Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64bit will not start up ci.dll is corrupt


  • This topic is locked This topic is locked
2 replies to this topic

#1 Murph99

Murph99

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 31 August 2011 - 02:16 PM

Hi, thank you for reading.

I cannot seem to start my Windows 7 64-bit laptop. It boots to Startup Repair and then says repair has failed then asks to send the info to M$. I cannot get the pc to boot into safe mode, but if I disable driver signing from the F8 menu options, then Windows 7 will start up and I can login. When I am able to boot using the disable driver signing I am able to bring up the AVG scan which then detects a virus which I send to the vault. I also delet programs using CCleaner, fix the registry and install windows updates. I then reboot to whch the same issue of booting is discovered and once booted all my work has disappeared. Thank you in advance for any help :)

I used your FRST64 program and it generated this log:




Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.1
Ran by SYSTEM at 2011-08-31 11:52:18
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2747744 2011-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKU\Norman\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x]
HKU\Norman\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [16949128 2011-03-01] (Skype Technologies S.A.)
HKU\Norman\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-17] (Google Inc.)
HKU\Norman\...\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 [67456 2011-01-21] (Uniblue Systems Limited)

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [6128720 2011-01-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [265400 2010-10-22] (AVG Technologies CZ, s.r.o.)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [157264 2010-08-03] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [27216 2010-09-13] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [35920 2010-08-03] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [308304 2010-12-08] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41040 2010-09-07] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [30288 2010-09-07] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [382032 2010-11-12] (AVG Technologies CZ, s.r.o.)
3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [15360 2010-09-02] (June Fabrics Technology Inc.)
3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [125344 2010-01-29] (MCCI Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-08-31 11:52 - 2011-08-31 11:52 - 0000000 ____D C:\FRST
2011-08-31 10:02 - 2011-08-31 11:18 - 0000000 ____D C:\Program Files\CCleaner
2011-08-31 09:35 - 2011-08-31 10:11 - 0524288 __ASH C:\Windows\System32\config\components{f9446758-d3f6-11e0-968e-5442492b8d3f}.TMContainer00000000000000000001.regtrans-ms
2011-08-31 09:35 - 2011-08-31 10:11 - 0065536 __ASH C:\Windows\System32\config\components{f9446758-d3f6-11e0-968e-5442492b8d3f}.TM.blf
2011-08-31 09:35 - 2011-08-31 09:59 - 0524288 __ASH C:\Windows\System32\config\components{f9446758-d3f6-11e0-968e-5442492b8d3f}.TMContainer00000000000000000002.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 1048576 __ASH C:\Windows\System32\config\components{2fe09a64-d383-11e0-8b24-5442492b8d3f}.TxR.2.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 1048576 __ASH C:\Windows\System32\config\components{2fe09a64-d383-11e0-8b24-5442492b8d3f}.TxR.1.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 1048576 __ASH C:\Windows\System32\config\components{2fe09a64-d383-11e0-8b24-5442492b8d3f}.TxR.0.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 0524288 __ASH C:\Windows\System32\config\components{2fe09a65-d383-11e0-8b24-5442492b8d3f}.TMContainer00000000000000000002.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 0524288 __ASH C:\Windows\System32\config\components{2fe09a65-d383-11e0-8b24-5442492b8d3f}.TMContainer00000000000000000001.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 0065536 __ASH C:\Windows\System32\config\components{2fe09a65-d383-11e0-8b24-5442492b8d3f}.TM.blf
2011-08-30 19:47 - 2011-08-30 19:47 - 0065536 __ASH C:\Windows\System32\config\components{2fe09a64-d383-11e0-8b24-5442492b8d3f}.TxR.blf
2011-08-30 13:04 - 2011-08-31 10:04 - 2835869 ___AH C:\Users\Norman\AppData\Local\IconCache.db
2011-08-30 13:03 - 2011-08-31 09:44 - 0006392 ____A C:\Users\Norman\Desktop\Windows Compatibility Report.htm
2011-08-30 13:00 - 2011-08-30 13:05 - 0524288 __ASH C:\Windows\System32\config\components{706b91bb-d346-11e0-96bd-5442492b8d3f}.TMContainer00000000000000000002.regtrans-ms
2011-08-30 13:00 - 2011-08-30 13:05 - 0524288 __ASH C:\Windows\System32\config\components{706b91bb-d346-11e0-96bd-5442492b8d3f}.TMContainer00000000000000000001.regtrans-ms
2011-08-30 13:00 - 2011-08-30 13:05 - 0065536 __ASH C:\Windows\System32\config\components{706b91bb-d346-11e0-96bd-5442492b8d3f}.TM.blf
2011-08-29 20:21 - 2011-08-29 22:01 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-08-29 20:21 - 2011-08-29 22:01 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-08-29 20:21 - 2011-08-29 22:01 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

============ 3 Months Modified Files and Folders =============

2011-08-31 11:52 - 2011-08-31 11:52 - 0000000 ____D C:\FRST
2011-08-31 11:18 - 2011-08-31 10:02 - 0000000 ____D C:\Program Files\CCleaner
2011-08-31 11:18 - 2011-03-19 14:55 - 0000000 ____D C:\Windows\Minidump
2011-08-31 11:18 - 2011-03-15 21:41 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-08-31 11:18 - 2011-03-15 21:39 - 0000000 ____D C:\Program Files\Bonjour
2011-08-31 11:18 - 2011-03-15 05:40 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2011-08-31 11:18 - 2011-03-14 12:43 - 0000000 ____D C:\users\Norman
2011-08-31 11:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2011-08-31 11:14 - 2011-06-13 11:53 - 0000000 ____D C:\Users\Norman\AppData\Local\Adobe
2011-08-31 11:14 - 2011-06-13 11:24 - 0000000 ____D C:\Program Files (x86)\Safari
2011-08-31 11:14 - 2011-06-13 10:48 - 0000000 ____D C:\Program Files\Alwil Software
2011-08-31 11:14 - 2011-03-18 07:52 - 0000000 ____D C:\Users\Norman\Documents\My Downloads
2011-08-31 11:14 - 2011-03-18 07:35 - 0000000 ____D C:\Program Files (x86)\Uniblue
2011-08-31 11:14 - 2011-03-18 07:27 - 0000000 ____D C:\Users\Norman\FrostWire
2011-08-31 11:14 - 2011-03-17 18:20 - 0000000 ____D C:\Users\Norman\AppData\Roaming\Skype
2011-08-31 11:14 - 2011-03-15 21:41 - 0000000 ____D C:\Program Files\iTunes
2011-08-31 11:14 - 2011-03-15 21:41 - 0000000 ____D C:\Program Files\iPod
2011-08-31 11:14 - 2011-03-15 05:43 - 0000000 ____D C:\Users\Norman\AppData\Roaming\AVG10
2011-08-31 11:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2011-08-31 10:11 - 2011-08-31 09:35 - 0524288 __ASH C:\Windows\System32\config\components{f9446758-d3f6-11e0-968e-5442492b8d3f}.TMContainer00000000000000000001.regtrans-ms
2011-08-31 10:11 - 2011-08-31 09:35 - 0065536 __ASH C:\Windows\System32\config\components{f9446758-d3f6-11e0-968e-5442492b8d3f}.TM.blf
2011-08-31 10:04 - 2011-08-30 13:04 - 2835869 ___AH C:\Users\Norman\AppData\Local\IconCache.db
2011-08-31 09:59 - 2011-08-31 09:35 - 0524288 __ASH C:\Windows\System32\config\components{f9446758-d3f6-11e0-968e-5442492b8d3f}.TMContainer00000000000000000002.regtrans-ms
2011-08-31 09:44 - 2011-08-30 13:03 - 0006392 ____A C:\Users\Norman\Desktop\Windows Compatibility Report.htm
2011-08-31 09:31 - 2011-03-14 14:37 - 3015884800 __ASH C:\hiberfil.sys
2011-08-30 19:47 - 2011-08-30 19:47 - 1048576 __ASH C:\Windows\System32\config\components{2fe09a64-d383-11e0-8b24-5442492b8d3f}.TxR.2.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 1048576 __ASH C:\Windows\System32\config\components{2fe09a64-d383-11e0-8b24-5442492b8d3f}.TxR.1.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 1048576 __ASH C:\Windows\System32\config\components{2fe09a64-d383-11e0-8b24-5442492b8d3f}.TxR.0.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 0524288 __ASH C:\Windows\System32\config\components{2fe09a65-d383-11e0-8b24-5442492b8d3f}.TMContainer00000000000000000002.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 0524288 __ASH C:\Windows\System32\config\components{2fe09a65-d383-11e0-8b24-5442492b8d3f}.TMContainer00000000000000000001.regtrans-ms
2011-08-30 19:47 - 2011-08-30 19:47 - 0065536 __ASH C:\Windows\System32\config\components{2fe09a65-d383-11e0-8b24-5442492b8d3f}.TM.blf
2011-08-30 19:47 - 2011-08-30 19:47 - 0065536 __ASH C:\Windows\System32\config\components{2fe09a64-d383-11e0-8b24-5442492b8d3f}.TxR.blf
2011-08-30 19:47 - 2011-03-14 14:39 - 1595824 ____A C:\Windows\WindowsUpdate.log
2011-08-30 19:46 - 2009-07-13 21:13 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2011-08-30 19:45 - 2009-07-13 20:45 - 0014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-08-30 19:45 - 2009-07-13 20:45 - 0014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-08-30 19:44 - 2011-03-15 05:07 - 0062528 ____A C:\Users\Norman\AppData\Local\GDIPFONTCACHEV1.DAT
2011-08-30 19:44 - 2009-07-13 20:51 - 0032566 ____A C:\Windows\setupact.log
2011-08-30 19:43 - 2011-03-18 07:36 - 0000346 ____A C:\Windows\Tasks\RegistryBooster.job
2011-08-30 19:42 - 2011-03-17 18:21 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-08-30 19:42 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-08-30 19:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2011-08-30 14:11 - 2011-06-18 02:29 - 0000000 ____D C:\Users\All Users\Skype Extras
2011-08-30 14:11 - 2011-06-18 02:29 - 0000000 ____D C:\ProgramData\Skype Extras
2011-08-30 14:11 - 2011-06-15 23:25 - 0000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-08-30 14:11 - 2011-06-15 18:11 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-08-30 14:11 - 2011-06-13 12:28 - 0000000 ____D C:\Program Files (x86)\Roxio
2011-08-30 14:11 - 2011-06-13 11:20 - 0000000 ____D C:\Program Files (x86)\TuneUpMedia
2011-08-30 14:11 - 2011-05-28 19:56 - 0000000 ____D C:\Users\All Users\Easybits GO
2011-08-30 14:11 - 2011-05-28 19:56 - 0000000 ____D C:\ProgramData\Easybits GO
2011-08-30 14:11 - 2011-03-18 07:35 - 0000000 ___HD C:\Users\All Users\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-08-30 14:11 - 2011-03-18 07:35 - 0000000 ___HD C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-08-30 14:11 - 2011-03-18 07:26 - 0000000 ____D C:\Program Files (x86)\FrostWire
2011-08-30 14:11 - 2011-03-18 07:25 - 0000000 ____D C:\Program Files (x86)\Ask.com
2011-08-30 14:11 - 2011-03-17 18:20 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-08-30 14:11 - 2011-03-15 21:54 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2011-08-30 14:11 - 2011-03-15 21:54 - 0000000 ____D C:\Program Files (x86)\Free Offers from Freeze.com
2011-08-30 14:11 - 2011-03-15 21:39 - 0000000 ____D C:\Program Files (x86)\Bonjour
2011-08-30 14:11 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2011-08-30 14:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2011-08-30 14:11 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-08-30 14:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\servicing
2011-08-30 14:08 - 2011-05-04 11:12 - 0000000 ____D C:\Users\Norman\AppData\Local\Microsoft Games
2011-08-30 14:08 - 2011-04-21 16:19 - 0000000 ____D C:\Users\Norman\AppData\Roaming\Intuit
2011-08-30 14:08 - 2011-04-21 16:16 - 0000000 ____D C:\Users\All Users\Intuit
2011-08-30 14:08 - 2011-04-21 16:16 - 0000000 ____D C:\ProgramData\Intuit
2011-08-30 14:08 - 2011-04-21 16:16 - 0000000 ____D C:\Program Files (x86)\TurboTax
2011-08-30 14:08 - 2011-04-12 19:33 - 0000000 ____D C:\Program Files (x86)\PdaNet for Android
2011-08-30 14:08 - 2011-03-18 07:27 - 0000000 ____D C:\Users\Norman\AppData\Roaming\FrostWire
2011-08-30 14:08 - 2011-03-18 07:26 - 0000000 ____D C:\Program Files (x86)\Java
2011-08-30 14:08 - 2011-03-17 18:21 - 0000000 ____D C:\Program Files\Google
2011-08-30 14:08 - 2011-03-17 18:20 - 0000000 ____D C:\Users\All Users\Skype
2011-08-30 14:08 - 2011-03-17 18:20 - 0000000 ____D C:\Users\All Users\Google
2011-08-30 14:08 - 2011-03-17 18:20 - 0000000 ____D C:\ProgramData\Skype
2011-08-30 14:08 - 2011-03-17 18:20 - 0000000 ____D C:\ProgramData\Google
2011-08-30 14:08 - 2011-03-17 18:20 - 0000000 ____D C:\Program Files (x86)\Google
2011-08-30 14:08 - 2011-03-15 21:59 - 0000000 ____D C:\Users\Norman\AppData\Roaming\com.w3i.intune
2011-08-30 14:08 - 2011-03-15 21:41 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-08-30 14:08 - 2011-03-15 21:41 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-08-30 14:08 - 2011-03-15 21:40 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-08-30 14:08 - 2011-03-15 21:40 - 0000000 ____D C:\ProgramData\Apple Computer
2011-08-30 14:08 - 2011-03-15 21:40 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-08-30 14:08 - 2011-03-15 21:39 - 0000000 ____D C:\Users\All Users\Apple
2011-08-30 14:08 - 2011-03-15 21:39 - 0000000 ____D C:\ProgramData\Apple
2011-08-30 14:08 - 2011-03-15 21:39 - 0000000 ____D C:\Program Files\Common Files\Apple
2011-08-30 14:08 - 2011-03-15 21:39 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2011-08-30 14:08 - 2011-03-14 12:43 - 0000000 ____D C:\Users\Norman\AppData\LocalLow
2011-08-30 14:08 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2011-08-30 13:05 - 2011-08-30 13:00 - 0524288 __ASH C:\Windows\System32\config\components{706b91bb-d346-11e0-96bd-5442492b8d3f}.TMContainer00000000000000000002.regtrans-ms
2011-08-30 13:05 - 2011-08-30 13:00 - 0524288 __ASH C:\Windows\System32\config\components{706b91bb-d346-11e0-96bd-5442492b8d3f}.TMContainer00000000000000000001.regtrans-ms
2011-08-30 13:05 - 2011-08-30 13:00 - 0065536 __ASH C:\Windows\System32\config\components{706b91bb-d346-11e0-96bd-5442492b8d3f}.TM.blf
2011-08-30 12:37 - 2011-06-13 10:31 - 0049344 ____A C:\CybDefInstallInfo.log
2011-08-30 12:29 - 2011-05-28 19:56 - 0000000 ____D C:\Users\Norman\AppData\Roaming\go
2011-08-29 22:01 - 2011-08-29 20:21 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-08-29 22:01 - 2011-08-29 20:21 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-08-29 22:01 - 2011-08-29 20:21 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2011-08-29 21:58 - 2011-06-13 12:40 - 0000000 ____D C:\Users\All Users\Uninstall
2011-08-29 21:58 - 2011-06-13 12:40 - 0000000 ____D C:\ProgramData\Uninstall
2011-08-29 21:57 - 2011-06-13 12:31 - 0000000 ____D C:\Users\All Users\Roxio
2011-08-29 21:57 - 2011-06-13 12:31 - 0000000 ____D C:\ProgramData\Roxio
2011-08-29 21:57 - 2011-06-13 12:08 - 0000000 ____D C:\Users\All Users\DivoGames
2011-08-29 21:57 - 2011-06-13 12:08 - 0000000 ____D C:\ProgramData\DivoGames
2011-08-29 21:57 - 2011-06-13 10:48 - 0000000 ____D C:\Users\All Users\Alwil Software
2011-08-29 21:57 - 2011-06-13 10:48 - 0000000 ____D C:\ProgramData\Alwil Software
2011-08-29 21:56 - 2011-06-13 11:58 - 0000000 ____D C:\Program Files (x86)\games
2011-08-29 21:55 - 2011-06-13 11:54 - 0000000 ____D C:\Program Files (x86)\Adobe
2011-08-29 20:19 - 2009-07-13 20:54 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
2011-08-29 20:19 - 2009-07-13 20:54 - 0524288 __ASH C:\Windows\System32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
2011-08-29 20:19 - 2009-07-13 20:54 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
2011-08-29 20:06 - 2011-03-17 18:21 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-08-29 20:05 - 2009-07-13 21:38 - 0067584 ___AS C:\Windows\bootstat(157).dat
2011-08-29 18:23 - 2011-05-04 06:20 - 0000000 ____D C:\Users\Norman\AppData\Local\ElevatedDiagnostics
2011-06-20 01:18 - 2009-07-13 23:44 - 0000000 ___RD C:\Users\Public\Recorded TV
2011-06-19 18:41 - 2011-06-19 18:30 - 0000019 ____A C:\Users\All Users\4022eebe
2011-06-19 18:41 - 2011-06-19 18:30 - 0000019 ____A C:\ProgramData\4022eebe
2011-06-19 00:27 - 2011-06-13 13:21 - 0000113 ____A C:\CybDefWebInstaller.log
2011-06-18 10:20 - 2011-06-18 10:20 - 0000000 ___AH C:\Users\Norman\Desktop\yqhrzyistq.tmp
2011-06-13 12:50 - 2011-06-13 12:50 - 0000000 ____D C:\Users\Norman\AppData\Roaming\Roxio
2011-06-13 12:28 - 2011-06-13 12:28 - 0000000 ____D C:\Users\All Users\Sonic
2011-06-13 12:28 - 2011-06-13 12:28 - 0000000 ____D C:\ProgramData\Sonic
2011-06-13 12:21 - 2011-06-13 12:21 - 0000000 ____D C:\Users\Norman\AppData\Roaming\Roxio Log Files
2011-06-13 12:11 - 2011-06-13 12:11 - 0000000 ____D C:\Users\Norman\AppData\Roaming\Wildfire
2011-06-13 11:57 - 2011-03-17 18:21 - 0000000 ____D C:\Users\Norman\AppData\Local\Google
2011-06-13 11:55 - 2011-06-13 11:54 - 0000000 ____D C:\Users\All Users\Adobe
2011-06-13 11:55 - 2011-06-13 11:54 - 0000000 ____D C:\ProgramData\Adobe
2011-06-13 11:32 - 2011-06-13 11:18 - 0000000 ____D C:\Users\Norman\AppData\Local\OpenCandy
2011-06-13 11:24 - 2011-03-15 21:42 - 0000000 ____D C:\Users\Norman\AppData\Local\Apple Computer
2011-06-11 17:27 - 2011-06-05 14:25 - 0013468 __ASH C:\Users\Norman\AppData\Local\8f2gvu11wnj076224dw377dm
2011-06-11 17:27 - 2011-06-05 14:25 - 0013468 __ASH C:\Users\All Users\8f2gvu11wnj076224dw377dm
2011-06-11 17:27 - 2011-06-05 14:25 - 0013468 __ASH C:\ProgramData\8f2gvu11wnj076224dw377dm

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3834.9 MB
Available physical RAM: 3267.62 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3248.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:264.87 GB) NTFS
3 Drive f: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.5 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==========================================================

Last Boot: 2011-08-29 17:42

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:11 AM

Posted 01 September 2011 - 09:25 AM

Hello Murph99,

Welcome to Bleeping computer.:)

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2011-06-19 18:41 - 2011-06-19 18:30 - 0000019 ____A C:\Users\All Users\4022eebe
2011-06-19 18:41 - 2011-06-19 18:30 - 0000019 ____A C:\ProgramData\4022eebe
2011-06-11 17:27 - 2011-06-05 14:25 - 0013468 __ASH C:\Users\Norman\AppData\Local\8f2gvu11wnj076224dw377dm
2011-06-11 17:27 - 2011-06-05 14:25 - 0013468 __ASH C:\Users\All Users\8f2gvu11wnj076224dw377dm
2011-06-11 17:27 - 2011-06-05 14:25 - 0013468 __ASH C:\ProgramData\8f2gvu11wnj076224dw377dm
cmd: bootrec /FixMbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart the computer and let it boot normally and tell me how it went.

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:11 AM

Posted 08 September 2011 - 08:32 AM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users