Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup repair problem


  • This topic is locked This topic is locked
14 replies to this topic

#1 stergios

stergios

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 18 August 2012 - 05:11 PM

Attached File  FRST.txt   7.58KB   16 downloadsHello everyone! I searched the BleepingComputer site and found two post that are similar to the problem I face with my sister's laptop

http://www.bleepingcomputer.com/forums/topic411285.html

http://www.bleepingcomputer.com/forums/topic411964.html

It goes from the starting windows screen then goes black, glitches to a blue screen then restarts immediately into StartupRepair and says

"Startup Repair cannot repair this computer automatically" then gives me this info

Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 4
Problem Signature 05: AutoFailover
Problem Signature 06: 1
Problem Signature 07: BadDisk
OS Version: 6.1.7600.2.0.0.256.1
LocaleID: 1033

Here is some more descriptive detail of the problem:

When I turn on my machine, I cannot get to the main logon screen, instead...


1st screen: It will flash the hp Logo
2nd screen: Displays "Starting Windows". It also flashes the WINDOWS LOGO.
3rd screen: At the bottom of the screen, a progress bar flashes and it states "Windows is loading files"
4th screen: "Microsoft Corporation ®" dislpalys, with a progress bar.


5th screen: Pop-up/dialogue box: [has a standard,blue windows background]
_______________________________________________________________________________________________
|TITLE: "STARTUP REPAIR": Startup Repair |
| |
|TEXT: "If problems are found, Startup Repair windows will fix them automatically. Your |
|computer may restart several times during this process. No changes will be made to your |
|personal files or information. This might take several minutes." |
| |
| "Searching for problems" [shown w/progress bar] |
| |
_________________________________________________________________________________________________



6th screen: Pop-up/dialogue box:
_______________________________________________________________________________________________
|"STARTUP REPAIR: Startup Repair cannot repair this computer automatically" |
|"Sending more information can help Microsoft create solutions. |
| |
| -> Send information about this problem (recommended) [button] |
| -> Don't Send [button] |
| -> "View problem details" [drop-down arrow/button] |
________________________________________________________________________________________________



or sometimes this screen.....
_________________________________________________________________________________________________
|"STARTUP REPAIR": "Windows cannot repair this computer automatically" |
|"If you have recently attached a device to this computer, such as a camera or a portable music |
|player, romove it and restart your computer. If you continue to see this message, contact your|
|system administrator manufacturer for assistance." |
| |
| "Click Finish to exit and shut down your computer." |
| |
| |
| View diagnostic and repair details [link] |
| View advanced options for system recovery and support [link] |
| |
| |
| FINSH[button] CANCEL[button] |

the problem details are as I wrote above

Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 4
Problem Signature 05: AutoFailover
Problem Signature 06: 1
Problem Signature 07: BadDisk
OS Version: 6.1.7600.2.0.0.256.1
LocaleID: 1033

I select the "View advanced options for system recovery and support"
then I select a keyboard input method [Next]

and a pop up screen appears
|RecEnv.exe - Corrupt File|
| |
|The file or directory C:\Windows\System32\config is corrupt and unreadable. Please run the Chkdsk utility |
|OK[button]|

while in the background appears the System Recovery Options.

Thank you for your help in advance. I hope you may help me :)

I also created the txt file you ask for running the FRST. exe



ps. sorry for my bad english

Edited by stergios, 18 August 2012 - 05:58 PM.


BC AdBot (Login to Remove)

 


#2 stergios

stergios
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 18 August 2012 - 05:43 PM

the txt is

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 20 August 2012 - 08:11 AM

Hello stergios,

Welcome to the forum.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-08-18 01:16
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart, let it boot normally and tell me how it went.

#4 stergios

stergios
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 20 August 2012 - 04:43 PM

You are great, excellent and awsome! it works like it never had a problem! Thank you thank you thank you!!!

Attached Files



#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 20 August 2012 - 04:51 PM

Great, and you are most welcome. :thumbup2:

The system hive was missing. I would like to see a fresh FRST.txt to see if everything is alright and there is no bad service there.

#6 stergios

stergios
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 20 August 2012 - 05:06 PM

Sorry for the delay it took it a while to finish scanning.

#7 stergios

stergios
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 20 August 2012 - 05:09 PM

I am sorry I forgot to press attach this file. Any idea what caused it?

Attached Files

  • Attached File  FRST.txt   15.16KB   5 downloads

Edited by stergios, 20 August 2012 - 05:18 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 20 August 2012 - 05:51 PM

I wanted to see what might be the cause, but can't tell yet.:)

The tool is not run from recovery environment, so I can't see a full log. Please enter System Recovery Options and select Command Prompt.
Run FRST, click Scan and post the log it makes.

#9 stergios

stergios
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 20 August 2012 - 06:04 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 18-08-2012
Ran by τινα at 21-08-2012 02:00:23
Running from E:\
(X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-08-21 11:37 - 2012-08-21 11:37 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-08-21 11:37 - 2012-08-21 02:00 - 00000000 ____D C:\FRST
2012-08-21 00:40 - 2012-08-21 00:40 - 00000000 ____D C:\Users\τινα\AppData\Local\Adobe
2012-08-21 00:38 - 2012-08-21 00:38 - 00000020 ___SH C:\Users\τινα\ntuser.ini
2012-08-21 00:38 - 2012-08-21 00:38 - 00000000 ____D C:\Users\τινα\AppData\Local\VirtualStore
2012-08-20 03:26 - 2012-08-20 03:26 - 00000000 __SHD C:\found.000
2012-08-15 15:20 - 2012-08-15 15:20 - 00412160 ____A C:\Users\τινα\Downloads\XARTES_IGME.XLS
2012-08-12 22:21 - 2012-08-12 22:21 - 00047894 ____A C:\Users\τινα\Desktop\pretty.txt
2012-08-12 22:20 - 2012-08-12 22:20 - 00047894 ____A C:\Users\τινα\Desktop\1.txt
2012-08-12 19:30 - 2012-08-12 19:30 - 00019997 ____A C:\Users\τινα\Downloads\Pretty Little Liars_3x09_HDTV.LOL.gr.zip
2012-08-12 19:01 - 2012-08-12 19:01 - 00021400 ____A C:\Users\τινα\Downloads\[kat.ph]pretty.little.liars.s03e09.hdtv.x264.lol.ettv (1).torrent
2012-08-12 18:59 - 2012-08-12 19:00 - 00021400 ____A C:\Users\τινα\Downloads\[kat.ph]pretty.little.liars.s03e09.hdtv.x264.lol.ettv.torrent
2012-08-02 13:22 - 2012-08-02 13:23 - 00138880 ____A C:\Windows\Minidump\080212-32078-01.dmp
2012-07-23 15:53 - 2012-07-23 15:53 - 00590039 ____A C:\Windows\MATLAB Screen Saver.edm
2012-07-23 15:53 - 2012-07-23 15:53 - 00330752 ____A C:\Windows\MATLAB Screen Saver.SCR
2012-07-23 15:51 - 1997-10-01 14:55 - 00590039 ____A C:\Users\τινα\Desktop\setup.edm
2012-07-23 15:51 - 1997-10-01 14:55 - 00330752 ____A C:\Users\τινα\Desktop\setup.exe
2012-07-23 15:50 - 2012-07-23 15:01 - 00537976 ____A C:\Users\τινα\Desktop\matlab.zip
2012-07-23 14:48 - 2012-07-23 14:49 - 00000000 ____D C:\Users\τινα\Desktop\archives
2012-07-23 14:10 - 2011-04-22 12:21 - 00000000 ____D C:\crack
2012-07-23 14:10 - 2011-03-21 05:49 - 00000000 ____D C:\utils
2012-07-23 14:10 - 2011-03-21 05:49 - 00000000 ____D C:\java
2012-07-23 14:10 - 2011-03-21 05:49 - 00000000 ____D C:\help
2012-07-23 14:10 - 2011-03-21 05:49 - 00000000 ____D C:\bin
2012-07-23 14:01 - 2011-03-21 05:59 - 00000000 ____D C:\archives
2012-07-22 14:02 - 2012-07-22 19:07 - 900216832 ____A C:\Users\τινα\Downloads\ml2011aw-[ajs].iso
2012-07-22 13:58 - 2012-07-22 13:58 - 00025754 ____A C:\Users\τινα\Downloads\[kat.ph]matlab.2011a.windows.32.64.with.serial.torrent
2012-07-22 13:46 - 2012-07-22 13:47 - 01014784 ____A C:\Users\τινα\Downloads\Signals and Spectral Methods - Lecture 5 (1).ppt
2012-07-22 13:46 - 2012-07-22 13:46 - 01012736 ____A C:\Users\τινα\Downloads\Signals and Spectral Methods - Lecture 5.ppt
2012-07-22 00:13 - 2012-07-22 00:13 - 00342848 ____A (OpenInstall ) C:\Users\τινα\Downloads\oi_matlabzip.exe

============ 3 Months Modified Files ========================

2012-08-21 01:17 - 2011-12-27 04:22 - 00001190 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-722881897-2330803313-3769877417-1002UA.job
2012-08-21 01:02 - 2011-12-27 03:58 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-21 00:59 - 2009-07-14 07:39 - 00029089 ____A C:\Windows\setupact.log
2012-08-21 00:56 - 2009-07-14 07:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-21 00:42 - 2009-07-14 07:34 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-21 00:42 - 2009-07-14 07:34 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-21 00:38 - 2012-08-21 00:38 - 00000020 ___SH C:\Users\τινα\ntuser.ini
2012-08-18 17:05 - 2011-12-27 03:41 - 00904674 ____A C:\Windows\WindowsUpdate.log
2012-08-18 12:14 - 2012-07-10 11:59 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for τινα.job
2012-08-18 00:28 - 2011-12-27 04:22 - 00001138 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-722881897-2330803313-3769877417-1002Core.job
2012-08-15 15:20 - 2012-08-15 15:20 - 00412160 ____A C:\Users\τινα\Downloads\XARTES_IGME.XLS
2012-08-14 13:50 - 2012-07-21 12:49 - 00019968 ____A C:\Users\τινα\Desktop\πρόγραμμα0912.xls
2012-08-12 22:21 - 2012-08-12 22:21 - 00047894 ____A C:\Users\τινα\Desktop\pretty.txt
2012-08-12 22:20 - 2012-08-12 22:20 - 00047894 ____A C:\Users\τινα\Desktop\1.txt
2012-08-12 19:30 - 2012-08-12 19:30 - 00019997 ____A C:\Users\τινα\Downloads\Pretty Little Liars_3x09_HDTV.LOL.gr.zip
2012-08-12 19:01 - 2012-08-12 19:01 - 00021400 ____A C:\Users\τινα\Downloads\[kat.ph]pretty.little.liars.s03e09.hdtv.x264.lol.ettv (1).torrent
2012-08-12 19:00 - 2012-08-12 18:59 - 00021400 ____A C:\Users\τινα\Downloads\[kat.ph]pretty.little.liars.s03e09.hdtv.x264.lol.ettv.torrent
2012-08-02 13:23 - 2012-08-02 13:22 - 00138880 ____A C:\Windows\Minidump\080212-32078-01.dmp
2012-08-02 13:22 - 2012-01-14 18:18 - 94576253 ____A C:\Windows\MEMORY.DMP
2012-07-23 15:53 - 2012-07-23 15:53 - 00590039 ____A C:\Windows\MATLAB Screen Saver.edm
2012-07-23 15:53 - 2012-07-23 15:53 - 00330752 ____A C:\Windows\MATLAB Screen Saver.SCR
2012-07-23 15:01 - 2012-07-23 15:50 - 00537976 ____A C:\Users\τινα\Desktop\matlab.zip
2012-07-22 19:07 - 2012-07-22 14:02 - 900216832 ____A C:\Users\τινα\Downloads\ml2011aw-[ajs].iso
2012-07-22 13:58 - 2012-07-22 13:58 - 00025754 ____A C:\Users\τινα\Downloads\[kat.ph]matlab.2011a.windows.32.64.with.serial.torrent
2012-07-22 13:47 - 2012-07-22 13:46 - 01014784 ____A C:\Users\τινα\Downloads\Signals and Spectral Methods - Lecture 5 (1).ppt
2012-07-22 13:46 - 2012-07-22 13:46 - 01012736 ____A C:\Users\τινα\Downloads\Signals and Spectral Methods - Lecture 5.ppt
2012-07-22 00:13 - 2012-07-22 00:13 - 00342848 ____A (OpenInstall ) C:\Users\τινα\Downloads\oi_matlabzip.exe
2012-07-21 23:50 - 2012-07-21 23:50 - 03317512 ____A C:\Users\τινα\Downloads\Smooth3.wmv
2012-07-21 23:46 - 2012-07-21 23:46 - 00719787 ____A C:\Users\τινα\Downloads\LEC_02_INTERPOLATION.rar
2012-07-21 23:32 - 2012-07-21 23:31 - 06007016 ____A C:\Users\τινα\Downloads\LEC_05_LINEAR_REG.rar
2012-07-20 20:09 - 2012-07-20 20:09 - 00318904 ____A (Microsoft Corporation) C:\Users\τινα\Downloads\wmpfirefoxplugin (5).exe
2012-07-19 19:37 - 2012-07-10 22:41 - 00001728 ____A C:\Windows\PFRO.log
2012-07-19 13:59 - 2012-07-19 13:59 - 00318904 ____A (Microsoft Corporation) C:\Users\τινα\Downloads\wmpfirefoxplugin (4).exe
2012-07-19 13:55 - 2012-07-19 13:55 - 00318904 ____A (Microsoft Corporation) C:\Users\τινα\Downloads\wmpfirefoxplugin (3).exe
2012-07-19 13:53 - 2012-07-19 13:53 - 00318904 ____A (Microsoft Corporation) C:\Users\τινα\Downloads\wmpfirefoxplugin (2).exe
2012-07-19 13:47 - 2012-07-19 13:47 - 00318904 ____A (Microsoft Corporation) C:\Users\τινα\Downloads\wmpfirefoxplugin (1).exe
2012-07-19 13:46 - 2012-07-19 13:46 - 00318904 ____A (Microsoft Corporation) C:\Users\τινα\Downloads\wmpfirefoxplugin.exe
2012-07-17 15:58 - 2012-07-17 15:58 - 00285960 ____A (Premium) C:\Users\τινα\Downloads\FastDownload.exe
2012-07-16 14:21 - 2012-07-16 12:34 - 00090624 ____A C:\Users\τινα\Desktop\To_be_mixed (1).xls
2012-07-16 13:02 - 2012-07-16 13:02 - 00002777 ____A C:\Users\τινα\Desktop\SeismoSignal.lnk
2012-07-16 12:32 - 2012-07-16 12:31 - 00107520 ____A C:\Users\τινα\Downloads\To_be_mixed (1).xls
2012-07-16 12:31 - 2012-07-16 12:30 - 04169242 ____A C:\Users\τινα\Downloads\SeismoSignal-v4.3.0_build101.zip
2012-07-13 20:05 - 2012-07-13 20:05 - 00062704 ____A C:\Users\τινα\AppData\Roaming\GDIPFONTCACHEV1.DAT
2012-07-10 11:58 - 2012-07-10 11:58 - 00001297 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-07-10 09:57 - 2012-07-10 09:57 - 00001234 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-07-10 09:56 - 2012-07-10 09:56 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-07-10 09:56 - 2012-07-10 09:56 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-07-10 09:56 - 2012-07-10 09:56 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-07-10 09:56 - 2012-07-10 09:56 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-07-10 09:56 - 2012-07-10 09:56 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-07-10 09:56 - 2012-07-10 09:56 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-07-10 09:44 - 2012-07-10 09:44 - 00684288 ____A (RealNetworks, Inc.) C:\Users\τινα\Downloads\RealPlayer (1).exe
2012-07-10 09:43 - 2012-07-10 09:43 - 00760128 ____A (RealNetworks, Inc.) C:\Users\τινα\Downloads\RealPlayer.exe
2012-07-10 09:37 - 2012-07-10 09:36 - 03932214 ____A C:\Users\τινα\Downloads\rethumno tei music.bmp
2012-07-09 14:38 - 2012-07-09 14:38 - 00103424 ____A C:\Users\τινα\Downloads\To_be_mixed.xls
2012-07-03 11:21 - 2012-07-03 11:19 - 19320420 ____A ( ) C:\Users\τινα\Downloads\gmt-4.5.8_pdf_install.exe
2012-07-03 11:21 - 2012-07-03 11:19 - 19320420 ____A ( ) C:\Users\τινα\Downloads\gmt-4.5.8_pdf_install (1).exe
2012-06-24 03:07 - 2012-06-24 03:07 - 00435200 ____A C:\Users\τινα\Downloads\telikoi_pinakes.xls
2012-06-24 03:07 - 2012-06-24 03:07 - 00280576 ____A C:\Users\τινα\Downloads\ΘΕΣΣΑΛΟΝΙΚΗΣ_2119_apospasma.xls
2012-06-24 03:01 - 2012-06-24 03:01 - 01968128 ____A C:\Users\τινα\Downloads\deutschgr_PE02_telikos_anapl_ekkatharisi.xls
2012-06-24 03:01 - 2012-06-24 03:00 - 07191552 ____A C:\Users\τινα\Downloads\31.xls
2012-06-24 03:01 - 2012-06-24 03:00 - 00766976 ____A C:\Users\τινα\Downloads\ΑΠΟΤΥΧΟΝΤΕΣ ΦΥΣΙΚΟΙ 2005.xls
2012-06-21 00:45 - 2012-06-21 00:45 - 00002525 ____A C:\Users\τινα\Desktop\Skype.lnk
2012-06-14 22:02 - 2012-06-14 22:02 - 00078848 ____A C:\Users\τινα\Downloads\0529 ΛΙΣΤΑ ΥΠΟΨΗΦΙΩΝ ΒΟΥΛΕΥΤΩΝ 17ης ΙΟΥΝΙΟΥ (2).xls
2012-06-14 22:02 - 2012-06-14 22:02 - 00078848 ____A C:\Users\τινα\Downloads\0529 ΛΙΣΤΑ ΥΠΟΨΗΦΙΩΝ ΒΟΥΛΕΥΤΩΝ 17ης ΙΟΥΝΙΟΥ (1).xls
2012-06-14 21:10 - 2012-06-14 21:09 - 00078848 ____A C:\Users\τινα\Downloads\0529 ΛΙΣΤΑ ΥΠΟΨΗΦΙΩΝ ΒΟΥΛΕΥΤΩΝ 17ης ΙΟΥΝΙΟΥ.xls
2012-06-13 21:20 - 2012-06-13 21:20 - 09077760 ____A C:\Users\τινα\Downloads\les_08 (2).ppt
2012-06-13 21:08 - 2012-06-13 21:08 - 00857088 ____A C:\Users\τινα\Downloads\les_07 (1).ppt
2012-06-13 21:04 - 2012-06-13 21:04 - 00946688 ____A C:\Users\τινα\Downloads\les_05.ppt
2012-06-13 20:49 - 2012-06-13 20:49 - 02426880 ____A C:\Users\τινα\Downloads\les_04.ppt
2012-06-13 20:34 - 2012-06-13 20:34 - 07182848 ____A C:\Users\τινα\Downloads\les_03 (2).ppt
2012-06-13 20:21 - 2012-06-13 20:21 - 02371072 ____A C:\Users\τινα\Downloads\les_02 (2).ppt
2012-06-13 20:06 - 2012-06-13 20:06 - 04525056 ____A C:\Users\τινα\Downloads\les_01.ppt
2012-06-13 19:58 - 2012-06-13 19:57 - 02129920 ____A C:\Users\τινα\Downloads\les_06 (1).ppt
2012-06-13 19:19 - 2012-06-13 19:19 - 09077760 ____A C:\Users\τινα\Downloads\les_08 (1).ppt
2012-06-13 19:12 - 2012-06-13 19:12 - 00857088 ____A C:\Users\τινα\Downloads\les_07.ppt
2012-06-10 03:00 - 2012-06-10 03:00 - 09077760 ____A C:\Users\τινα\Downloads\les_08.ppt
2012-06-10 02:16 - 2012-06-10 02:16 - 02129920 ____A C:\Users\τινα\Downloads\les_06.ppt
2012-06-10 02:14 - 2012-06-10 02:14 - 07179776 ____A C:\Users\τινα\Downloads\les_03 (1).ppt
2012-06-09 17:04 - 2012-06-09 17:04 - 07182848 ____A C:\Users\τινα\Downloads\les_03.ppt
2012-06-09 16:37 - 2012-06-09 16:37 - 02368512 ____A C:\Users\τινα\Downloads\les_02 (1).ppt
2012-06-09 16:31 - 2012-06-09 16:30 - 02371072 ____A C:\Users\τινα\Downloads\les_02.ppt
2012-05-28 22:05 - 2012-05-28 22:05 - 01249230 ____A C:\Users\τινα\Downloads\tina (2).bmp
2012-05-28 22:04 - 2012-05-28 22:03 - 01249230 ____A C:\Users\τινα\Downloads\tina (1).bmp
2012-05-28 19:16 - 2012-05-28 19:14 - 02637750 ____A C:\Users\τινα\Downloads\Lecture1.rar
2012-05-27 23:34 - 2012-05-27 23:34 - 01249230 ____A C:\Users\τινα\Downloads\χωρίς τίτλο (1).bmp
2012-05-27 23:34 - 2012-05-27 23:33 - 01249230 ____A C:\Users\τινα\Downloads\χωρίς τίτλο.bmp
2012-05-27 04:38 - 2012-05-27 04:36 - 00545529 ____A C:\Users\τινα\Downloads\tina.bmp


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 82%
Total physical RAM: 510.24 MB
Available physical RAM: 88.6 MB
Total Pagefile: 1534.24 MB
Available Pagefile: 861.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1957.95 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.03 GB) (Free:34.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (USB2) (Removable) (Total:1.86 GB) (Free:1.09 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 2048 KB
Disk 1 Online 1911 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB
Partition 0 Extended 509 MB 74 GB
Partition 2 Logical 509 MB 74 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 74 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 2
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E USB2 FAT Removable 1907 MB Healthy

==================================================================================

Last Boot: 2012-08-18 12:16

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   15.25KB   1 downloads


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 20 August 2012 - 06:10 PM

It is the same. Unless the tool is run correctly we will not get a full log.

Please follow the following instruction carefully.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#11 stergios

stergios
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 20 August 2012 - 06:22 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 19-08-2012 01
Ran by SYSTEM at 21-08-2012 02:18:13
Running from E:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot [296096 2012-07-09] (RealNetworks, Inc.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
AppInit_DLLs: avgrsstx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 avg9emc; "C:\Program Files\AVG\AVG9\avgemc.exe" [921952 2011-12-27] (AVG Technologies CZ, s.r.o.)
2 avg9wd; "C:\Program Files\AVG\AVG9\avgwdsvc.exe" [308136 2011-12-27] (AVG Technologies CZ, s.r.o.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [216400 2011-12-27] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-12-27] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-12-27] (AVG Technologies CZ, s.r.o.)
3 CAMCAUD; C:\Windows\System32\drivers\camc6aud.sys [38016 2005-08-01] (Conexant Systems Inc.)
3 CAMCHALA; C:\Windows\System32\drivers\camc6hal.sys [349312 2005-08-01] (Conexant Systems Inc.)
3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [43008 2009-07-13] (Realtek Semiconductor Corporation )
3 VSTHWATI; C:\Windows\System32\DRIVERS\VSTATI3.SYS [236032 2009-07-13] (Conexant Systems, Inc.)
3 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-21 00:37 - 2012-08-21 00:37 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-08-21 00:37 - 2012-08-20 15:00 - 00000000 ____D C:\FRST
2012-08-19 16:26 - 2012-08-19 16:26 - 00000000 __SHD C:\found.000
2012-08-02 02:22 - 2012-08-02 02:23 - 00138880 ____A C:\Windows\Minidump\080212-32078-01.dmp
2012-07-23 04:53 - 2012-07-23 04:53 - 00590039 ____A C:\Windows\MATLAB Screen Saver.edm
2012-07-23 04:53 - 2012-07-23 04:53 - 00330752 ____A C:\Windows\MATLAB Screen Saver.SCR
2012-07-23 03:10 - 2011-04-22 01:21 - 00000000 ____D C:\crack
2012-07-23 03:10 - 2011-03-20 18:49 - 00000000 ____D C:\utils
2012-07-23 03:10 - 2011-03-20 18:49 - 00000000 ____D C:\java
2012-07-23 03:10 - 2011-03-20 18:49 - 00000000 ____D C:\help
2012-07-23 03:10 - 2011-03-20 18:49 - 00000000 ____D C:\bin
2012-07-23 03:01 - 2011-03-20 18:59 - 00000000 ____D C:\archives


============ 3 Months Modified Files ========================

2012-08-20 15:13 - 2011-12-26 16:41 - 00908922 ____A C:\Windows\WindowsUpdate.log
2012-08-20 15:13 - 2009-07-13 20:34 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-20 15:13 - 2009-07-13 20:34 - 00010016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-20 15:07 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-20 15:07 - 2009-07-13 20:39 - 00029145 ____A C:\Windows\setupact.log
2012-08-20 14:17 - 2011-12-26 17:22 - 00001190 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-722881897-2330803313-3769877417-1002UA.job
2012-08-20 14:02 - 2011-12-26 16:58 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-18 01:14 - 2012-07-10 00:59 - 00000434 ___AH C:\Windows\Tasks\Norton Security Scan for t??a.job
2012-08-17 13:28 - 2011-12-26 17:22 - 00001138 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-722881897-2330803313-3769877417-1002Core.job
2012-08-02 02:23 - 2012-08-02 02:22 - 00138880 ____A C:\Windows\Minidump\080212-32078-01.dmp
2012-08-02 02:22 - 2012-01-14 07:18 - 94576253 ____A C:\Windows\MEMORY.DMP
2012-07-23 04:53 - 2012-07-23 04:53 - 00590039 ____A C:\Windows\MATLAB Screen Saver.edm
2012-07-23 04:53 - 2012-07-23 04:53 - 00330752 ____A C:\Windows\MATLAB Screen Saver.SCR
2012-07-19 08:37 - 2012-07-10 11:41 - 00001728 ____A C:\Windows\PFRO.log
2012-07-10 00:58 - 2012-07-10 00:58 - 00001297 ____A C:\Users\Public\Desktop\Norton Security Scan.lnk
2012-07-09 22:57 - 2012-07-09 22:57 - 00001234 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-07-09 22:56 - 2012-07-09 22:56 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-07-09 22:56 - 2012-07-09 22:56 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-07-09 22:56 - 2012-07-09 22:56 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-07-09 22:56 - 2012-07-09 22:56 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-07-09 22:56 - 2012-07-09 22:56 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-07-09 22:56 - 2012-07-09 22:56 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 63%
Total physical RAM: 510.24 MB
Available physical RAM: 188.47 MB
Total Pagefile: 510.24 MB
Available Pagefile: 185.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.63 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.03 GB) (Free:34.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (USB2) (Removable) (Total:1.86 GB) (Free:1.09 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 2048 KB
Disk 1 Online 1911 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB
Partition 0 Extended 509 MB 74 GB
Partition 2 Logical 509 MB 74 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 74 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 82
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E USB2 FAT Removable 1907 MB Healthy

==================================================================================

Last Boot: 2012-08-18 01:16

======================= End Of Log ==========================

#12 stergios

stergios
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 20 August 2012 - 06:34 PM

Attached File  FRST.txt   9.18KB   0 downloads

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 20 August 2012 - 06:47 PM

Well done.

That part looks good. :thumbup2:

Let's check other things too. Just to let you know I'm going to sleep now as it is too late here. I'll see the logs tomorrow and we will probably round off.

  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#14 stergios

stergios
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 22 August 2012 - 02:16 PM

I am truly sorry for the delay but I had a lot of work to do. We found out what caused the virus in the laptop. Unfortunately the laptop is not in my hands now. Nevermind, we have saved all the files thanks to you, we will reboot it shortly from the windows7 CD. thank you for everything! I really appreciate it. cudos to bleeping computer team!

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:28 PM

Posted 22 August 2012 - 02:48 PM

No worries for the delay and you are most welcome. Glad it resolved. :)

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users