Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C000021a Problem Event Name Start Up Repair Offline


  • This topic is locked This topic is locked
2 replies to this topic

#1 TPDDoyle

TPDDoyle

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 04 May 2013 - 09:24 AM

Hi,

 

I am trying to sort out  C000021a (fatal system error) 0x00000000 (0xC0000001 0x00020a68)

 

Nothing in the suite of windows repairs or restores works. Diagnosis is 

 

Problem Event Name Startup Repair Offline

Problem Signature 1 6.1.7600.16385

                              2 6.1.7600.16385

                              3 unknown

                              4 -1

                              5 Auto Failure

                              6 13

                              7 Corrupt Registry

                              OS 6.1.7600.2.0.0.256.1

                              Locale ID 2057

 

From a previous forum I downloaded and ran a diagnostic tool Farbar.exe the results are attached as a text file and pasted below on the belt and braces principle. 

 

Suggestions that avoid a return to factory settings would be gratefully received.

 

Tom

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-05-2013
Ran by SYSTEM on 04-05-2013 14:34:04
Running from F:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Winlogon: [Userinit] 
HKLM-x32\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]  [x ] ()
HKLM-x32\...\Winlogon: [Shell]  [x ] ()
HKU\Tom Datttenberg-Doyl\...\Run: [Google Update] "C:\Users\Tom Datttenberg-Doyl\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-24] (Google Inc.)
HKU\Tom Datttenberg-Doyl\...\Run: [8BFAAD4B3D68EE4774B1349EB99933578FA21424._service_run] "C:\Users\Tom Datttenberg-Doyl\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [1312720 2013-04-09] (Google Inc.)
HKU\Tom Datttenberg-Doyl\...\Run: [Spotify Web Helper] "C:\Users\Tom Datttenberg-Doyl\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-08] (Spotify Ltd)
HKU\Tom Datttenberg-Doyl\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED [802136 2013-05-02] (BitTorrent Inc.)
HKU\Tom Datttenberg-Doyl\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-02-28] (Google Inc.)
Startup: C:ProgramData\Start Menu\Programs\Startup\Duplicati.lnk
ShortcutTarget: Duplicati.lnk -> C:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\Users\Tom Datttenberg-Doyl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Tom Datttenberg-Doyl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6600.lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????autocheck smrgdf C:\Users\Tom Datttenberg-Doyl\AppData\Roaming\iolo\
 
==================== Services (Whitelisted) =================
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [75912 2011-05-18] (Sony Corporation)
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2011-03-02] (CyberLink)
S4 CorelCreatorMessages; C:\Windows\system32\CorelCreatorMessages.exe [105984 2012-04-25] (Global Graphics Software Ltd)
S2 GobiQDLService; C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe [318464 2011-03-04] (HUAWEI Technologies Co., Ltd.)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1070080 2013-03-17] (iolo technologies, LLC)
S2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1044648 2009-08-19] ( )
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2010-02-24] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2010-02-24] (Sonic Solutions)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2011-06-10] (Realtek Semiconductor)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121696 2012-08-24] (Commtouch, Inc.)
S2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119136 2012-08-24] (Commtouch, Inc.)
S3 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [181600 2012-08-24] (Commtouch, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
S2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [342984 2011-03-09] ()
 
==================== Drivers (Whitelisted) ====================
 
S2 AMP; C:\Windows\system32\Drivers\amp.sys [173408 2012-08-24] (Commtouch, Inc.)
S2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1504608 2012-08-24] (Commtouch, Inc.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S3 gobi3kfilter; C:\Windows\System32\DRIVERS\gobi3kfilter.sys [34304 2010-12-13] (QUALCOMM Incorporated)
S3 gobi3kmbb; C:\Windows\System32\DRIVERS\gobi3kmbb.sys [399360 2010-12-14] (QUALCOMM Incorporated)
S3 gobi3kserial; C:\Windows\System32\DRIVERS\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
S0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [182576 2011-04-25] (Marvell Semiconductor, Inc.)
S1 FileDisk; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-04 14:24 - 2013-05-04 14:24 - 00000000 ____D C:\FRST
2013-04-28 21:12 - 2013-04-28 21:12 - 00000141 ____A C:\Users\Tom Datttenberg-Doyl\Downloads\mime-attachment
2013-04-24 13:27 - 2013-04-24 13:28 - 00368128 ____A C:\Users\Tom Datttenberg-Doyl\Documents\BusinessCard_IanForrester.zdl
2013-04-24 13:20 - 2013-04-24 13:25 - 00367616 ____A C:\Users\Tom Datttenberg-Doyl\Documents\BusinessCard_SteveRigby.zdl
2013-04-24 07:28 - 2013-04-24 07:28 - 00002200 ____A C:\Users\Public\Desktop\HP Officejet Pro 8100.lnk
2013-04-24 07:28 - 2012-11-01 12:38 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\System32\HPDiscoPM5B12.dll
2013-04-24 07:21 - 2013-04-24 07:23 - 60728808 ____A C:\Users\Tom Datttenberg-Doyl\Downloads\OJ8100_1321.exe
2013-04-23 20:43 - 2013-04-12 14:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-22 18:03 - 2013-04-22 18:03 - 00100262 ____A C:\Users\Tom Datttenberg-Doyl\Desktop\Completed job in March.txt
2013-04-17 12:36 - 2013-04-17 12:36 - 00010278 ____A C:\Users\Tom Datttenberg-Doyl\Documents\qry_rpt_client_6.xlsx
2013-04-11 02:00 - 2013-02-22 06:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 02:00 - 2013-02-22 06:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 02:00 - 2013-02-22 06:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 02:00 - 2013-02-22 06:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 02:00 - 2013-02-22 06:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 02:00 - 2013-02-22 06:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-11 02:00 - 2013-02-22 06:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 02:00 - 2013-02-22 06:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 02:00 - 2013-02-22 06:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 02:00 - 2013-02-22 06:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-11 02:00 - 2013-02-22 06:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-11 02:00 - 2013-02-22 06:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 02:00 - 2013-02-22 06:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 02:00 - 2013-02-22 06:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 02:00 - 2013-02-22 06:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 02:00 - 2013-02-22 06:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 02:00 - 2013-02-22 04:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 02:00 - 2013-02-22 03:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 02:00 - 2013-02-22 03:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-11 02:00 - 2013-02-22 03:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 02:00 - 2013-02-22 03:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 02:00 - 2013-02-22 03:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-11 02:00 - 2013-02-22 03:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-11 02:00 - 2013-02-22 03:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 02:00 - 2013-02-22 03:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-11 02:00 - 2013-02-22 03:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-11 02:00 - 2013-02-22 03:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-11 02:00 - 2013-02-22 03:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 02:00 - 2013-02-22 03:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 02:00 - 2013-02-22 03:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 02:00 - 2013-02-22 03:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-11 02:00 - 2013-02-22 03:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 18:59 - 2013-03-19 06:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 18:59 - 2013-03-19 05:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 18:59 - 2013-03-19 05:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 18:59 - 2013-03-19 05:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 18:59 - 2013-03-19 04:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 18:59 - 2013-03-19 03:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 18:59 - 2013-03-01 03:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 18:59 - 2013-01-24 06:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
 
==================== One Month Modified Files and Folders =======
 
2013-05-04 14:24 - 2013-05-04 14:24 - 00000000 ____D C:\FRST
2013-05-04 10:31 - 2012-11-01 15:41 - 03269166 ____A C:\Windows\PFRO.log
2013-05-04 10:19 - 2012-08-14 14:29 - 00000000 ____D C:\Users\Tom Datttenberg-Doyl\AppData\Roaming\uTorrent
2013-05-04 10:19 - 2012-04-27 13:17 - 00000000 ____D C:\Users\Tom Datttenberg-Doyl\AppData\Roaming\Dropbox
2013-05-04 10:19 - 2012-04-24 08:36 - 00000968 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-964782262-308968673-2478737194-1001UA.job
2013-05-03 13:51 - 2013-03-01 09:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-03 13:35 - 2013-02-28 11:24 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-03 11:25 - 2012-04-24 08:35 - 00000000 ____D C:\Users\Tom Datttenberg-Doyl\AppData\Local\Deployment
2013-05-03 10:40 - 2013-02-28 11:24 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-03 10:40 - 2012-04-24 08:36 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-964782262-308968673-2478737194-1001Core.job
2013-05-03 09:13 - 2009-07-14 05:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-02 12:10 - 2012-04-18 12:29 - 02000108 ____A C:\Windows\WindowsUpdate.log
2013-05-02 08:58 - 2012-11-01 15:41 - 00025378 ____A C:\Windows\setupact.log
2013-05-02 05:43 - 2012-08-14 14:30 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-04-29 23:51 - 2009-07-14 04:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-29 23:51 - 2009-07-14 04:45 - 00017152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-29 23:46 - 2012-04-27 13:18 - 00000000 ___RD C:\Users\Tom Datttenberg-Doyl\Dropbox
2013-04-29 23:45 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-04-29 23:44 - 2012-04-24 09:30 - 00000408 ____A C:\Windows\SysWOW64\iolo.ini
2013-04-29 23:44 - 2012-04-24 09:30 - 00000408 ____A C:\Windows\System32\iolo.ini
2013-04-29 23:44 - 2012-04-24 09:30 - 00000392 ____A C:\Windows\SysWOW64\iolo.ini.txt
2013-04-29 23:43 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-28 21:12 - 2013-04-28 21:12 - 00000141 ____A C:\Users\Tom Datttenberg-Doyl\Downloads\mime-attachment
2013-04-24 13:28 - 2013-04-24 13:27 - 00368128 ____A C:\Users\Tom Datttenberg-Doyl\Documents\BusinessCard_IanForrester.zdl
2013-04-24 13:25 - 2013-04-24 13:20 - 00367616 ____A C:\Users\Tom Datttenberg-Doyl\Documents\BusinessCard_SteveRigby.zdl
2013-04-24 07:53 - 2012-05-16 07:51 - 00000000 ____D C:\Users\Tom Datttenberg-Doyl\AppData\Local\HP
2013-04-24 07:28 - 2013-04-24 07:28 - 00002200 ____A C:\Users\Public\Desktop\HP Officejet Pro 8100.lnk
2013-04-24 07:28 - 2012-05-16 07:44 - 00000000 ____D C:\Program Files\HP
2013-04-24 07:28 - 2012-04-24 09:09 - 00000000 ____D C:\Program Files (x86)\HP
2013-04-24 07:28 - 2012-04-24 09:07 - 00000000 ____D C:ProgramData\HP
2013-04-24 07:23 - 2013-04-24 07:21 - 60728808 ____A C:\Users\Tom Datttenberg-Doyl\Downloads\OJ8100_1321.exe
2013-04-23 14:41 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\NDF
2013-04-22 18:03 - 2013-04-22 18:03 - 00100262 ____A C:\Users\Tom Datttenberg-Doyl\Desktop\Completed job in March.txt
2013-04-17 12:36 - 2013-04-17 12:36 - 00010278 ____A C:\Users\Tom Datttenberg-Doyl\Documents\qry_rpt_client_6.xlsx
2013-04-12 14:45 - 2013-04-23 20:43 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 12:36 - 2012-05-29 13:28 - 00000000 ____D C:\Users\Tom Datttenberg-Doyl\Documents\Outlook Files
2013-04-11 02:20 - 2009-07-14 04:45 - 00453784 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 02:01 - 2012-04-25 14:47 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-11 02:01 - 2012-04-24 12:17 - 00000000 ____D C:ProgramData\Microsoft Help
2013-04-10 19:00 - 2012-04-24 08:37 - 00002441 ____A C:\Users\Tom Datttenberg-Doyl\Desktop\Google Chrome.lnk
2013-04-10 09:27 - 2012-05-27 21:18 - 00271912 ____A C:\test.xml
2013-04-06 10:33 - 2013-03-01 13:28 - 00103936 ____A C:\Users\Tom Datttenberg-Doyl\Documents\rpt_accounts_invoices_received.xls
2013-04-06 09:54 - 2009-07-14 03:20 - 00000000 ___SD C:ProgramData\Microsoft
2013-04-06 09:53 - 2009-07-14 02:34 - 00000781 ____A C:\Windows\win.ini
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8107.82 MB
Available physical RAM: 7254.74 MB
Total Pagefile: 8105.96 MB
Available Pagefile: 7254.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:102.56 GB) (Free:31.02 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:16.59 GB) (Free:1.11 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (UDISK 2.0) (Removable) (Total:1.91 GB) (Free:0.14 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          119 GB      0 B         
  Disk 1    Online         1962 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 3D627869
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery            16 GB  1024 KB
  Partition 2    Primary            100 MB    16 GB
  Partition 3    Primary            102 GB    16 GB
 
==================================================================================
 
Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     E   Recovery     NTFS   Partition     16 GB  Healthy    Hidden  
 
=========================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 0     Y   System Rese  NTFS   Partition    100 MB  Healthy            
 
=========================================================
 
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C                NTFS   Partition    102 GB  Healthy            
 
=========================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 3239F370
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           1961 MB    16 KB
 
==================================================================================
 
Disk: 1
Partition 1
Type  : 0C
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   UDISK 2.0    FAT32  Removable   1961 MB  Healthy            
 
=========================================================
============================== MBR & Partition Table ==================
 
====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 3D627869)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=103 GB) - (Type=07 NTFS)
 
====================================================================
Disk: 1 (Size: 2 GB) (Disk ID: 3239F370)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0C)
 
 
Last Boot: 2013-05-04 11:30
 
==================== End Of Log ============================

Attached Files


Edited by hamluis, 04 May 2013 - 01:43 PM.
Moved from Win 7 to Malwarer Remvoal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 09 May 2013 - 09:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/493508 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 14 May 2013 - 09:30 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users