Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Window 7 will not boot to any mode (access to System Recovery Only)


  • This topic is locked This topic is locked
6 replies to this topic

#1 Yay

Yay

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:26 PM

Posted 14 October 2012 - 05:27 PM

• PC: Dell Studio Laptop (1749)
• OS: Windows 7 Home Premium 64-bit (Version 6.1.7600.2.0.0.256.1)
• Automatic Updates (download & install) enabled for Windows and McAfee
• 09/21/2012: Turned pc on; Windows didn't start; System Recovery couldn't automatically fix
• Booted from recovery dvd; Chkdsk /r ran from System Recovery Command Prompt
• After chkdsk, restarted system. Gets to logo/Starting Windows, then black screen for awhile, then error message/window appears:
Logon Process Initialization Failure
Interactive logon process initialization has failed.
Please consult the event log for more details.

Posted Image

This appears no matter what mode you start in, therefore, I have access to System Recovery environment only. Event Viewer won't run while in Recovery, so can't view event log.
• Startup Repair, System Restore, Last Known Good Configuration, SFC /scannow, etc etc etc.... NOTHING has fixed this. Hardware & memory scans report no problems.
• Burned an AVG Rescue CD. Scan had been running over 8 hours, then froze on 99%.
Infections found: 16(3)
PUPs found: 7

There was a continue button at bottom of screen. Clicked it. Wasn't shown a log or details of 'what' was found, but I think it said some of it couldn't be fixed? I could delete or rename files. Chose to rename. While the scan was going, I do recall seeing trojan horse Java/Agent.JN and virus Java/Exploit.
• Put Farbar Recovery Scan Tool on USB flash drive. Did scan, and also did search for services.exe. Results below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2012
Ran by SYSTEM at 12-10-2012 05:00:05
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-12-14] (IDT, Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3168336 2009-11-03] (Dell Inc.)
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [McAfeeWrapperApplication] "C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe" [453344 2010-11-01] (McAfee, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1527896 2012-06-21] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Dennis Garner\...\Run: [Google Update] "C:\Users\Dennis Garner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-24] (Google Inc.)
HKU\Dennis Garner\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [435672 2011-11-14] (TomTom)
HKU\Dennis Garner\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247768 2012-07-26] (TomTom)
HKU\Dennis Garner\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [109336 2012-09-12] (Siber Systems)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-07] (Dell)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-08-24] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)
2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [231224 2010-04-13] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [200728 2012-05-11] (McAfee, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\STacSV64.exe [244736 2009-12-14] (IDT, Inc.)
2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-07-26] (TomTom)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) =====================

3 BTHprint; C:\Windows\System32\Drivers\BTHprint.sys [67072 2009-07-13] (Microsoft Corporation)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
0 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [73096 2012-06-15] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
0 AFS; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-08 21:56 - 2012-10-08 21:56 - 00000000 ____D C:\FRST
2012-10-07 14:27 - 2010-11-20 07:40 - 00383786 _RASH C:\bootmgr
2012-09-26 17:49 - 2012-09-26 17:49 - 00000000 ____D C:\Windows\SysWOW64\MUI
2012-09-26 17:47 - 2012-09-26 17:47 - 00000000 ____D C:\Windows\SysWOW64\winrm
2012-09-26 17:47 - 2012-09-26 17:47 - 00000000 ____D C:\Windows\SysWOW64\WCN
2012-09-26 17:46 - 2012-09-26 17:46 - 00000000 ____D C:\Windows\SysWOW64\restore
2012-09-26 17:46 - 2012-09-26 17:46 - 00000000 ____D C:\Program Files (x86)\New folder
2012-09-26 17:45 - 2012-09-26 17:45 - 00000000 ____D C:\Windows\SysWOW64\sppui
2012-09-26 17:45 - 2012-09-26 17:45 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2012-09-26 17:44 - 2012-09-26 17:44 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-09-26 17:35 - 2012-09-26 17:37 - 00000000 ____D C:\Windows\SysWOW64\Dism
2012-09-26 17:34 - 2012-09-26 17:49 - 00000000 ____D C:\Windows\SysWOW64\oobe
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2012-09-26 17:34 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2012-09-26 17:34 - 2012-09-26 17:38 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-09-26 17:34 - 2012-09-26 17:34 - 00000000 ____D C:\Windows\SysWOW64\MsDtc
2012-09-26 17:33 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2012-09-26 17:33 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2012-09-26 17:33 - 2012-09-26 17:42 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2012-09-26 17:31 - 2012-09-26 17:31 - 00000000 ____D C:\Windows\SysWOW64\spp
2012-09-26 17:28 - 2012-09-26 17:46 - 00000000 ____D C:\Windows\SysWOW64\Speech
2012-09-26 17:28 - 2012-09-26 17:28 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2012-09-26 17:27 - 2012-09-26 17:46 - 00000000 ____D C:\Windows\SysWOW64\setup
2012-09-26 17:27 - 2012-09-26 17:27 - 00000000 ____D C:\Windows\SysWOW64\ras
2012-09-26 17:25 - 2012-09-26 17:25 - 00000000 ____D C:\Windows\SysWOW64\networklist
2012-09-26 17:24 - 2012-09-26 17:47 - 00000000 ____D C:\Windows\SysWOW64\MigWiz
2012-09-26 17:20 - 2012-09-26 17:23 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2012-09-26 17:20 - 2012-09-26 17:20 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-09-26 17:20 - 2012-09-26 17:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2012-09-26 17:20 - 2012-09-26 17:20 - 00000000 ____D C:\Windows\SysWOW64\FxsTmp
2012-09-26 17:19 - 2012-09-26 17:33 - 00000000 ____D C:\Windows\SysWOW64\Com
2012-09-26 17:19 - 2012-09-26 17:23 - 00000000 ____D C:\Windows\SysWOW64\IME
2012-09-26 17:19 - 2012-09-26 17:19 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2012-09-24 14:31 - 2012-09-24 14:31 - 00000000 ____D C:\Windows\System32\New folder
2012-09-24 14:31 - 2012-09-24 14:31 - 00000000 ____D C:\Windows\New folder
2012-09-24 12:48 - 2012-09-24 12:49 - 00000000 ____A C:\wevtutil
2012-09-23 11:39 - 2012-09-23 11:40 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-09-12 13:21 - 2012-09-12 13:21 - 12703744 ____A (Siber Systems) C:\Users\Dennis Garner\Downloads\AiRoboForm-cnetc(1).exe

==================== 3 Months Modified Files ==================

2012-10-08 21:56 - 2012-04-22 10:15 - 00011174 ____A C:\Windows\setupact.log
2012-10-07 17:15 - 2009-07-14 00:10 - 01153140 ____A C:\Windows\WindowsUpdate.log
2012-09-24 12:49 - 2012-09-24 12:48 - 00000000 ____A C:\wevtutil
2012-09-21 11:42 - 2010-03-13 22:00 - 00637028 ____A C:\Windows\PFRO.log
2012-09-21 09:34 - 2012-07-13 18:12 - 957734373 ____A C:\Windows\MEMORY.DMP
2012-09-21 05:39 - 2012-07-10 09:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-21 05:16 - 2011-08-28 06:42 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-21 04:44 - 2012-04-24 19:28 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-346039122-3954669198-3326654086-1000UA.job
2012-09-21 04:44 - 2012-04-24 19:28 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-346039122-3954669198-3326654086-1000Core.job
2012-09-21 02:04 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-21 02:04 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-20 19:02 - 2012-02-03 19:06 - 00001830 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2012-09-20 19:02 - 2012-02-03 19:06 - 00001830 ____A C:\Users\All Users\Desktop\McAfee Total Protection.lnk
2012-09-20 13:16 - 2011-08-28 06:42 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-14 08:22 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-12 13:21 - 2012-09-12 13:21 - 12703744 ____A (Siber Systems) C:\Users\Dennis Garner\Downloads\AiRoboForm-cnetc(1).exe
2012-09-12 12:53 - 2009-07-14 00:13 - 00740046 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-12 02:00 - 2010-03-20 19:09 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-03 08:40 - 2012-04-24 19:29 - 00002495 ____A C:\Users\Dennis Garner\Desktop\Google Chrome.lnk
2012-09-02 05:41 - 2012-09-02 05:40 - 31169000 ____A (Oracle Corporation) C:\Users\Dennis Garner\Downloads\jre-7u7-windows-i586.exe
2012-09-02 05:13 - 2012-09-02 05:12 - 39483256 ____A (Apple Inc.) C:\Users\Dennis Garner\Downloads\QuickTimeInstaller(1).exe
2012-08-26 18:39 - 2012-08-26 18:39 - 00283200 ____A C:\Windows\Minidump\082612-23290-01.dmp
2012-08-22 13:12 - 2012-09-11 19:28 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 13:12 - 2012-09-11 19:28 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 13:12 - 2012-09-11 19:28 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 13:12 - 2012-09-11 19:28 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-16 09:42 - 2009-07-13 23:45 - 00343576 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-02 12:58 - 2012-09-11 19:28 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 11:57 - 2012-09-11 19:28 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-07-18 13:15 - 2012-08-15 08:02 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-20 08:44:13

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3764.54 MB
Available physical RAM: 3160.13 MB
Total Pagefile: 3762.69 MB
Available Pagefile: 3163.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:404.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.17 GB) (Free:0 GB) UDF
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Lexar) (Removable) (Total:14.9 GB) (Free:14.88 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Lexar FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-09-15 23:21

==================== End Of Log =============================


Farbar Recovery Scan Tool (x64) Version: 07-10-2012
Ran by SYSTEM at 2012-10-12 05:11:41
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 15 October 2012 - 07:32 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Yay

Yay
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:26 PM

Posted 15 October 2012 - 08:41 PM

Hi M0le... and thank you! Yes, I'm here & hopeful :)

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 16 October 2012 - 06:19 PM

The error regarding the failure of the Interactive Logon Process Initialisation is a hardware problem and not a malware one.

Please read this information on Microsoft's site and visit the link in the Resolution section to download and run the Hotfix

If we can now boot the machine then we can check for any malicious software
Posted Image
m0le is a proud member of UNITE

#5 Yay

Yay
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:26 PM

Posted 16 October 2012 - 08:03 PM

Microsoft emailed the hotfix (.exe file) to me, and I put it on USB flash drive. Having access to Recovery command prompt only, I'm unable to open/install the file. Error message appears: The subsystem needed to support the image type is not present.

Reading the page you directed me to, I don't see anything about it being a hardware issue?

Edited by Yay, 16 October 2012 - 08:12 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 17 October 2012 - 02:44 PM

Reading the page you directed me to, I don't see anything about it being a hardware issue?


Sorry, I meant system problem. :whistle:

The message you received about the subsystem confirms that you need to post this in a different forum and get help there. I would recommend this site's Windows 7 forum.

If they can help you boot your machine again and you still suspect malware then please PM me directly and I will take it on immediately. In the meantime I will close this topic in five days.
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:26 AM

Posted 22 October 2012 - 06:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users