Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get past startup repair loop


  • This topic is locked This topic is locked
3 replies to this topic

#1 Allboys

Allboys

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 12 January 2013 - 08:44 PM

My son's battery went dead in the middle of a You Tube video. When he powered back on, his computer got stuck in a startup repair loop that would never repair or even finish (we let it run for hours). ? if it might be a virus. Came across this forum during a search and was able to download the FRST64 information from his computer. It is as follows: Any assistance would be appreciated. We just can't function without our computers ;)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
Ran by SYSTEM at 12-01-2013 18:56:13
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray64.exe [425984 2007-09-13] (IDT, Inc.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1694016 2012-04-27] ()
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [x]
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [DVDLauncher] "C:\Program Files (x86)\CyberLink\PowerDVD\DVDLauncher.exe" [49152 2006-04-06] (CyberLink Corp.)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-07-27] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [x]
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" [x]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)
HKU\Dell\...\Run: [Google Update] "C:\Users\Dell\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-05-25] (Google Inc.)
HKU\Dell\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2004-07-27] (InstallShield Software Corporation)
HKU\Dell\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1354736 2012-12-12] (Valve Corporation)
HKU\Dell\...\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1DFF91B2-A6B1-49F9-9141-33187B2B1840}: [NameServer]216.146.35.240,216.146.36.240,192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Dell\Start Menu\Programs\Startup\Sonic INSTALLit! Setup.lnk
ShortcutTarget: Sonic INSTALLit! Setup.lnk -> (No File)

==================== Services (Whitelisted) ===================

3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 STacSV; C:\Windows\system32\STacSV64.exe [119296 2007-09-13] (IDT, Inc.)
2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [x]
3 Browser; C:\Windows\System32\browser.dll [x]
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [x]
2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [x]
2 IBUpdaterService; C:\Windows\System32\dmwu.exe [x]
2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [x]
2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [x]
2 Spooler; C:\Windows\System32\spoolsv.exe [x]
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
3 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [x]
2 wuauserv; C:\Windows\System32\wuaueng.dll [x]
3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [x]

==================== Drivers (Whitelisted) =====================

3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
2 Browser Manager; [x]
0 CNG; C:\Windows\System32\Drivers\cng.sys [x]
3 dc3d; C:\Windows\System32\DRIVERS\dc3d.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [x]
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [x]
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [x]
3 Ntfs; [x]
3 Point64; C:\Windows\System32\DRIVERS\point64.sys [x]
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [x]
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [x]
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [x]
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [x]
3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-03 18:51 - 2013-01-03 18:51 - 00187449 ____A C:\Users\Dell\Downloads\ModLoader (6).zip
2013-01-03 18:51 - 2013-01-03 18:51 - 00187449 ____A C:\Users\Dell\Downloads\ModLoader (5).zip
2013-01-03 18:51 - 2013-01-03 18:51 - 00187449 ____A C:\Users\Dell\Downloads\ModLoader (4).zip
2013-01-03 18:50 - 2013-01-03 18:50 - 00187449 ____A C:\Users\Dell\Downloads\ModLoader (3).zip
2012-12-21 13:57 - 2012-12-21 13:57 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-12-15 14:14 - 2012-12-15 14:14 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Leadertech


==================== One Month Modified Files and Folders =======

2013-01-06 12:15 - 2012-12-10 14:07 - 00000000 ____D C:\Users\All Users\Sendori
2013-01-06 12:15 - 2012-12-10 14:07 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-01-06 12:15 - 2012-12-10 14:05 - 00000000 ____D C:\Program Files\IB Updater
2013-01-06 12:15 - 2012-12-10 13:21 - 00000000 ____D C:\Program Files (x86)\Bus Driver
2013-01-06 12:15 - 2012-12-01 15:49 - 00000000 ____D C:\Users\All Users\VisualBee
2013-01-06 12:15 - 2012-10-16 18:23 - 00000000 ____D C:\Users\Dell\AppData\Local\LogMeIn Hamachi
2013-01-06 12:15 - 2012-08-22 17:50 - 00000000 ____D C:\Users\All Users\HP
2013-01-06 12:15 - 2012-07-28 08:47 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint
2013-01-06 12:15 - 2012-06-17 14:59 - 00000000 ____D C:\Program Files (x86)\SMPlayer
2013-01-06 12:15 - 2012-06-17 14:55 - 00000000 ____D C:\Program Files (x86)\AOL Toolbar
2013-01-06 12:15 - 2012-06-17 14:51 - 00000000 ____D C:\Program Files (x86)\Real
2013-01-06 12:15 - 2012-06-16 22:19 - 00000000 ____D C:\Program Files\Paint.NET
2013-01-06 12:15 - 2012-06-16 22:15 - 00000000 ____D C:\Users\Dell\AppData\Local\jetmp3
2013-01-06 12:15 - 2012-06-16 22:15 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-01-06 12:15 - 2012-06-16 22:14 - 00000000 ____D C:\Program Files (x86)\WhiteSmoke_US
2013-01-06 12:15 - 2012-06-16 22:12 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-01-06 12:15 - 2012-06-15 11:06 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-01-06 12:15 - 2012-06-11 22:30 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2013-01-06 12:15 - 2012-06-11 22:11 - 00000000 ____D C:\Program Files (x86)\Steam
2013-01-06 12:15 - 2012-05-25 10:30 - 00000000 ____D C:\Users\All Users\NVIDIA
2013-01-06 12:15 - 2012-05-25 07:07 - 00000000 ____D C:\users\Dell
2013-01-06 12:14 - 2012-12-10 13:22 - 00000000 ____D C:\Users\Dell\Documents\Bus Driver
2013-01-06 12:14 - 2012-12-01 16:33 - 00000000 ____D C:\Users\Dell\AppData\Local\VisualBeeClient
2013-01-06 12:14 - 2012-12-01 15:50 - 00000000 ____D C:\Users\Dell\AppData\Local\VisualBeeExe
2013-01-06 12:14 - 2012-10-19 10:38 - 00000000 ____D C:\Users\Dell\Documents\MCEdit-schematics
2013-01-06 12:14 - 2012-06-13 18:34 - 00000000 ____D C:\Users\Dell\AppData\Roaming\gtk-2.0
2013-01-06 12:14 - 2012-06-13 18:03 - 00000000 ____D C:\Users\Dell\AppData\Local\Unity
2013-01-06 12:14 - 2012-06-11 22:14 - 00000000 ____D C:\Users\Dell\Desktop\games
2013-01-06 12:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-04 01:41 - 2012-06-21 19:48 - 00000000 ____D C:\Users\Dell\AppData\Local\PMB Files
2013-01-04 01:41 - 2012-06-21 19:48 - 00000000 ____D C:\Users\All Users\PMB Files
2013-01-03 18:56 - 2012-10-18 12:13 - 00000000 ____D C:\Users\Dell\AppData\Roaming\.minecraft
2013-01-03 18:51 - 2013-01-03 18:51 - 00187449 ____A C:\Users\Dell\Downloads\ModLoader (6).zip
2013-01-03 18:51 - 2013-01-03 18:51 - 00187449 ____A C:\Users\Dell\Downloads\ModLoader (5).zip
2013-01-03 18:51 - 2013-01-03 18:51 - 00187449 ____A C:\Users\Dell\Downloads\ModLoader (4).zip
2013-01-03 18:50 - 2013-01-03 18:50 - 00187449 ____A C:\Users\Dell\Downloads\ModLoader (3).zip
2013-01-03 15:33 - 2012-12-06 14:51 - 03748097 ____A C:\Users\Dell\Downloads\Enigma_Item_Changer_3.0.0.zip
2013-01-01 13:06 - 2012-05-25 06:55 - 01318969 ____A C:\Windows\WindowsUpdate.log
2013-01-01 13:02 - 2009-07-13 20:45 - 00019712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-01 13:02 - 2009-07-13 20:45 - 00019712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-01 12:55 - 2012-05-25 11:06 - 00000292 ____A C:\Windows\Tasks\AutoKMS.job
2013-01-01 12:54 - 2012-05-25 11:06 - 00151552 ____A C:\Windows\KMSEmulator.exe
2013-01-01 12:52 - 2012-05-29 06:15 - 00012629 ____A C:\Windows\setupact.log
2013-01-01 12:52 - 2012-05-26 06:44 - 00186460 ____A C:\Windows\PFRO.log
2013-01-01 12:52 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-01 11:18 - 2012-06-03 22:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-01 11:18 - 2012-05-25 11:07 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4180605283-1364062006-109619487-1000UA.job
2012-12-31 19:15 - 2012-05-25 11:07 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4180605283-1364062006-109619487-1000Core.job
2012-12-31 13:04 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-29 15:25 - 2012-06-09 11:10 - 00000000 ____D C:\Games
2012-12-21 13:57 - 2012-12-21 13:57 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-12-21 13:54 - 2012-06-15 08:35 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-12-21 13:54 - 2009-07-13 20:45 - 00433304 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-15 14:14 - 2012-12-15 14:14 - 00000000 ____D C:\Users\Dell\AppData\Roaming\Leadertech


==================== Known DLLs (Whitelisted) =================

C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-01 13:06:54

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3069.97 MB
Available physical RAM: 2535.79 MB
Total Pagefile: 3068.12 MB
Available Pagefile: 2520.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:139.62 GB) NTFS
3 Drive f: () (Removable) (Total:7.45 GB) (Free:7.23 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2012-06-03 16:04

==================== End Of Log =============================

Edited by bloopie, 13 January 2013 - 12:25 AM.
Moved to MRL forum due to FRST log. ~bloopie


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:39 PM

Posted 17 January 2013 - 08:43 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Allboys

Allboys
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 18 January 2013 - 11:49 PM

Hello and thank you for helping us in advance!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:39 PM

Posted 19 January 2013 - 11:46 AM

The logs show problems but not malware problems. I count 12 files which are missing but no direct evidence of malicious activity.

If the startup repair is looping then it might be that you need to reinstall and reformat but before I recommend that you would be better off trying to get this diagnosed on the Windows 7 forum. Even if there was malware here until we have a booting machine I can't fix anything. Due to the apparent lack of malware I can't continue this in this forum. I'm not cutting you loose - if you don't get the help from that forum then please PM me and I will talk to a moderator or advisor.

I am closing this topic at present though.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users