BleepingComputer.com: Computer won't start, 0x0000007b error and startup repair looping.

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Computer won't start, 0x0000007b error and startup repair looping. Windows 7 -64 Bit OS, startup repaire looping

#1 User is offline   fxrv 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 19-December 10

Posted 05 July 2011 - 02:56 PM

Computer won't start, 0x0000007b error and startup repair looping, My Dell Windows 7 Laptop is not booting. It is looping with Startup Repair. Every time I restarting the same thing happens. I read some topics and came to know about Farbar Scanner Tool, So I done like that. So please find the frst.txt after running the frst64 from the command prompt of repaire option.

frst.txt is attached with this
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.1.2
Ran by SYSTEM at 2011-07-07 02:30:57
Running from G:\
Windows 7 Home Basic (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-06-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [385560 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365080 2009-06-30] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe [2048352 2010-07-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-03-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe" /md I [329432 2011-04-14] (facemoods.com)
HKU\USER\...\Run: [BeyluxeMessenger] "C:\Program Files (x86)\Beyluxe Messenger\Beyluxe Messenger.exe" /hide [5562880 2010-07-29] ()
HKU\USER\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [5248312 2010-04-29] (Yahoo! Inc.)
HKU\USER\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-06-04] (Google Inc.)
HKU\USER\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15146376 2011-04-18] (Skype Technologies S.A.)
HKLM\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] ()
HKLM-x32\...\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] ()
HKLM-x32\...\Winlogon: [Userinit] userinit.exe
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

==================== Services (Whitelisted) ======

3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
2 avg8emc; C:\PROGRA~2\AVG\AVG8\avgemc.exe [908056 2010-05-26] (AVG Technologies CZ, s.r.o.)
2 avg8wd; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [297752 2010-06-02] (AVG Technologies CZ, s.r.o.)
2 avgfws8; C:\PROGRA~2\AVG\AVG8\avgfws8.exe [1370488 2010-06-02] (AVG Technologies CZ, s.r.o.)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc [135664 2010-06-04] (Google Inc.)
3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc [135664 2010-06-04] (Google Inc.)
2 IAANTMON; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840 2009-06-04] (Intel Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441712 2008-11-03] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
2 Realtek87B; C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek)
2 SftService; "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE" [658656 2010-03-04] (SoftThinks)
2 sprtsvc_DellSupportCenter; "C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
2 wltrysvc; "C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe" [3417088 2009-07-16] (Dell Inc.)
2 YahooAUService; "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" [602392 2008-11-09] (Yahoo! Inc.)
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [225328 2009-02-05] (Alps Electric Co., Ltd.)
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29464 2010-05-05] (AVG Technologies CZ, s.r.o.)
1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [427016 2010-06-02] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [33416 2010-05-26] (AVG Technologies CZ, s.r.o.)
0 AvgRkx64; C:\Windows\System32\Drivers\avgrkx64.sys [14856 2010-05-26] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [133640 2010-05-05] (AVG Technologies CZ, s.r.o.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [22520 2009-07-16] (Broadcom Corporation)
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [2769400 2009-07-16] (Broadcom Corporation)
3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [41984 2009-07-13] (Microsoft Corporation)
3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-13] (Microsoft Corporation)
3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [551936 2009-07-13] (Microsoft Corporation)
3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [79360 2009-07-13] (Microsoft Corporation)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [98344 2009-08-04] (Broadcom Corporation.)
3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [132648 2009-08-04] (Broadcom Corporation.)
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [35104 2009-08-04] (Broadcom Corporation.)
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21160 2009-08-04] (Broadcom Corporation.)
3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [172704 2009-06-15] (Creative Technology Ltd.)
0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55280 2009-07-09] (Sonic Solutions)
3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-13] (Microsoft Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [215552 2009-05-08] (Realtek Semiconductor Corp.)
3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [448512 2010-01-07] (Realtek Semiconductor Corporation )
3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [487424 2009-06-28] (IDT, Inc.)
3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-13] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [393728 2009-05-19] (Marvell)

========================== NetSvcs ========================

============ One Month Created Files and Folders ==============

2011-07-07 02:30 - 2011-07-07 02:31 - 0000000 ____D C:\FRST
2011-07-06 02:45 - 2011-07-06 06:13 - 0000000 ____D C:\Emergency
2011-06-30 12:26 - 2011-06-30 12:34 - 51638483 ____A C:\Users\USER\palleelachan.flv
2011-06-30 12:06 - 2011-06-30 12:06 - 8383170 ____A C:\Users\USER\baby coking.mp4
2011-06-26 08:22 - 2011-06-26 08:22 - 4387501 ____A C:\Users\USER\OTTAKAM.mp4
2011-06-23 18:41 - 2011-06-23 18:43 - 23975615 ____A C:\Users\USER\Waka Waka (This Time for Africa) (The Official 2010 FIFA ....flv
2011-06-15 07:30 - 2011-05-28 00:22 - 9316352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-06-15 07:30 - 2011-05-27 23:38 - 5984256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-06-15 07:30 - 2011-05-27 22:07 - 3133952 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-06-15 07:30 - 2011-05-03 21:51 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-06-15 07:30 - 2011-05-03 21:51 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-06-15 07:30 - 2011-05-03 21:51 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-06-15 07:30 - 2011-04-26 21:57 - 0102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2011-06-15 07:30 - 2011-04-25 00:32 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-06-15 07:30 - 2011-04-24 21:44 - 0499712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-06-15 07:30 - 2011-04-22 15:13 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-06-15 07:30 - 2011-04-22 14:31 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-06-15 07:29 - 2011-05-27 22:25 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-06-15 07:29 - 2011-05-27 22:00 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-06-15 07:29 - 2011-05-03 00:21 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-06-15 07:29 - 2011-05-02 23:50 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-06-15 07:29 - 2011-04-28 22:13 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-06-15 07:29 - 2011-04-28 22:12 - 0399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-06-15 07:29 - 2011-04-28 22:12 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-06-15 07:29 - 2011-04-22 15:18 - 1500160 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-06-15 07:29 - 2011-04-22 15:18 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-06-15 07:29 - 2011-04-22 15:15 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-06-15 07:29 - 2011-04-22 15:14 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-06-15 07:29 - 2011-04-22 15:14 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-06-15 07:29 - 2011-04-22 15:14 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-06-15 07:29 - 2011-04-22 15:14 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-06-15 07:29 - 2011-04-22 15:13 - 2448896 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-06-15 07:29 - 2011-04-22 15:13 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-06-15 07:29 - 2011-04-22 15:13 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-06-15 07:29 - 2011-04-22 15:13 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-06-15 07:29 - 2011-04-22 15:13 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-06-15 07:29 - 2011-04-22 15:09 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-06-15 07:29 - 2011-04-22 14:31 - 2063360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 1229824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-06-15 07:29 - 2011-04-22 14:31 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-06-15 07:29 - 2011-04-22 14:30 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-06-15 07:29 - 2011-04-22 13:49 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-06-15 07:29 - 2011-04-22 13:23 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-06-15 07:29 - 2011-01-17 01:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2011-06-15 07:29 - 2011-01-17 00:38 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2011-06-15 07:29 - 2010-12-18 01:13 - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2011-06-15 07:29 - 2010-12-18 00:31 - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

============ 3 Months Modified Files and Folders =============

2011-07-07 02:31 - 2011-07-07 02:30 - 0000000 ____D C:\FRST
2011-07-06 22:47 - 2010-05-05 07:15 - 0000000 ____D C:\Windows\System32\Drivers\Avg
2011-07-06 22:47 - 2010-05-05 05:27 - 0000000 ____D C:\users\USER
2011-07-06 22:47 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\SysWOW64\wbem
2011-07-06 22:47 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\wfp
2011-07-06 22:47 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\wbem
2011-07-06 22:47 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\NDF
2011-07-06 22:47 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-07-06 22:47 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\AppCompat
2011-07-06 22:46 - 2011-05-28 13:53 - 0000000 ____D C:\Users\All Users\Easybits GO
2011-07-06 22:46 - 2011-05-28 13:53 - 0000000 ____D C:\Users\All Users\Application Data\Easybits GO
2011-07-06 22:46 - 2011-05-28 13:53 - 0000000 ____D C:\ProgramData\Easybits GO
2011-07-06 22:46 - 2010-06-04 00:31 - 0000000 ____D C:\Users\USER\Application Data\Skype
2011-07-06 22:46 - 2010-06-04 00:31 - 0000000 ____D C:\Users\USER\AppData\Roaming\Skype
2011-07-06 22:46 - 2010-06-03 00:09 - 0000000 ____D C:\Users\USER\Local Settings\Yahoo
2011-07-06 22:46 - 2010-06-03 00:09 - 0000000 ____D C:\Users\USER\Local Settings\Application Data\Yahoo
2011-07-06 22:46 - 2010-06-03 00:09 - 0000000 ____D C:\Users\USER\AppData\Local\Yahoo
2011-07-06 22:46 - 2010-05-05 05:31 - 0000000 ____D C:\Users\USER\Local Settings\VirtualStore
2011-07-06 22:46 - 2010-05-05 05:31 - 0000000 ____D C:\Users\USER\Local Settings\Application Data\VirtualStore
2011-07-06 22:46 - 2010-05-05 05:31 - 0000000 ____D C:\Users\USER\AppData\Local\VirtualStore
2011-07-06 22:46 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\registration
2011-07-06 06:13 - 2011-07-06 02:45 - 0000000 ____D C:\Emergency
2011-07-04 23:25 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\System32\LogFiles
2011-07-04 16:07 - 2010-02-18 04:18 - 1579438080 __ASH C:\hiberfil.sys
2011-07-04 16:06 - 2011-03-21 12:57 - 7412614 ___AH C:\Users\USER\Local Settings\IconCache.db
2011-07-04 16:06 - 2011-03-21 12:57 - 7412614 ___AH C:\Users\USER\Local Settings\Application Data\IconCache.db
2011-07-04 16:06 - 2011-03-21 12:57 - 7412614 ___AH C:\Users\USER\AppData\Local\IconCache.db
2011-07-04 16:02 - 2010-07-11 03:31 - 0003360 ____A C:\Users\USER\Application Data\wklnhst.dat
2011-07-04 16:02 - 2010-07-11 03:31 - 0003360 ____A C:\Users\USER\AppData\Roaming\wklnhst.dat
2011-07-04 15:59 - 2009-07-14 00:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2011-07-04 05:22 - 2010-05-27 04:43 - 0000000 ____D C:\Users\USER\Application Data\ActionVoip
2011-07-04 05:22 - 2010-05-27 04:43 - 0000000 ____D C:\Users\USER\AppData\Roaming\ActionVoip
2011-07-04 05:21 - 2011-05-28 13:53 - 0000000 ____D C:\Users\USER\Application Data\go
2011-07-04 05:21 - 2011-05-28 13:53 - 0000000 ____D C:\Users\USER\AppData\Roaming\go
2011-06-30 12:34 - 2011-06-30 12:26 - 51638483 ____A C:\Users\USER\palleelachan.flv
2011-06-30 12:06 - 2011-06-30 12:06 - 8383170 ____A C:\Users\USER\baby coking.mp4
2011-06-27 05:25 - 2009-07-14 00:10 - 2011505 ____A C:\Windows\WindowsUpdate.log
2011-06-27 05:22 - 2010-06-04 00:31 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-06-27 05:22 - 2010-02-18 02:53 - 0000071 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2011-06-27 05:22 - 2010-02-18 02:36 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2011-06-27 05:22 - 2009-07-14 00:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-06-27 05:22 - 2009-07-13 23:51 - 0110043 ____A C:\Windows\setupact.log
2011-06-26 18:19 - 2010-06-04 00:31 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-06-26 13:19 - 2009-07-13 23:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-06-26 13:19 - 2009-07-13 23:45 - 0014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-06-26 13:15 - 2009-07-14 00:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-06-26 13:15 - 2009-07-13 21:36 - 0628460 ____A C:\Windows\System32\perfh009.dat
2011-06-26 13:15 - 2009-07-13 21:36 - 0110612 ____A C:\Windows\System32\perfc009.dat
2011-06-26 08:22 - 2011-06-26 08:22 - 4387501 ____A C:\Users\USER\OTTAKAM.mp4
2011-06-24 14:12 - 2010-05-30 23:50 - 0000000 ____D C:\Users\USER\Application Data\vlc
2011-06-24 14:12 - 2010-05-30 23:50 - 0000000 ____D C:\Users\USER\AppData\Roaming\vlc
2011-06-24 08:54 - 2011-05-11 05:24 - 0000000 ____D C:\Users\USER\Local Settings\nimbuzz
2011-06-24 08:54 - 2011-05-11 05:24 - 0000000 ____D C:\Users\USER\Local Settings\Application Data\nimbuzz
2011-06-24 08:54 - 2011-05-11 05:24 - 0000000 ____D C:\Users\USER\AppData\Local\nimbuzz
2011-06-24 05:13 - 2010-05-26 23:46 - 0000000 ____D C:\Users\USER\SALAM
2011-06-23 18:43 - 2011-06-23 18:41 - 23975615 ____A C:\Users\USER\Waka Waka (This Time for Africa) (The Official 2010 FIFA ....flv
2011-06-22 12:51 - 2011-05-11 09:10 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-06-22 12:51 - 2011-05-11 09:10 - 0000000 ____D C:\Users\All Users\Application Data\Skype Extras
2011-06-22 12:51 - 2011-05-11 09:10 - 0000000 ____D C:\ProgramData\Skype Extras
2011-06-22 07:37 - 2010-09-23 11:30 - 0000000 ___HD C:\$AVG8.VAULT$
2011-06-16 15:03 - 2011-02-14 09:06 - 0001125 ____A C:\WildTangent Games App - dell.lnk
2011-06-16 08:46 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\Microsoft.NET
2011-06-15 14:14 - 2009-07-13 23:45 - 0337304 ____A C:\Windows\System32\FNTCACHE.DAT
2011-06-15 10:11 - 2010-05-05 07:50 - 49454024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-06-15 10:11 - 2010-02-18 02:38 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-06-15 10:11 - 2010-02-18 02:38 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2011-06-15 10:11 - 2010-02-18 02:38 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-06-15 10:10 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-06-09 08:30 - 2010-05-29 23:21 - 0000000 ____D C:\Users\USER\LONDON
2011-06-08 09:15 - 2010-05-26 23:53 - 0000000 ____D C:\Windows\Beyluxe Messenger
2011-06-06 05:58 - 2011-05-22 05:30 - 0000000 ____D C:\Users\USER\AMRTA TV PROGRAM
2011-05-30 15:32 - 2010-07-19 13:51 - 0000000 ____D C:\Users\USER\Application Data\Beyluxe
2011-05-30 15:32 - 2010-07-19 13:51 - 0000000 ____D C:\Users\USER\AppData\Roaming\Beyluxe
2011-05-29 17:05 - 2011-05-29 17:06 - 0001573 ____A C:\Users\USER\Zqvh89t[1].jpg
2011-05-28 12:44 - 2010-06-04 00:36 - 0000000 ____D C:\Users\USER\Application Data\skypePM
2011-05-28 12:44 - 2010-06-04 00:36 - 0000000 ____D C:\Users\USER\AppData\Roaming\skypePM
2011-05-28 00:22 - 2011-06-15 07:30 - 9316352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-05-27 23:38 - 2011-06-15 07:30 - 5984256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-05-27 22:25 - 2011-06-15 07:29 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-05-27 22:07 - 2011-06-15 07:30 - 3133952 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-05-27 22:00 - 2011-06-15 07:29 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-05-24 13:14 - 2010-05-05 07:19 - 0270720 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2011-05-21 04:08 - 2009-07-14 00:08 - 0032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-05-14 16:24 - 2010-05-05 06:05 - 0000000 ____D C:\Users\USER\Local Settings\Google
2011-05-14 16:24 - 2010-05-05 06:05 - 0000000 ____D C:\Users\USER\Local Settings\Application Data\Google
2011-05-14 16:24 - 2010-05-05 06:05 - 0000000 ____D C:\Users\USER\AppData\Local\Google
2011-05-11 09:11 - 2010-06-04 00:30 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-05-11 09:10 - 2011-05-11 09:10 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2011-05-11 09:10 - 2011-05-11 09:10 - 0002515 ____A C:\Users\All Users\Desktop\Skype.lnk
2011-05-11 09:10 - 2010-06-04 00:30 - 0000000 ____D C:\Users\All Users\Skype
2011-05-11 09:10 - 2010-06-04 00:30 - 0000000 ____D C:\Users\All Users\Application Data\Skype
2011-05-11 09:10 - 2010-06-04 00:30 - 0000000 ____D C:\ProgramData\Skype
2011-05-11 05:24 - 2011-05-11 05:24 - 0000957 ____A C:\Users\Public\Desktop\Nimbuzz.lnk
2011-05-11 05:24 - 2011-05-11 05:24 - 0000957 ____A C:\Users\All Users\Desktop\Nimbuzz.lnk
2011-05-11 05:24 - 2011-05-11 05:24 - 0000000 ____D C:\Program Files (x86)\Nimbuzz
2011-05-11 05:24 - 2009-07-13 22:20 - 0000000 ____D C:\Program Files (x86)
2011-05-10 08:23 - 2010-05-26 23:53 - 0000000 ____D C:\Program Files (x86)\Beyluxe Messenger
2011-05-10 08:21 - 2011-05-10 08:21 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2011-05-10 08:21 - 2011-05-10 08:21 - 0000000 ____D C:\Program Files (x86)\facemoods.com
2011-05-10 08:21 - 2010-05-05 05:27 - 0000000 ____D C:\Users\USER\AppData\LocalLow
2011-05-09 17:30 - 2011-05-09 14:59 - 0002272 ____A C:\Windows\IE9_main.log
2011-05-09 08:12 - 2010-08-18 10:34 - 0000000 ___RD C:\Users\USER\ALL
2011-05-07 16:43 - 2011-01-22 06:50 - 0000000 ____D C:\Users\USER\Local Settings\Microsoft Games
2011-05-07 16:43 - 2011-01-22 06:50 - 0000000 ____D C:\Users\USER\Local Settings\Application Data\Microsoft Games
2011-05-07 16:43 - 2011-01-22 06:50 - 0000000 ____D C:\Users\USER\AppData\Local\Microsoft Games
2011-05-07 16:35 - 2011-05-07 16:35 - 0002069 ____A C:\WildTangent Games App - wildgames.lnk
2011-05-05 05:34 - 2010-05-05 05:28 - 0080336 ____A C:\Users\USER\Local Settings\GDIPFONTCACHEV1.DAT
2011-05-05 05:34 - 2010-05-05 05:28 - 0080336 ____A C:\Users\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2011-05-05 05:34 - 2010-05-05 05:28 - 0080336 ____A C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
2011-05-03 21:51 - 2011-06-15 07:30 - 0287744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2011-05-03 21:51 - 2011-06-15 07:30 - 0157696 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2011-05-03 21:51 - 2011-06-15 07:30 - 0126464 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2011-05-03 04:11 - 2011-05-03 04:11 - 0271473 ____A C:\Users\USER\imagea[1].jpg
2011-05-03 00:21 - 2011-06-15 07:29 - 0976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2011-05-02 23:50 - 2011-06-15 07:29 - 0740864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2011-04-30 15:06 - 2009-07-13 22:20 - 0000000 ____D C:\Windows\rescache
2011-04-28 22:13 - 2011-06-15 07:29 - 0461312 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2011-04-28 22:12 - 2011-06-15 07:29 - 0399872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2011-04-28 22:12 - 2011-06-15 07:29 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2011-04-28 08:34 - 2010-02-18 04:18 - 0471956 ____A C:\Windows\PFRO.log
2011-04-26 21:57 - 2011-06-15 07:30 - 0102400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2011-04-25 00:32 - 2011-06-15 07:30 - 1896832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-04-24 21:44 - 2011-06-15 07:30 - 0499712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-04-22 15:18 - 2011-06-15 07:29 - 1500160 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-04-22 15:18 - 2011-06-15 07:29 - 1197056 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-04-22 15:18 - 2011-05-24 15:59 - 0027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2011-04-22 15:15 - 2011-06-15 07:29 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-04-22 15:14 - 2011-06-15 07:29 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-04-22 15:14 - 2011-06-15 07:29 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-04-22 15:14 - 2011-06-15 07:29 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-04-22 15:14 - 2011-06-15 07:29 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-04-22 15:13 - 2011-06-15 07:30 - 12372480 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-04-22 15:13 - 2011-06-15 07:29 - 2448896 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-04-22 15:13 - 2011-06-15 07:29 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-04-22 15:13 - 2011-06-15 07:29 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-04-22 15:13 - 2011-06-15 07:29 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-04-22 15:13 - 2011-06-15 07:29 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-04-22 15:09 - 2011-06-15 07:29 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-04-22 14:31 - 2011-06-15 07:30 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 2063360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 1229824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-04-22 14:31 - 2011-06-15 07:29 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-04-22 14:30 - 2011-06-15 07:29 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-04-22 13:49 - 2011-06-15 07:29 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-04-22 13:23 - 2011-06-15 07:29 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-04-18 06:24 - 2011-04-18 06:24 - 0000000 ____D C:\Users\All Users\TVU Networks
2011-04-18 06:24 - 2011-04-18 06:24 - 0000000 ____D C:\Users\All Users\Application Data\TVU Networks
2011-04-18 06:24 - 2011-04-18 06:24 - 0000000 ____D C:\ProgramData\TVU Networks
2011-04-18 06:24 - 2011-01-22 03:23 - 0000985 ____A C:\Users\Public\Desktop\TVUPlayer.lnk
2011-04-18 06:24 - 2011-01-22 03:23 - 0000985 ____A C:\Users\All Users\Desktop\TVUPlayer.lnk
2011-04-18 06:24 - 2010-10-17 08:14 - 0000000 ____D C:\Program Files (x86)\TVUPlayer
2011-04-11 14:32 - 2011-04-11 14:32 - 0000000 ____D C:\Users\USER\Local Settings\Microsoft Help
2011-04-11 14:32 - 2011-04-11 14:32 - 0000000 ____D C:\Users\USER\Local Settings\Application Data\Microsoft Help
2011-04-11 14:32 - 2011-04-11 14:32 - 0000000 ____D C:\Users\USER\AppData\Local\Microsoft Help
2011-04-09 01:58 - 2011-05-18 20:49 - 0142336 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2011-04-09 01:45 - 2011-05-11 04:43 - 5509504 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-04-09 01:13 - 2011-05-11 04:43 - 3957632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2011-04-09 01:13 - 2011-05-11 04:43 - 3901824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2011-04-09 00:56 - 2011-05-18 20:49 - 0123904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 2008.36 MB
Available physical RAM: 1532.18 MB
Total Pagefile: 2008.36 MB
Available Pagefile: 1502.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:162.42 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.7 GB) NTFS
5 Drive g: () (Removable) (Total:1.86 GB) (Free:0.31 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==========================================================

Last Boot: 2011-06-24 06:01

======================= End Of Log ==========================


Wating for your valuable support

This post has been edited by fxrv: 05 July 2011 - 02:57 PM

#2 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,815
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 05 July 2011 - 03:53 PM

Hi fxrv,

Welcome to Bleeping Computer.

Please give me a few minutes and I'll be back to assist you soon.
Posted Image

#3 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,815
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 05 July 2011 - 04:08 PM

Hi again,

Before fixing I would like you to give feedback about any suspicions activity before the issue occurred. Did you noticed anything prior to boot problem?
Posted Image

#4 User is offline   fxrv 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 19-December 10

Posted 06 July 2011 - 04:04 PM

Thanks a lot for your help.

My friend was using the system, and he told that suddenly antivirus expiry details came and shutdown..
After that this thing is happening again and again. I performed Dell Back up repair also..but same error again and again

:(

#5 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,815
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 06 July 2011 - 04:31 PM

Thanks for the feedback. :thumbup2:

Quote

I performed Dell Back up repair

What do you mean? You don't mean the recovery that reinstall the whole packet and brings the system back to the factory install like the day one you get the computer?

Please also tell me all the other steps you have taken, we don't want to redo things you have already done.
Posted Image

#6 User is offline   fxrv 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 19-December 10

Posted 07 July 2011 - 01:27 PM

No. Not like that, I just back up my all important data. and there is one restore settings in that advanced settings, but I dont think it is formating all and restoring. because the same bluescreen and startup repaire coming again..

sorry my english is not good :(

I tried these things:

Tried to restart in safe mode.
Tried this steps also http://www.sevenforums.com/tutorials/139576-startup-repair-infinite-loop-recovery.html
but still error....thts why I tried this ...the last thing I done was farbar scan tool

This post has been edited by fxrv: 07 July 2011 - 01:36 PM

#7 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,815
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 07 July 2011 - 04:14 PM

Thanks for the feedback, I know enough now.

Open notepad. Please copy the contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt 

cmd: bootrec /FixMbr
Control:


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart the computer and let it boot normally and tell me how it went. In case the startup repair started to run let it run to completion.
Posted Image

#8 User is offline   fxrv 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 19-December 10

Posted 08 July 2011 - 09:20 AM

Thanks a lot.. YOu Saved me.. :)

after clicking on the fix as per your instruction, I restarted and the PC booted Normally.Everything perfectly alright now.

Thanks for you help.


This is the Fixlog



Fix result of Farbars's Recovery Tool (FRST written by farbar version 2.1.2)
Ran by SYSTEM at 2011-07-10 04:00:58 R:1
Running from G:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

The operation completed successfully.


Thanks

Faris

#9 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,815
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 08 July 2011 - 10:56 AM

Great. :thumbsup:

Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.

There was a MBR infection on the machine. Should I assume you will take it from here or do you want me to take a look at the possible vulnerabilities?
Posted Image

#10 User is offline   fxrv 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 19-December 10

Posted 08 July 2011 - 01:57 PM

Thanks. I deleted C:/FRST and entire contents inside it
Sorry :( I didnt understand.
Is there any possible vulnerabilities still there in my system?
What should I take from here as you said..

thnks

#11 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,815
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 08 July 2011 - 02:41 PM

Let's make a thorough check. We start with the following.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Posted Image

#12 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,815
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 15 July 2011 - 04:40 PM

Are you still there and do you need assistance?
Posted Image

#13 User is offline   Farbar 

  • Just Curious
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 17,815
  • Joined: 08-December 07
  • Gender:Male
  • Location:The Netherlands

Posted 17 July 2011 - 07:44 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.
Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users