Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Laptop will not boot to normal mode, does boot to safe mode [Solved]


  • This topic is locked This topic is locked
35 replies to this topic

#16 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 12:38 AM

I do not have the Operating System disk for this machine.

 

I just ran the Startup Repair and it quickly came back with screen that says Startup Repair cannot repair this computer. :(

 

Not sure what to do now.  Should I try running the Windows Repair All in One from safe mode?


    Advertisements

Register to Remove


#17 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 12:42 AM

I just looked up the Bugcode from the Diagnosis and Repair detail.  It appears to match the blue screen of death info I saw earlier.

 

=======================

 

The VIDEO_TDR_ ERROR bug check has a value of 0x00000116. This indicates that an attempt to reset the display driver and recover from a timeout failed.



#18 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 January 2014 - 12:48 AM

That's obviously a video driver error. That could be a substantial part of the problem.

To be honest... I don't know if the Windows all-in-one repair will work in safe mode. Give it a try and let me know.
  • maldini likes this
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#19 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 01:37 AM

I was able to run Windows All In One repair in safe mode. 

 

After it completed the system rebooted correctly into normal mode with no errors.

 

I reran DDS for you in case there was any change

 

==========================

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537
Run by T61p at 2:27:46 on 2014-01-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3054.2523 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uWindows: Run = c:\users\t61p\appdata\local\mobile~1\MOBILE~1.COM
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111004203608.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1}\05A5031533 : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1}\2457E6368623 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1}\5473F43533 : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1}\E40535D27457563747 : DHCPNameServer = 216.20.63.145 216.20.63.147
TCP: Interfaces\{4B0B445B-86E4-4CDD-8183-13D88700B587} : DHCPNameServer = 10.0.0.1
SSODL: WebCheck - <orphaned>
SSODL: MobileOptionPack - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-4 436728]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-4 162928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-4 159320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-4 145936]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-4 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-4 58456]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-4 85152]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-26 1343400]
S4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-7-19 4446752]
.
=============== Created Last 30 ================
.
2014-01-06 07:26:38 -------- d-----w- c:\windows\system32\catroot2
2014-01-06 07:11:58 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-06 05:49:24 -------- d-----w- c:\program files\Tweaking.com
.
==================== Find3M  ====================
.
.
============= FINISH:  2:33:06.57 ===============

 

==================================================================

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2011 11:00:55 AM
System Uptime: 1/6/2014 2:25:17 AM (0 hours ago)
.
Motherboard: LENOVO |  | 64606XG
Processor: Intel® Core™2 Duo CPU     T7500  @ 2.20GHz | None | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 168.101 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Java Auto Updater
Java™ 6 Update 31
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
PVSonyDll
RICOH R5U8xx Media Driver ver.3.64.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SUPERAntiSpyware Free Edition
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
.
==== Event Viewer Messages From Past Week ========
.
1/6/2014 2:33:07 AM, Error: Microsoft-Windows-WMPNSS-Service [14333]  - Service 'WMPNetworkSvc' did not start correctly due to error '0x80070424'. Restart your computer, and then try to restart the service.
1/6/2014 2:26:48 AM, Error: Service Control Manager [7023]  - The Portable Device Enumerator Service service terminated with the following error:  The system cannot find the file specified.
1/6/2014 2:26:31 AM, Error: Service Control Manager [7023]  - The seclogon service terminated with the following error:  The specified procedure could not be found.
1/6/2014 1:50:39 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/6/2014 1:50:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/6/2014 1:50:18 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/6/2014 1:50:18 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/6/2014 1:50:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/6/2014 1:50:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/6/2014 1:49:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0x883b7510, 0x92c1a990, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010614-26535-01.
1/6/2014 1:49:49 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache SASDIFSV SASKUTIL spldr Wanarpv6
1/6/2014 1:49:46 AM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/6/2014 1:49:45 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/6/2014 1:49:45 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
1/6/2014 1:00:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0x8981e510, 0x94c10990, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010614-26816-01.
1/5/2014 7:05:34 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
.
==== End Of File ===========================

 



#20 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 January 2014 - 09:13 AM

Well done.
 
Once again we've gained a little... but it's still not running properly.
 
Let's give this a try:
 
Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  • Double click on ComboFix.exe & follow the prompts.


    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


    Notes:

    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
    3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

  • maldini likes this
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#21 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 09:43 AM

I downloaded and ran ComboFix.

 

During the process ComboFix rebooted the machine and it finished up properly after it rebooted to normal mode.  Here is the log

 

 

ComboFix 14-01-04.03 - T61p 01/06/2014  10:28:51.5.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3054.2336 [GMT -5:00]
Running from: c:\users\T61p\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-06 to 2014-01-06  )))))))))))))))))))))))))))))))
.
.
2014-01-06 15:33 . 2014-01-06 15:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-06 15:33 . 2014-01-06 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-06 07:26 . 2014-01-06 07:33 -------- d-----w- c:\windows\system32\catroot2
2014-01-06 07:11 . 2014-01-06 15:37 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-06 05:52 . 2014-01-06 05:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-01-06 05:49 . 2014-01-06 05:49 -------- d-----w- c:\program files\Tweaking.com
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKLM\~\startupfolder\C:^Users^T61p^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\T61p\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
KEY [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
VSTARTUP [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
E [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-08-27 03:10 1657376 ----a-w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SOPAgent]
2012-11-11 21:48 8 ----a-w- c:\programdata\SOPAgent\sopag_oxgmvte.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-06-23 15:01 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-05 85152]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1343400]
R4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4446752]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-05 162928]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-05 145936]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SSODL-MobileOptionPack-c:\users\T61p\AppData\Local\MobileOptionPack\MobileOptionPack.com - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WUDFHost.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-01-06  10:41:27 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-06 15:41
ComboFix2.txt  2012-11-23 16:35
ComboFix3.txt  2012-11-21 14:45
ComboFix4.txt  2012-11-20 20:30
ComboFix5.txt  2014-01-06 15:27
.
Pre-Run: 179,932,487,680 bytes free
Post-Run: 180,411,224,064 bytes free
.
- - End Of File - - C28FA13AE0BD76269216B54892911D74
A36C5E4F47E84449FF07ED3517B43A31
 


Edited by maldini, 06 January 2014 - 09:44 AM.


#22 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 January 2014 - 12:12 PM

Nothing nefarious there.
 
Let's get a little closer look at those services:
 
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • maldini likes this
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#23 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 12:26 PM

Farbar Service Scanner Version: 05-12-2013
Ran by T61p (administrator) on 06-01-2014 at 13:26:01
Running from "C:\Users\T61p\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****



#24 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 January 2014 - 02:49 PM

Highlight the text in the code box below.  Right click on it and select copy.
 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""

Now open notepad and paste the information into it.



Save the file as "ActionCenterIcon.reg" (including the quotation marks) and save it to your Desktop .
Right click the ActionCenterIcon.reg file and Select Merge and then reboot your machine



Open up an Elevated Command Prompt. Click on orb.png in 2nqbqes.png type CMD . Right click on CMD under Programs (1) choose mawket.jpg. On the User Access Control window click on the Yes button . Command Prompt opens up to C:\Windows\System32>_

Type the command below and press <ENTER>

regsvr32 ActionCenter.dll

 

 

Then please run me a new FSS log.


  • maldini likes this
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#25 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 03:17 PM

Hi Tom,

 

This process did not work for me. I tried the steps twice but I am receiving the following error when running the regsvr32 ActionCenter.dll command from the cmd window.

 

This is the error

 

================================

The module "ActionCenter.dll" was loaded but the entry-point DLLRegisterServer was not found.

 

Make sure that "actionCenter.dll" is a valid DLL or OCX file and then try again.

===============================

 

Does the file I saved into the notepad have to match the file name I pass into the regsvr32 command?

 

 

ActionCenter vs ActionCenterIcon ??


    Advertisements

Register to Remove


#26 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 January 2014 - 04:47 PM

Not really.  ActionCenterIcon is just the name I chose for the .reg fix. 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]

is the registry key for the Action Center Icon.  Your FSS log showed it missing.  ActionCenter.dll is the library file associated with this icon.  The command you ran just makes sure it is registered.

 

Obviously, this icon is not a big deal to the system.  There are alot of systems where it doesn't work without any real incidence... but I was attempting to get it going if I could.

 

Please provide another FSS log.

 

Give things a little "test drive" and then let me know how things seem to be working - along with a new DDS set of logs.


  • maldini likes this
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#27 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 04:50 PM

Computer seems to be functioning ok. I will need to perform a few reboots but have held off on that.

 

Here is the latest FSS log.  I am running DDS now

 

 

Farbar Service Scanner Version: 05-12-2013
Ran by T61p (administrator) on 06-01-2014 at 17:48:38
Running from "C:\Users\T61p\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****



#28 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 04:52 PM

And here are the two DDS logs

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537
Run by T61p at 17:50:39 on 2014-01-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3054.2152 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111004203608.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1}\05A5031533 : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1}\2457E6368623 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1}\5473F43533 : DHCPNameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{49816BA3-5BA2-46F3-9D3D-6F846FB975D1}\E40535D27457563747 : DHCPNameServer = 216.20.63.145 216.20.63.147
TCP: Interfaces\{4B0B445B-86E4-4CDD-8183-13D88700B587} : DHCPNameServer = 10.0.0.1
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-4 436728]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-4 162928]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-10-4 159320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-10-4 145936]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-10-4 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-10-4 58456]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-10-4 85152]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-26 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-26 1343400]
S4 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-7-19 4446752]
.
=============== Created Last 30 ================
.
2014-01-06 15:37:57 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-06 07:26:38 -------- d-----w- c:\windows\system32\catroot2
2014-01-06 07:11:58 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-06 05:49:24 -------- d-----w- c:\program files\Tweaking.com
.
==================== Find3M  ====================
.
.
============= FINISH: 17:50:47.70 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2011 11:00:55 AM
System Uptime: 1/6/2014 10:35:04 AM (7 hours ago)
.
Motherboard: LENOVO |  | 64606XG
Processor: Intel® Core™2 Duo CPU     T7500  @ 2.20GHz | None | 2201/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 168.47 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Java Auto Updater
Java™ 6 Update 31
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
PVSonyDll
RICOH R5U8xx Media Driver ver.3.64.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SUPERAntiSpyware Free Edition
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
.
==== Event Viewer Messages From Past Week ========
.
1/6/2014 2:33:07 AM, Error: Microsoft-Windows-WMPNSS-Service [14333]  - Service 'WMPNetworkSvc' did not start correctly due to error '0x80070424'. Restart your computer, and then try to restart the service.
1/6/2014 10:37:22 AM, Error: Service Control Manager [7023]  - The Portable Device Enumerator Service service terminated with the following error:  The system cannot find the file specified.
1/6/2014 10:37:04 AM, Error: Service Control Manager [7023]  - The Remote Access Connection Manager service terminated with the following error:  The system cannot find the file specified.
1/6/2014 10:37:04 AM, Error: Service Control Manager [7001]  - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:  The system cannot find the file specified.
1/6/2014 10:37:00 AM, Error: Service Control Manager [7023]  - The seclogon service terminated with the following error:  The specified procedure could not be found.
1/6/2014 10:36:26 AM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
1/6/2014 10:31:59 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
1/6/2014 1:50:39 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/6/2014 1:50:38 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/6/2014 1:50:18 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/6/2014 1:50:18 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/6/2014 1:50:12 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/6/2014 1:50:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/6/2014 1:49:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0x883b7510, 0x92c1a990, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010614-26535-01.
1/6/2014 1:49:49 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache SASDIFSV SASKUTIL spldr Wanarpv6
1/6/2014 1:49:46 AM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
1/6/2014 1:49:45 AM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
1/6/2014 1:49:45 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
1/6/2014 1:00:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000116 (0x8981e510, 0x94c10990, 0x00000000, 0x00000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010614-26816-01.
1/5/2014 7:05:34 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
.
==== End Of File ===========================

 



#29 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 06 January 2014 - 09:54 PM

Awesome.

You haven't thrown any errors since you ran combofix.

Give everything a good test drive and make sure all is ok.

Report back and we'll do some cleanup.
  • maldini likes this
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#30 maldini

maldini

    Authentic Member

  • Authentic Member
  • PipPip
  • 214 posts

Posted 06 January 2014 - 10:10 PM

I have used the laptop quite a bit the last few hours and have performed numerous shut downs, reboots and re-starts and all have worked well.

 

In general use of the computer I don't see anything wrong outside of the network icon in the system tray, but that is so minor I don't really care.

 

During one of the shutdowns and subsequent reboots, the computer performed a large Windows update. 

 

I think we may be ready for clean up unless the Windows Update causes the need for any more runs.

 

Can you tell me what we might have fixed in regards to the Display Driver error?  I still have this nagging feeling it might come back since I am not sure we found an actual problem.


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users