Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair Loop


  • This topic is locked This topic is locked
4 replies to this topic

#1 TConkling

TConkling

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 13 May 2012 - 09:36 PM

Ok, I'm trying to help a friend get her laptop going. It has the Startup Repair Loop which I surmise from other threads is a virus. the startup repair runs when the PC is turned on and never allows windows to start. All startup options including Safe Mode give the same result. I downloaded and ran frst64 and I will post the log below. I really appreciate any help, thanks.

Scan result of Farbar Recovery Scan Tool Version: 13-05-2012
Ran by SYSTEM at 13-05-2012 18:26:57
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [1832960 2009-04-07] (Eastman Kodak Company)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-08-18] (Apple Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [1832960 2009-04-07] (Eastman Kodak Company)
HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [593920 2011-08-22] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

==================== Services (Whitelisted) ======

2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [352848 2011-03-31] (Dritek System Inc.)
2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [873064 2011-02-22] (Acer Incorporated)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKDiscovery.exe [279960 2009-05-04] (Eastman Kodak Company)
2 KodakSvc; "C:\Program Files (x86)\Kodak\AiO\center\KodakSvc.exe" [32768 2009-04-17] (Eastman Kodak Company)
2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [1155704 2011-10-14] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-09-17] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-09-17] (Symantec Corporation)
3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\Drivers\htcnprot.sys [36928 2010-06-25] (Windows ® Win 7 DDK provider)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111104.030\IDSvia64.sys [488568 2011-09-15] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111107.003\ENG64.SYS [117880 2011-09-17] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111107.003\EX64.SYS [2048632 2011-09-17] (Symantec Corporation)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2011-03-09] (NTI Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NISx64\1207000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-17] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NISx64\1207000.00D\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [17408 2011-03-09] (NTI Corporation)
2 WZCSVC; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-13 18:26 - 2012-05-13 18:26 - 0000000 ____D C:\FRST
2012-04-13 04:04 - 2012-04-13 04:04 - 0000000 ____D C:\Users\Kitten\AppData\Roaming\Google

============ 3 Months Modified Files and Folders =============

2012-05-03 22:29 - 2012-01-14 11:05 - 0000000 ____D C:\Users\All Users\Google
2012-05-03 22:29 - 2012-01-14 11:05 - 0000000 ____D C:\ProgramData\Google
2012-05-03 22:29 - 2011-09-11 01:11 - 0000000 ____D C:\users\Kitten
2012-05-03 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-05-03 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-03 22:29 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-03 22:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-03 22:25 - 2011-12-30 13:42 - 0000000 ____D C:\Users\Kitten\AppData\Roaming\Yahoo!
2012-05-03 22:25 - 2011-09-11 01:14 - 0000000 ____D C:\Users\Kitten\AppData\Local\VirtualStore
2012-05-03 22:23 - 2011-12-15 08:18 - 0000000 ____D C:\Users\All Users\Kodak
2012-05-03 22:23 - 2011-12-15 08:18 - 0000000 ____D C:\ProgramData\Kodak
2012-04-16 16:36 - 2011-12-19 09:46 - 0000000 ____D C:\Users\Kitten\AppData\Local\Htc
2012-04-16 16:35 - 2011-04-22 06:34 - 1392693248 __ASH C:\hiberfil.sys
2012-04-16 14:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-16 14:02 - 2009-07-13 21:13 - 0727310 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-16 14:02 - 2009-07-13 20:45 - 0016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-16 14:02 - 2009-07-13 20:45 - 0016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-16 14:02 - 2009-07-13 18:36 - 0106942 ____A C:\Windows\System32\perfc009(41).dat
2012-04-16 13:58 - 2011-04-22 06:39 - 1200601 ____A C:\Windows\WindowsUpdate.log
2012-04-16 13:55 - 2012-01-14 11:06 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-16 13:55 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-16 13:54 - 2009-07-13 21:38 - 0067584 ___AS C:\Windows\bootstat(39).dat
2012-04-16 13:54 - 2009-07-13 20:51 - 0054121 ____A C:\Windows\setupact.log
2012-04-16 13:28 - 2012-01-14 11:06 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-16 13:16 - 2011-12-19 09:52 - 0000000 ____D C:\Users\Kitten\Documents\My Documents
2012-04-15 06:53 - 2012-01-22 14:56 - 0001286 ____A C:\Users\Kitten\Desktop\Play Roblox.lnk
2012-04-13 04:04 - 2012-04-13 04:04 - 0000000 ____D C:\Users\Kitten\AppData\Roaming\Google
2012-04-13 04:04 - 2012-01-14 11:05 - 0000000 ____D C:\Users\Kitten\AppData\Local\Google
2012-04-09 07:50 - 2011-03-24 21:30 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-04-09 07:49 - 2011-03-24 21:30 - 0000000 ____D C:\Users\All Users\Norton
2012-04-09 07:49 - 2011-03-24 21:30 - 0000000 ____D C:\ProgramData\Norton
2012-04-09 07:49 - 2011-03-24 20:48 - 0000000 ____D C:\Users\All Users\WildTangent
2012-04-09 07:49 - 2011-03-24 20:48 - 0000000 ____D C:\ProgramData\WildTangent
2012-04-08 15:31 - 2012-02-11 17:04 - 0000000 ____D C:\Users\Kitten\Documents\My Photos
2012-04-08 15:15 - 2011-09-17 01:58 - 0000000 ____D C:\Users\Kitten\AppData\Local\CrashDumps
2012-04-07 19:04 - 2012-04-07 19:04 - 0004594 ____A C:\Users\Kitten\govlog.dat
2012-04-07 19:04 - 2012-04-07 18:57 - 0000154 ____A C:\Users\Kitten\AppData\Local\svcxdcl32.dat
2012-03-31 11:02 - 2011-09-17 20:21 - 0000000 ____D C:\Users\Kitten\AppData\Roaming\Apple Computer
2012-03-30 13:32 - 2012-03-30 13:32 - 0000000 ____D C:\Users\Kitten\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2012-03-19 18:15 - 2012-03-19 18:15 - 0014275 ____A C:\Users\Kitten\Documents\article.docx
2012-03-19 18:13 - 2012-03-19 18:13 - 0000000 ___RD C:\Users\Kitten\Documents\Scanned Documents
2012-03-19 18:13 - 2012-03-19 18:13 - 0000000 ____D C:\Users\Kitten\Documents\Fax
2012-03-15 10:58 - 2011-12-19 09:44 - 0000000 ____D C:\Users\Kitten\AppData\Local\Downloaded Installations
2012-03-15 10:57 - 2011-04-22 06:46 - 0063424 ____A C:\Windows\DPINST.LOG
2012-03-15 05:27 - 2012-02-09 18:09 - 0000000 ____D C:\Users\Kitten\AppData\Local\ElevatedDiagnostics
2012-03-15 03:44 - 2009-07-13 20:45 - 0274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 20:48 - 2012-03-14 20:47 - 0000000 ____D C:\Users\Kitten\AppData\Local\{FBBB68DF-A2C5-463F-9CF6-71029E7B2829}
2012-03-14 20:47 - 2012-03-14 20:47 - 0000000 ____D C:\Users\Kitten\AppData\Local\{83D60C12-B620-419C-866C-68ADF8EDCC52}
2012-03-13 15:25 - 2012-03-13 15:25 - 0000000 ____D C:\Users\Kitten\AppData\Local\{CDA0A98E-8F7A-42D3-91F3-2DCA3BD3A90B}
2012-03-13 15:25 - 2012-03-13 15:25 - 0000000 ____D C:\Users\Kitten\AppData\Local\{82E19B1B-0333-451C-A577-7BF81F1F797B}
2012-03-08 14:45 - 2012-03-08 14:45 - 0000000 ____D C:\Users\Kitten\AppData\Local\{C9199EA2-BB66-4A6E-BA15-506CA7CDD4F6}
2012-03-08 14:45 - 2012-03-08 14:45 - 0000000 ____D C:\Users\Kitten\AppData\Local\{946F4F78-B705-4771-92C2-BE034CF8719D}
2012-03-05 22:53 - 2012-04-11 03:10 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-11 03:10 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-11 03:10 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-05 07:34 - 2012-03-05 07:34 - 0000000 ____D C:\Users\Kitten\AppData\Local\{641B0969-D657-4E3A-A8B1-6616314379A6}
2012-03-05 07:34 - 2012-03-05 07:34 - 0000000 ____D C:\Users\Kitten\AppData\Local\{2A4B651E-7755-4FF2-A58E-9FCF085B82DA}
2012-03-04 07:50 - 2012-03-04 07:50 - 0000000 ____D C:\Users\Kitten\AppData\Local\{55F179E1-FA07-4688-9696-D3FFF585AC76}
2012-03-04 07:50 - 2012-03-04 07:49 - 0000000 ____D C:\Users\Kitten\AppData\Local\{A8DADA4F-49B5-48C7-990F-305FF6E6F5D1}
2012-02-29 22:46 - 2012-04-11 03:10 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-11 03:10 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-11 03:10 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-11 03:10 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-11 03:10 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-11 03:10 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-11 03:10 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-11 03:11 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-11 03:11 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-11 03:11 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-11 03:11 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-11 03:11 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-11 03:11 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-11 03:11 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-11 03:11 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-11 03:11 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-11 03:11 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-11 03:11 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-11 03:11 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-11 03:11 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-11 03:11 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-11 03:11 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-11 03:11 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-11 03:11 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-11 03:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-11 03:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-11 03:11 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-11 03:11 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-11 03:11 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-11 03:11 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-11 03:11 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-11 03:11 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-11 03:11 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-24 22:02 - 2012-02-24 22:01 - 0000000 ____D C:\Users\Kitten\AppData\Local\{079B906C-277C-4A1E-AA59-F451CA654E49}
2012-02-24 22:01 - 2012-02-24 22:01 - 0000000 ____D C:\Users\Kitten\AppData\Local\{A1F873AE-AE8D-43D0-BBB6-F8CCC08223C9}
2012-02-23 06:18 - 2010-11-20 19:27 - 0279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-16 22:38 - 2012-03-14 03:22 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 03:22 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 03:22 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 03:22 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 05:05 - 2011-09-11 01:11 - 0000174 ___SH C:\Users\Kitten\Start Menu\Programs\Startup\desktop.ini
2012-02-15 05:05 - 2011-09-11 01:11 - 0000174 ___SH C:\Users\Kitten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 05:01 - 2009-07-13 21:08 - 0027674 ____A C:\Windows\Tasks\SCHEDLGU(42).TXT
2012-02-15 05:01 - 2009-07-13 21:08 - 0026924 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-15 04:59 - 2011-03-24 21:16 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 04:59 - 2010-11-20 19:47 - 0006294 ____A C:\Windows\PFRO.log
2012-02-15 04:29 - 2011-11-16 14:27 - 0743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-15 04:29 - 2011-11-16 14:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 31%
Total physical RAM: 1770.9 MB
Available physical RAM: 1209.77 MB
Total Pagefile: 1770.9 MB
Available Pagefile: 1197.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (eMachines) (Fixed) (Total:217.79 GB) (Free:173.23 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.37 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7640 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 217 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C eMachines NTFS Partition 217 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7636 MB 4032 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H KINGSTON FAT32 Removable 7636 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-09 18:22

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 16 May 2012 - 08:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please try the fix suggested in this topic.

http://www.sevenforums.com/tutorials/139576-startup-repair-infinite-loop-recovery.html

If at any time you need help to continue ask before proceeding.

Keep me posted.

#3 TConkling

TConkling
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:03 AM

Posted 21 May 2012 - 02:16 PM

Thanks for the instructions, been out of town and just got home. I will try it tonight and report back on the results.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 27 May 2012 - 07:58 AM

Are you still with me?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:03 AM

Posted 02 June 2012 - 07:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users