Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair cannot repair automatically


  • This topic is locked This topic is locked
3 replies to this topic

#1 d3spis3m3

d3spis3m3

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 15 March 2013 - 11:21 AM

Here is my farbar report

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013
Ran by SYSTEM at 15-03-2013 11:46:16
Running from H:\
Windows 7 Professional   (X64) OS Language: English(US) 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2010-05-31] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [x]
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2472048 2010-08-11] (VIA)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [x]
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
HKU\SHOP\...\Run: [Facebook Update] "C:\Users\SHOP\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKU\SHOP\...\Policies\system: [LogonHoursAction] 2
HKU\SHOP\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\SYX\...\Policies\system: [LogonHoursAction] 2
HKU\SYX\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\VAST\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-05-04] (Google Inc.)
HKU\VAST\...\Policies\system: [LogonHoursAction] 2
HKU\VAST\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1 192.168.1.1
 
==================== Services (Whitelisted) ===================
 
2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
3 Browser; C:\Windows\System32\browser.dll [x]
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [x]
2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [x]
2 FontCache; C:\Windows\System32\FntCache.dll [x]
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [x]
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [x]
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [x]
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [x]
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 N360; "C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\diMaster.dll" /prefetch:1 [x]
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 NlaSvc; C:\Windows\System32\nlasvc.dll [x]
2 ProfSvc; C:\Windows\System32\profsvc.dll [x]
2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [x]
3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [x]
2 Spooler; C:\Windows\System32\spoolsv.exe [x]
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [x]
 
==================== Drivers (Whitelisted) =====================
 
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2010-05-31] (LogMeIn, Inc.)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
3 radpms; C:\Windows\System32\Drivers\radpms.sys [14944 2011-10-24] (LogMeIn, Inc.)
3 AE3000; C:\Windows\System32\DRIVERS\AE3000w764.sys [x]
1 AFD; C:\Windows\system32\drivers\afd.sys [x]
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [x]
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1403000.024\ccSetx64.sys [x]
0 CNG; C:\Windows\System32\Drivers\cng.sys [x]
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [x]
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20121019.001\IDSvia64.sys [x]
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [x]
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [x]
3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [x]
4 LMIRfsClientNP;  [x]
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121019.002\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20121019.002\EX64.SYS [x]
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [x]
3 Ntfs;  [x]
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [x]
3 RDPWD;  [x]
3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaylh.sys [x]
3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirlh.sys [x]
3 SRTSP; C:\Windows\System32\Drivers\N360x64\1403000.024\SRTSP64.SYS [x]
1 SRTSPX; C:\Windows\system32\drivers\N360x64\1403000.024\SRTSPX64.SYS [x]
0 SymDS; C:\Windows\System32\drivers\N360x64\1403000.024\SYMDS64.SYS [x]
0 SymEFA; C:\Windows\System32\drivers\N360x64\1403000.024\SYMEFA64.SYS [x]
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [x]
1 SymIRON; C:\Windows\system32\drivers\N360x64\1403000.024\Ironx64.SYS [x]
1 SymNetS; C:\Windows\System32\Drivers\N360x64\1403000.024\SYMNETS.SYS [x]
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [x]
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [x]
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [x]
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [x]
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [x]
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [x]
 
==================== NetSvcs (Whitelisted) ====================
 
 
==================== One Month Created Files and Folders ========
 
2013-03-15 11:29 - 2013-03-15 11:29 - 00024576 ____A C:\BCD_Backup
2013-03-15 11:29 - 2013-03-15 11:29 - 00021504 __ASH C:\BCD_Backup.LOG
2013-03-13 05:56 - 2013-03-13 05:56 - 00003496 ____N C:\bootsqm.dat
2013-03-08 07:11 - 2013-03-13 10:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-02 11:31 - 2013-03-02 11:31 - 01165881 ____A C:\Users\VAST\Desktop\Advance Auto Parts Your Account.mht
2013-02-23 05:16 - 2013-02-23 05:16 - 00000000 ____D C:\Users\SHOP\AppData\Local\{F0B28CDB-9CAF-4654-9469-58F442DB3FD7}
2013-02-23 05:16 - 2013-02-23 05:16 - 00000000 ____D C:\Users\SHOP\AppData\Local\{0F7F7B44-4568-4520-B889-9C20CA828C63}
2013-02-17 11:56 - 2013-03-13 10:54 - 00000000 ____D C:\Users\VAST\Desktop\Lawson Industries _ The Future of Performance Exhaust. - Mufflers, Exhaust Systems, Stainless Steel Exhaust Tips, Cat-Back Systems, Axle-Back Systems and Catalytic Converters_files
2013-02-17 11:53 - 2013-03-13 10:54 - 00000000 ____D C:\Users\VAST\Documents\Lawson Industries _ The Future of Performance Exhaust. - Mufflers, Exhaust Systems, Stainless Steel Exhaust Tips, Cat-Back Systems, Axle-Back Systems and Catalytic Converters_files
2013-02-17 11:52 - 2013-03-13 10:54 - 00000000 ____D C:\Users\VAST\Documents\Lawson Industries _ Bring Your Exhaust to Life with Insynerator, Rush, Lawson Xtreme Performance and FlowMax Peformance Mufflers_files
2013-02-17 11:52 - 2013-02-17 11:52 - 00085667 ____A C:\Users\VAST\Documents\Lawson Industries _ Bring Your Exhaust to Life with Insynerator, Rush, Lawson Xtreme Performance and FlowMax Peformance Mufflers.htm
 
 
==================== One Month Modified Files and Folders =======
 
2013-03-15 11:29 - 2013-03-15 11:29 - 00024576 ____A C:\BCD_Backup
2013-03-15 11:29 - 2013-03-15 11:29 - 00021504 __ASH C:\BCD_Backup.LOG
2013-03-15 11:22 - 2011-10-24 14:19 - 00000000 ____D C:\users\SHOP
2013-03-15 11:22 - 2011-10-24 06:19 - 00000000 ____D C:\users\VAST
2013-03-15 11:22 - 2011-10-22 09:14 - 00000000 ____D C:\users\SYX
2013-03-15 11:21 - 2012-06-29 13:32 - 00000000 ____D C:\Windows\System32\Macromed
2013-03-15 11:21 - 2011-10-24 08:15 - 00000000 ____D C:\Users\VAST\AppData\Roaming\SoftGrid Client
2013-03-15 11:21 - 2011-08-25 02:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-03-15 11:21 - 2011-08-25 02:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-03-15 11:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-15 11:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-15 11:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-03-13 10:55 - 2013-03-08 07:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-03-13 10:55 - 2013-01-21 06:49 - 00000000 ____D C:\Users\VAST\AppData\Local\join.me
2013-03-13 10:55 - 2012-09-19 13:33 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-03-13 10:55 - 2012-09-19 13:28 - 00000000 ____D C:\ProgramData\Norton
2013-03-13 10:55 - 2011-08-25 02:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-03-13 10:55 - 2011-03-09 08:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-13 10:54 - 2013-02-17 11:56 - 00000000 ____D C:\Users\VAST\Desktop\Lawson Industries _ The Future of Performance Exhaust. - Mufflers, Exhaust Systems, Stainless Steel Exhaust Tips, Cat-Back Systems, Axle-Back Systems and Catalytic Converters_files
2013-03-13 10:54 - 2013-02-17 11:53 - 00000000 ____D C:\Users\VAST\Documents\Lawson Industries _ The Future of Performance Exhaust. - Mufflers, Exhaust Systems, Stainless Steel Exhaust Tips, Cat-Back Systems, Axle-Back Systems and Catalytic Converters_files
2013-03-13 10:54 - 2013-02-17 11:52 - 00000000 ____D C:\Users\VAST\Documents\Lawson Industries _ Bring Your Exhaust to Life with Insynerator, Rush, Lawson Xtreme Performance and FlowMax Peformance Mufflers_files
2013-03-13 10:54 - 2012-11-08 08:49 - 00000000 ____D C:\Users\VAST\Documents\Cocktail recipes  12300+ appetizing drink recipes_files
2013-03-13 10:54 - 2012-09-14 07:38 - 00000000 ____D C:\Users\VAST\Documents\stevie nicks tix_files
2013-03-13 10:54 - 2012-09-07 06:32 - 00000000 ____D C:\Users\VAST\Documents\JOB REPORT_files
2013-03-13 10:54 - 2012-05-18 12:57 - 00000000 ____D C:\Users\VAST\Documents\Free Credit Report & History _ FreeCreditReport.com© Official_files
2013-03-13 10:54 - 2012-04-06 07:52 - 00000000 ____D C:\Users\VAST\Documents\AutoZonePro_com  AutoZonePro_com_files
2013-03-13 10:54 - 2012-04-05 07:59 - 00000000 ____D C:\Users\VAST\Documents\ranger-zr650_files
2013-03-13 10:54 - 2012-03-09 14:28 - 00000000 ____D C:\Users\VAST\Documents\Live and On-Demand Video Schedule  GBTV_com_files
2013-03-13 10:54 - 2011-12-01 11:37 - 00000000 ____D C:\Users\VAST\Documents\Full Line Exhaust Inc_- Top Line Exhaust Inc_files
2013-03-13 05:56 - 2013-03-13 05:56 - 00003496 ____N C:\bootsqm.dat
2013-03-12 21:03 - 2011-10-24 07:55 - 00000000 ____D C:\ProgramData\LogMeIn
2013-03-10 07:25 - 2011-11-11 11:50 - 00000505 ____A C:\Users\VAST\Desktop\Walker Exhaust Solutions From The Industry Leader.website
2013-03-06 15:59 - 2012-10-09 14:23 - 00000000 ____D C:\Users\VAST\AppData\Local\CrashDumps
2013-03-06 08:25 - 2011-08-25 02:02 - 01073590 ____A C:\Windows\WindowsUpdate.log
2013-03-06 08:21 - 2012-06-29 13:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-06 07:28 - 2012-05-04 08:56 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-05 16:28 - 2012-05-04 08:56 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-02 11:31 - 2013-03-02 11:31 - 01165881 ____A C:\Users\VAST\Desktop\Advance Auto Parts Your Account.mht
2013-03-02 06:59 - 2009-07-13 20:45 - 00027568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-02 06:59 - 2009-07-13 20:45 - 00027568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-01 08:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-01 08:14 - 2009-07-13 20:51 - 00059062 ____A C:\Windows\setupact.log
2013-03-01 06:38 - 2011-10-24 08:00 - 00001967 ____A C:\Users\VAST\Desktop\020204.lnk
2013-02-28 12:41 - 2011-10-22 09:16 - 00058016 ____A C:\Users\SYX\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-28 05:49 - 2011-10-24 15:00 - 00000000 ____D C:\Users\SHOP\Desktop\alldata_files
2013-02-27 08:21 - 2012-06-29 13:32 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-02-27 08:21 - 2012-06-29 13:32 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-02-27 00:20 - 2012-09-19 13:33 - 00000000 ____D C:\Windows\System32\Drivers\N360x64
2013-02-27 00:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-27 00:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-27 00:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-27 00:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-27 00:03 - 2011-08-25 02:05 - 00002155 ____A C:\Windows\epplauncher.mif
2013-02-23 05:16 - 2013-02-23 05:16 - 00000000 ____D C:\Users\SHOP\AppData\Local\{F0B28CDB-9CAF-4654-9469-58F442DB3FD7}
2013-02-23 05:16 - 2013-02-23 05:16 - 00000000 ____D C:\Users\SHOP\AppData\Local\{0F7F7B44-4568-4520-B889-9C20CA828C63}
2013-02-20 11:28 - 2010-11-20 19:47 - 00036458 ____A C:\Windows\PFRO.log
2013-02-17 11:52 - 2013-02-17 11:52 - 00085667 ____A C:\Users\VAST\Documents\Lawson Industries _ Bring Your Exhaust to Life with Insynerator, Rush, Lawson Xtreme Performance and FlowMax Peformance Mufflers.htm
2013-02-13 00:23 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-13 00:05 - 2011-10-22 09:27 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-13 00:03 - 2009-07-13 21:13 - 00741188 ____A C:\Windows\System32\PerfStringBackup.INI
 
 
==================== Known DLLs (Whitelisted) =================
 
C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION!
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-02-20 00:34:46
Restore point made on: 2013-02-23 10:51:46
Restore point made on: 2013-02-26 11:35:40
Restore point made on: 2013-02-27 00:00:14
Restore point made on: 2013-03-02 08:25:22
Restore point made on: 2013-03-06 08:25:09
Restore point made on: 2013-03-10 08:00:10
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4061.05 MB
Available physical RAM: 3430.98 MB
Total Pagefile: 4059.2 MB
Available Pagefile: 3423.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Partitions =============================
 
1 Drive c: (WINDOWS) (Fixed) (Total:425.27 GB) (Free:381.56 GB) NTFS
2 Drive d: (ImageBackup) (Fixed) (Total:40 GB) (Free:34.48 GB) NTFS
3 Drive f: (GRMCPRXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Fixed) (Total:279.45 GB) (Free:204.1 GB) NTFS
6 Drive i: (PQSERVICE) (Fixed) (Total:15 GB) (Free:3.76 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB  1024 KB         
  Disk 1    Online          298 GB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 3C571AD9
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            500 MB  1024 KB
  Partition 0    Extended            40 GB   501 MB
  Partition 3    Logical             39 GB   502 MB
  Partition 2    Primary            425 GB    40 GB
 
==================================================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    500 MB  Healthy            
 
=========================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   ImageBackup  NTFS   Partition     39 GB  Healthy            
 
=========================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C   WINDOWS      NTFS   Partition    425 GB  Healthy            
 
=========================================================
 
Partitions of Disk 1:
===============
 
Disk ID: A165E3A9
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery            15 GB  1024 KB
  Partition 2    Primary            100 MB    15 GB
  Partition 3    Primary            279 GB    15 GB
  Partition 4    OEM               3630 MB   294 GB
 
==================================================================================
 
Disk: 1
Partition 1
Type  : 27
Hidden: Yes
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     I   PQSERVICE    NTFS   Partition     15 GB  Healthy    Hidden  
 
=========================================================
 
Disk: 1
Partition 2
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   System Rese  NTFS   Partition    100 MB  Healthy            
 
=========================================================
 
Disk: 1
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H                NTFS   Partition    279 GB  Healthy            
 
=========================================================
 
Disk: 1
Partition 4
Type  : 12
Hidden: Yes
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 7                      NTFS   Partition   3630 MB  Healthy    Hidden  
 
=========================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 3C571AD9
 
Partition 1:
=========
Hex: 8020210007DD1E3F0008000000A00F00
Active: YES
Type: 07 (NTFS)
Size: 500 MB
 
Partition 2:
=========
Hex: 00DD1F3F0FFEFFFF00A80F0000000005
Active: NO
Type: OF (Extended)
Size: 40 GB
 
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF00A80F0500B02835
Active: NO
Type: 07 (NTFS)
Size: 425 GB
 
==============================
Partitions of Disk 1:
===============
Disk ID: A165E3A9
 
Partition 1:
=========
Hex: 0020210027FEFFFF000800000000E001
Active: NO
Type: 27
Size: 15 GB
 
Partition 2:
=========
Hex: 80FEFFFF07FEFFFF0008E00100200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB
 
Partition 3:
=========
Hex: 00FEFFFF07FEFFFF0028E3010048EE22
Active: NO
Type: 07 (NTFS)
Size: 279 GB
 
Partition 4:
=========
Hex: 00FEFFFF12FEFFFF0070D12400707100
Active: NO
Type: 12
Size: 4 GB
 
 
Last Boot: 2013-03-04 21:05
 
==================== End Of Log =============================

Edited by hamluis, 15 March 2013 - 02:06 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 17 March 2013 - 09:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

A number of operating system files are missing.

C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION!
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION!

We can only suggest that you reinstall the operating system.

Sorry.

#3 d3spis3m3

d3spis3m3
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:59 PM

Posted 18 March 2013 - 01:26 PM

Thank You for your response.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,500 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 19 March 2013 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users