Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that caused Windows 7 64bit Startup Repair loop


  • This topic is locked This topic is locked
35 replies to this topic

#1 mdsmedina

mdsmedina

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 20 April 2013 - 01:02 PM

Need assistance with a post created in 31 December 2011.  I have created my fixlist but do not know how to move forward from that point.  Please help.
 
Here is the scan log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2013
Ran by SYSTEM on 20-04-2013 10:26:04
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: RecoveryThe current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" [656040 2008-03-27] ()
HKLM\...\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe" [16040 2008-03-27] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1246544 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255360 2012-12-14] (LogMeIn Inc.)
HKU\chuck598\...\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO [ 2009-08-06] (TOSHIBA)
HKU\chuck598\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\chuck598\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [ 2013-03-15] (Valve Corporation)
HKU\chuck598\...\Run: [uTorrent] "C:\Users\chuck598\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [ 2013-03-16] (BitTorrent Inc.)
HKU\chuck598\...\Run: [SearchProtect] C:\Users\chuck598\AppData\Roaming\SearchProtect\bin\cltmng.exe [ 2013-03-06] (Conduit)
HKU\Nathan\...\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO [ 2009-08-06] (TOSHIBA)
HKU\Nathan\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
Startup: C:ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\chuck598\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Quake 2 Online Servers.lnk
ShortcutTarget: Quake 2 Online Servers.lnk -> C:\Program Files\Quake 2 RUS v3.23\Quake 2 Server Browser.exe (r1ch.net)
Startup: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1436160 2012-12-14] (LogMeIn Inc.)
S2 lxdqCATSCustConnectService; C:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [98984 2008-02-27] (Lexmark International, Inc.)
S2 lxdq_device; C:\windows\system32\lxdqcoms.exe [594600 2008-02-27] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll [135024 2011-10-10] (Symantec Corporation)
S3 npggsvc; C:\windows\system32\GameMon.des [3583592 2010-06-15] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [75136 2011-02-11] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [259632 2009-08-21] (Symantec Corporation)
S1 ccHP; C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [467592 2011-10-10] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-12-22] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2009-12-22] (Symantec Corporation)
S0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [194800 2010-11-20] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100119.001\IDSvix86.sys [343088 2009-10-28] (Symantec Corporation)
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [376320 2009-08-13] (Realtek Semiconductor Corporation                           )
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS [308272 2009-08-21] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS [43696 2009-08-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1008030.006\SYMEFA.SYS [310320 2009-08-21] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [124976 2009-12-20] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [25648 2009-08-21] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS [217464 2011-09-21] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-21] (Anchorfree Inc.)
S3 dump_wmimmc; \??\c:\program files\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
S3 EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.008\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.008\NAVEX15.SYS [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 XDva317; \??\C:\windows\system32\XDva317.sys [x]
S3 XDva321; \??\C:\windows\system32\XDva321.sys [x]
S3 XDva323; \??\C:\windows\system32\XDva323.sys [x]
S3 XDva326; \??\C:\windows\system32\XDva326.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-20 10:25 - 2013-04-20 10:25 - 00000000 ____D C:\FRST
2013-04-02 19:16 - 2012-01-17 08:32 - 01760768 ____A (Re-Logic) C:\Users\chuck598\Desktop\TerrariaServer.exe
2013-04-02 19:16 - 2011-12-23 09:02 - 00002105 ____A C:\Users\chuck598\Desktop\serverconfig.txt
2013-04-02 19:16 - 2011-06-05 20:00 - 00000123 ____A C:\Users\chuck598\Desktop\start-server.bat
2013-04-02 19:06 - 2013-04-02 20:02 - 00000000 ____D C:\Users\chuck598\AppData\Local\LogMeIn Hamachi
2013-04-02 19:05 - 2013-04-02 19:05 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-04-02 19:03 - 2013-04-02 19:04 - 04295168 ____A C:\Users\chuck598\Downloads\hamachi(1).msi

==================== One Month Modified Files and Folders ========

2013-04-20 10:25 - 2013-04-20 10:25 - 00000000 ____D C:\FRST
2013-04-02 20:04 - 2009-11-09 18:55 - 01686017 ____A C:\Windows\WindowsUpdate.log
2013-04-02 20:03 - 2013-03-16 22:17 - 00000000 ____D C:\Users\chuck598\AppData\Roaming\uTorrent
2013-04-02 20:02 - 2013-04-02 19:06 - 00000000 ____D C:\Users\chuck598\AppData\Local\LogMeIn Hamachi
2013-04-02 20:01 - 2011-05-30 17:19 - 00000000 ____D C:\Program Files\Steam
2013-04-02 19:58 - 2010-01-18 09:06 - 00000468 ____A C:\Windows\Tasks\Norton Security Scan for CN.job
2013-04-02 19:51 - 2012-04-04 21:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-02 19:29 - 2010-01-28 18:54 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-02 19:05 - 2013-04-02 19:05 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-04-02 19:04 - 2013-04-02 19:03 - 04295168 ____A C:\Users\chuck598\Downloads\hamachi(1).msi
2013-04-02 17:00 - 2011-09-02 21:59 - 00000450 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-04-02 16:27 - 2013-02-25 16:16 - 00000024 ____A C:\Users\chuck598\random.dat
2013-04-02 15:38 - 2013-01-05 14:33 - 00000032 ____A C:\Users\chuck598\jagex_cl_runescape_LIVE.dat
2013-04-02 15:38 - 2011-09-02 21:59 - 00000364 ____A C:\Windows\Tasks\PC Health Advisor.job
2013-04-02 15:28 - 2010-01-28 18:53 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-02 02:33 - 2010-01-20 18:38 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-03-28 15:38 - 2011-09-02 21:59 - 00000382 ____A C:\Windows\Tasks\PC Health Advisor Defrag.job
2013-03-27 16:10 - 2013-03-09 13:54 - 00000047 ____A C:\Users\chuck598\jagex_cl_oldschool_LIVE.dat
2013-03-27 15:28 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-27 15:28 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-27 13:41 - 2011-09-02 21:59 - 00000424 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2013-03-24 19:07 - 2013-01-05 14:42 - 00000048 ____A C:\Users\chuck598\jagex_cl_runescape_LIVE1.dat
2013-03-24 14:44 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-03-24 14:30 - 2009-09-03 00:26 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-24 14:22 - 2012-08-14 23:54 - 00000476 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2013-03-24 14:21 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-24 14:21 - 2009-07-13 20:39 - 00140653 ____A C:\Windows\setupact.log
2013-03-23 22:02 - 2013-03-17 20:59 - 00000000 ____D C:\Users\chuck598\AppData\Roaming\Dwarfs
2013-03-21 14:10 - 2009-07-13 20:33 - 00340792 ____A C:\Windows\System32\FNTCACHE.DAT

==================== Known DLLs (ALL) =========================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1912.89 MB
Available physical RAM: 1512.03 MB
Total Pagefile: 1912.89 MB
Available Pagefile: 1520.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.87 MB

==================== Drives ================================

Drive c: (TI102605W0F) (Fixed) (Total:223.27 GB) (Free:88.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (TI102605W0F) (CDROM) (Total:4.1 GB) (Free:0 GB) CDFS
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:1.9 GB) (Free:1.69 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB      0 B         
  Disk 1    Online         1952 MB      0 B         

Partitions of Disk 0:
===============

Disk ID: 6C676C67

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            223 GB  1501 MB
  Partition 3    Primary              8 GB   224 GB

==================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   System       NTFS   Partition   1500 MB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   TI102605W0F  NTFS   Partition    223 GB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1950 MB   122 KB

==================================================================================

Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G                FAT    Removable   1950 MB  Healthy            

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 233 GB) (Disk ID: 6C676C67)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=223 GB) - (Type=07) (NTFS)

Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

====================================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


Last Boot: 2013-03-20 11:23

==================== End Of Log ============================

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:09 PM

Posted 23 April 2013 - 10:39 AM

Hi mdsmedina,

 

Please tell me if you have still the boot issue, if you have done anything to change the system condition since posting the log and what was your last activity before the boot issue.

 

Also tell me if this is a Windows upgrade from Vista to Windows 7.

 

Also in case the system is not bootable yet please do the following:

 

Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

fvevol.sys

Click Search File(s) button and post the log it makes (Search.txt) to your reply.

 



#3 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 24 April 2013 - 05:50 PM

The system came with windows 7 Home Premium 32-bit

 

System is currently searching for fvevol.sys 

 

will post log once I have results.



#4 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 24 April 2013 - 06:10 PM

System starts scan then freezes



#5 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 24 April 2013 - 06:31 PM

I apologize, I did not wait long enough.  Here is the log.

 

Farbar Recovery Scan Tool (x86) Version: 20-04-2013
Ran by SYSTEM at 2013-04-24 15:59:49
Running from G:\
Boot Mode: Recovery

================== Search: "fvevol.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7601.17514_none_308be1673e2fc6a8\fvevol.sys
[2011-06-07 19:11] - [2010-11-20 04:24] - 0194800 ____A () 0483C5CCBDDBB96CA1ADD7B5706BAC72

C:\Windows\winsxs\x86_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7600.20536_none_2f1b7c365a356da1\fvevol.sys
[2010-04-27 14:44] - [2009-09-25 22:14] - 0194488 ____A (Microsoft Corporation) 49476EFC1B61248749B2E254CBA7C84E

C:\Windows\winsxs\x86_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7600.16429_none_2e9fb035410cfdeb\fvevol.sys
[2010-04-27 14:44] - [2009-09-25 21:58] - 0194488 ____A (Microsoft Corporation) DAFBD9FE39197495AED6D51F3B85B5D2

C:\Windows\winsxs\x86_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7600.16385_none_2e5acd9f4141430e\fvevol.sys
[2009-07-13 15:13] - [2009-07-13 17:17] - 0194488 ____A (Microsoft Corporation) 5592F5DBA26282D24D2B080EB438A4D7

C:\Windows\System32\drivers\fvevol.sys
[2011-06-07 19:11] - [2010-11-20 04:24] - 0194800 ____A () 0483C5CCBDDBB96CA1ADD7B5706BAC72

=== End Of Search ===



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:09 PM

Posted 25 April 2013 - 12:22 PM

One of the MS files is corrupt. Let's replace it.

 

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\winsxs\x86_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7601.17514_none_308be1673e2fc6a8\fvevol.sys
Replace: C:\Windows\winsxs\x86_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7600.16429_none_2e9fb035410cfdeb\fvevol.sys C:\Windows\System32\drivers\fvevol.sys
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Also restart and let it boot normally. In case you could not boot normally please give me proper feedback about what you see on the screen.

 

 



#7 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 27 April 2013 - 05:24 PM

Thank you. I am out of town for a few days. Will work on it Monday.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:09 PM

Posted 27 April 2013 - 05:32 PM

Thanks for letting me know.



#9 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 28 April 2013 - 05:34 PM

Hi.  I am back a day early. 

 

I performed your previous instructions on the computer transfering the fixlist file.

 

The computer started (took several minutes to boot) showed screen to choose a user. 

 

I chose a user the screen then said "welcome", then said "shut down" it rebooted itself and is now stuck with a blank screen with the pointer icon on it.

 

It does nothing after that point.



#10 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 28 April 2013 - 06:13 PM

Correction to previous post, it actually continues to repeat the process.



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:09 PM

Posted 28 April 2013 - 08:05 PM

I chose a user the screen then said "welcome", then said "shut down" it rebooted itself and is now stuck with a blank screen with the pointer icon on it.

Is this a new developement after doing the fix, or it was the same before the fix?

 

Please post the Fixlog.txt that is made on the flash drive. Also post a fresh scan of FRST.



#12 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 28 April 2013 - 08:38 PM

This is a new developement after the fix. 

Here is the Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2013
Ran by SYSTEM at 2013-04-28 14:47:12 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

C:\Windows\winsxs\x86_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7601.17514_none_308be1673e2fc6a8\fvevol.sys moved successfully.
C:\Windows\System32\drivers\fvevol.sys moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..tartup-filterdriver_31bf3856ad364e35_6.1.7600.16429_none_2e9fb035410cfdeb\fvevol.sys copied successfully to C:\Windows\System32\drivers\fvevol.sys

==== End of Fixlog ====



#13 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 28 April 2013 - 08:41 PM

system currently scanning to create fresh frst log.  will post once complete.



#14 mdsmedina

mdsmedina
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 28 April 2013 - 09:00 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2013 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM on 28-04-2013 18:39:18
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: RecoveryThe current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe" [656040 2008-03-27] ()
HKLM\...\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe" [16040 2008-03-27] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1246544 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255360 2012-12-14] (LogMeIn Inc.)
HKU\chuck598\...\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO [ 2009-08-06] (TOSHIBA)
HKU\chuck598\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\chuck598\...\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent [ 2013-03-15] (Valve Corporation)
HKU\chuck598\...\Run: [uTorrent] "C:\Users\chuck598\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [ 2013-03-16] (BitTorrent Inc.)
HKU\chuck598\...\Run: [SearchProtect] C:\Users\chuck598\AppData\Roaming\SearchProtect\bin\cltmng.exe [ 2013-03-06] (Conduit)
HKU\Nathan\...\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO [ 2009-08-06] (TOSHIBA)
HKU\Nathan\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
Startup: C:ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\chuck598\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Quake 2 Online Servers.lnk
ShortcutTarget: Quake 2 Online Servers.lnk -> C:\Program Files\Quake 2 RUS v3.23\Quake 2 Server Browser.exe (r1ch.net)
Startup: C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
S2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1436160 2012-12-14] (LogMeIn Inc.)
S2 lxdqCATSCustConnectService; C:\windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [98984 2008-02-27] (Lexmark International, Inc.)
S2 lxdq_device; C:\windows\system32\lxdqcoms.exe [594600 2008-02-27] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll [135024 2011-10-10] (Symantec Corporation)
S3 npggsvc; C:\windows\system32\GameMon.des [3583592 2010-06-15] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [75136 2011-02-11] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-01-31] (Skype Technologies S.A.)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [259632 2009-08-21] (Symantec Corporation)
S1 ccHP; C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [467592 2011-10-10] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2009-12-22] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2009-12-22] (Symantec Corporation)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100119.001\IDSvix86.sys [343088 2009-10-28] (Symantec Corporation)
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [376320 2009-08-13] (Realtek Semiconductor Corporation                           )
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2010-11-26] ()
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS [308272 2009-08-21] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS [43696 2009-08-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1008030.006\SYMEFA.SYS [310320 2009-08-21] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [124976 2009-12-20] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [25648 2009-08-21] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS [217464 2011-09-21] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-21] (Anchorfree Inc.)
S3 dump_wmimmc; \??\c:\program files\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
S3 EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.008\NAVENG.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.008\NAVEX15.SYS [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
S3 XDva317; \??\C:\windows\system32\XDva317.sys [x]
S3 XDva321; \??\C:\windows\system32\XDva321.sys [x]
S3 XDva323; \??\C:\windows\system32\XDva323.sys [x]
S3 XDva326; \??\C:\windows\system32\XDva326.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-21 10:00 - 2013-04-21 10:00 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-04-21 03:03 - 2013-04-21 03:03 - 00000000 ____D C:\Windows\System32\config\mhbackup
2013-04-20 10:25 - 2013-04-20 10:25 - 00000000 ____D C:\FRST
2013-04-02 19:16 - 2012-01-17 08:32 - 01760768 ____A (Re-Logic) C:\Users\chuck598\Desktop\TerrariaServer.exe
2013-04-02 19:16 - 2011-12-23 09:02 - 00002105 ____A C:\Users\chuck598\Desktop\serverconfig.txt
2013-04-02 19:16 - 2011-06-05 20:00 - 00000123 ____A C:\Users\chuck598\Desktop\start-server.bat
2013-04-02 19:06 - 2013-04-02 20:02 - 00000000 ____D C:\Users\chuck598\AppData\Local\LogMeIn Hamachi
2013-04-02 19:05 - 2013-04-02 19:05 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-04-02 19:03 - 2013-04-02 19:04 - 04295168 ____A C:\Users\chuck598\Downloads\hamachi(1).msi

==================== One Month Modified Files and Folders ========

2013-04-28 15:10 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-28 15:10 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-21 16:18 - 2011-09-02 21:59 - 00000000 ____D C:\Program Files\ParetoLogic
2013-04-21 10:00 - 2013-04-21 10:00 - 00000000 ____D C:\Windows\System32\config\mybackup
2013-04-21 03:03 - 2013-04-21 03:03 - 00000000 ____D C:\Windows\System32\config\mhbackup
2013-04-20 10:25 - 2013-04-20 10:25 - 00000000 ____D C:\FRST
2013-04-02 20:04 - 2009-11-09 18:55 - 01686017 ____A C:\Windows\WindowsUpdate.log
2013-04-02 20:03 - 2013-03-16 22:17 - 00000000 ____D C:\Users\chuck598\AppData\Roaming\uTorrent
2013-04-02 20:02 - 2013-04-02 19:06 - 00000000 ____D C:\Users\chuck598\AppData\Local\LogMeIn Hamachi
2013-04-02 20:01 - 2011-05-30 17:19 - 00000000 ____D C:\Program Files\Steam
2013-04-02 19:58 - 2010-01-18 09:06 - 00000468 ____A C:\Windows\Tasks\Norton Security Scan for CN.job
2013-04-02 19:51 - 2012-04-04 21:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-02 19:29 - 2010-01-28 18:54 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-02 19:05 - 2013-04-02 19:05 - 00000000 ____D C:\Program Files\LogMeIn Hamachi
2013-04-02 19:04 - 2013-04-02 19:03 - 04295168 ____A C:\Users\chuck598\Downloads\hamachi(1).msi
2013-04-02 17:00 - 2011-09-02 21:59 - 00000450 ____A C:\Windows\Tasks\ParetoLogic Registration3.job
2013-04-02 16:27 - 2013-02-25 16:16 - 00000024 ____A C:\Users\chuck598\random.dat
2013-04-02 15:38 - 2013-01-05 14:33 - 00000032 ____A C:\Users\chuck598\jagex_cl_runescape_LIVE.dat
2013-04-02 15:38 - 2011-09-02 21:59 - 00000364 ____A C:\Windows\Tasks\PC Health Advisor.job
2013-04-02 15:28 - 2010-01-28 18:53 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-02 02:33 - 2010-01-20 18:38 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Known DLLs (ALL) =========================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1912.89 MB
Available physical RAM: 1524.97 MB
Total Pagefile: 1912.89 MB
Available Pagefile: 1532.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.88 MB

==================== Drives ================================

Drive c: (TI102605W0F) (Fixed) (Total:223.27 GB) (Free:88.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:1.9 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB      0 B         
  Disk 1    Online         1952 MB      0 B         

Partitions of Disk 0:
===============

Disk ID: 6C676C67

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            223 GB  1501 MB
  Partition 3    Primary              8 GB   224 GB

==================================================================================

Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   System       NTFS   Partition   1500 MB  Healthy    Hidden  

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   TI102605W0F  NTFS   Partition    223 GB  Healthy            

=========================================================

Disk: 0
Partition 3
Type  : 17
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1950 MB   122 KB

==================================================================================

Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G                FAT    Removable   1950 MB  Healthy            

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 233 GB) (Disk ID: 6C676C67)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=223 GB) - (Type=07) (NTFS)

Partition 3: (Not Active) - (Size=8 GB) - (Type=17)

====================================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


Last Boot: 2013-03-20 11:23

==================== End Of Log ============================



#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:09 PM

Posted 29 April 2013 - 12:52 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2013-03-20 11:23
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Also restart and let it boot normally. In case you could not boot normally please give me feedback about what you see on the screen.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users