - 2009-09-17 11:22 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
    2013-05-02 10:26 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-02 10:26 - 2009-07-13 20:51 - 08990824 ____A C:\Windows\setupact.log
    2013-05-02 05:17 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-02 03:49 - 2009-11-01 17:35 - 01521875 ____A C:\Windows\WindowsUpdate.log
    2013-05-01 21:24 - 2012-01-16 08:14 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640876440-3813629251-4272508459-1000Core.job
    2013-05-01 12:33 - 2009-11-01 17:06 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-01 12:26 - 2009-11-01 17:06 - 00011120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-04-30 13:43 - 2009-09-17 20:09 - 00000000 ____D C:\Users\Shane\AppData\Local\MediaMonkey
    2013-04-30 13:38 - 2009-11-02 07:46 - 00088915 ____A C:programData\nvModes.dat
    2013-04-29 16:25 - 2009-11-01 17:23 - 00119130 ____A C:\Windows\PFRO.log
    2013-04-29 13:32 - 2010-03-17 00:51 - 00000000 ____D C:\Users\Shane\AppData\Roaming\vlc
    2013-04-29 12:31 - 2013-04-29 12:31 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Avira
    2013-04-29 12:26 - 2013-04-29 12:26 - 00002068 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
    2013-04-29 12:26 - 2013-04-29 12:26 - 00000000 ____D C:\Program Files (x86)\Avira
    2013-04-29 12:26 - 2013-02-23 20:55 - 00000000 ____D C:programData\Avira
    2013-04-29 12:24 - 2013-04-29 12:26 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
    2013-04-29 12:24 - 2013-04-29 12:26 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
    2013-04-29 12:24 - 2013-04-29 12:26 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
    2013-04-29 03:45 - 2012-08-26 06:07 - 00000000 ___RD C:\Users\Shane\Desktop\Dropbox
    2013-04-29 03:45 - 2012-08-26 06:04 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Dropbox
    2013-04-29 03:44 - 2009-11-02 08:52 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-04-28 14:41 - 2013-02-19 16:47 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-04-28 14:35 - 2009-08-17 15:35 - 00017408 ____A C:\Windows\SysWOW64\rpcnetp.dll
    2013-04-28 14:34 - 2009-08-17 15:33 - 00017408 ____A C:\Windows\SysWOW64\rpcnetp.exe
    ==================== Known DLLs (Whitelisted) ================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================

    ==================== Memory info ===========================
    Percentage of memory in use: 15%
    Total physical RAM: 3838.36 MB
    Available physical RAM: 3255.63 MB
    Total Pagefile: 3836.51 MB
    Available Pagefile: 3270.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB
    ==================== Drives ================================
    Drive c: (OS) (Fixed) (Total:283 GB) (Free:52.23 GB) NTFS (Disk=0 Partition=3) ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.23 GB) NTFS (Disk=0 Partition=2)
    Drive f: () (Removable) (Total:7.45 GB) (Free:7.41 GB) FAT32 (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 7633 MB 0 B
    Partitions of Disk 0:
    ===============
    Disk ID: 88000000
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 94 MB 31 KB
    Partition 2 Primary 15 GB 95 MB
    Partition 3 Primary 282 GB 15 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 94 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 15 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 282 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Disk ID: 00000000
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT32 Removable 7633 MB Healthy
    =========================================================
    ============================== MBR & Partition Table ==================
    ====================================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 88000000)
    Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)
    ====================================================================
    Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

    Last Boot: 2013-03-07 10:42
    ==================== End Of Log ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    There is nothing malicious there.
    Your issues must be caused by something else.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
     
  7. Shroomfarmer

    Shroomfarmer TS Rookie Topic Starter

    Ok thanks for your help, I'm thinking my hard drive has pretty much bit it then of maybe some other hardware issue...
     
  8. Broni

    Broni Malware Annihilator Posts: 52,892   +344

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...