Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Failed to Start, Repair fails


  • This topic is locked This topic is locked
22 replies to this topic

#1 steelchamps

steelchamps

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 05 May 2013 - 09:19 PM

I have Windows 7 and can not boot to my OS. System repair says that startup offline. I have found the topic in this forum and have tried the FRST download but when I get to the Fix part in this tool it says I don't know what I am doing and shuts the tool down. Can anyone please help me fix this problem? Thanks!


Edited by hamluis, 06 May 2013 - 03:27 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:51 AM

Posted 06 May 2013 - 02:14 PM

:welcome:

Please post the FRST log.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 steelchamps

steelchamps
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 07 May 2013 - 10:44 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2013
Ran by SYSTEM on 02-05-2013 21:02:42
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [lxeamon.exe] .EXE" [x]
HKLM\...\Run: [EzPrint] T.EXE" [x]
HKLM\...\Run: [SynTPEnh] H.EXE [x]
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]
HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]
HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1118040 2010-10-20] (Dell, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-05-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1151152 2013-02-22] ()
HKU\SSTENGER\...\RunOnce: [JavaInstallRetry] "C:\Users\SSTENGER\AppData\LocalLow\Sun\Java\JRERunOnce.exe" RUNONCE=1 SPONSORS=0 SPONSORS=0 [897448 2013-03-01] (Oracle Corporation)
HKU\SSTENGER\...\RunOnce: [Application Restart #0] C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\SSTENGER\...\RunOnce: [Application Restart #1] C:\Program Files (x86)\Internet Explorer\iexplore.exe -restart /WERRESTART [673040 2010-11-20] (Microsoft Corporation)
Startup: C:ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe ()
Startup: C:ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\SSTENGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S2 LGE NDIS Connection Service; C:\Program Files (x86)\LG Electronics\LGE LTE Driver\LGVL600SVC.exe [140224 2010-12-13] ()
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-07-17] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-07-17] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-22] ()

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-22] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
S3 LGELTEBus; C:\Windows\System32\DRIVERS\LGELTEBus.sys [42496 2011-02-16] (LG Electronics )
S3 LGELTEmdm; C:\Windows\System32\DRIVERS\LGELTEmdm.sys [116480 2011-02-16] (LG Electronics )
S3 LGELTEMux; C:\Windows\System32\DRIVERS\LGELTEMux.sys [47104 2011-02-16] (LG Electronics )
S3 LGELTENdis; C:\Windows\System32\DRIVERS\LGELTENdis.sys [52736 2011-02-16] (LG Electronics )
S3 LGELTEprt; C:\Windows\System32\DRIVERS\LGELTEprt.sys [117120 2011-02-16] (LG Electronics )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [235776 2011-10-16] (DEVGURU Co., LTD.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-02 20:22 - 2013-05-02 20:22 - 00000000 ____D C:\FRST
2013-04-23 12:05 - 2013-04-23 12:05 - 00000000 __SHD C:\found.001
2013-04-11 20:17 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-11 20:17 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-11 20:17 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-11 20:17 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-11 20:17 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-11 20:17 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-11 20:16 - 2013-03-01 21:56 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 20:16 - 2013-03-01 21:55 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 20:16 - 2013-03-01 21:55 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 20:16 - 2013-03-01 21:50 - 09059328 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 20:16 - 2013-03-01 21:50 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 20:16 - 2013-03-01 21:50 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 20:16 - 2013-03-01 21:49 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 20:16 - 2013-03-01 21:49 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 20:16 - 2013-03-01 21:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 20:16 - 2013-03-01 21:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 20:16 - 2013-03-01 20:58 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 20:16 - 2013-03-01 20:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 20:16 - 2013-03-01 20:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-11 20:16 - 2013-03-01 20:54 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 20:16 - 2013-03-01 20:54 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 20:16 - 2013-03-01 20:54 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-11 20:16 - 2013-03-01 20:53 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 20:16 - 2013-03-01 20:52 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 20:16 - 2013-03-01 20:52 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 20:16 - 2013-03-01 20:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-11 20:16 - 2013-03-01 19:57 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 20:16 - 2013-03-01 19:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 20:16 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-11 20:15 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-05-02 20:22 - 2013-05-02 20:22 - 00000000 ____D C:\FRST
2013-04-23 12:05 - 2013-04-23 12:05 - 00000000 __SHD C:\found.001
2013-04-23 09:02 - 2012-06-20 07:28 - 00334522 ____A C:\Windows\System32\ptumlacsvc-0.log
2013-04-23 09:00 - 2011-02-02 19:07 - 01860398 ____A C:\Windows\WindowsUpdate.log
2013-04-23 08:59 - 2012-04-07 18:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-12 07:22 - 2013-02-22 20:51 - 00000000 ____D C:ProgramData\MFAData
2013-04-12 07:16 - 2011-02-03 07:34 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-12 07:15 - 2011-02-02 19:38 - 00000000 ____D C:ProgramData\Microsoft Help
2013-04-09 15:49 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-09 15:49 - 2009-07-13 20:45 - 00014816 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-03 19:26 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-03 19:25 - 2009-07-13 20:51 - 00049143 ____A C:\Windows\setupact.log
2013-04-02 11:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

ZeroAccess:
C:\Windows\Installer\{db194f37-53b3-8ba4-cd34-e7890a9fe1ec}
C:\Windows\Installer\{db194f37-53b3-8ba4-cd34-e7890a9fe1ec}\L

ZeroAccess:
C:\Users\SSTENGER\AppData\Local\{db194f37-53b3-8ba4-cd34-e7890a9fe1ec}
C:\Users\SSTENGER\AppData\Local\{db194f37-53b3-8ba4-cd34-e7890a9fe1ec}\L
C:\Users\SSTENGER\AppData\Local\{db194f37-53b3-8ba4-cd34-e7890a9fe1ec}\U

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-12 08:13:43
Restore point made on: 2013-04-12 08:13:48
Restore point made on: 2013-04-12 08:13:50

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 4056.36 MB
Available physical RAM: 3310.52 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3390.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.4 GB) (Free:220.58 GB) NTFS (Disk=0 Partition=3) ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.84 GB) NTFS (Disk=0 Partition=2)
Drive e: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 9F7139F1

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 283 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: BE10F5F4

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 4032 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1908 MB Healthy

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9F7139F1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)

====================================================================
Disk: 2 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: BE10F5F4)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

Last Boot: 2013-04-09 18:09

==================== End Of Log ============================



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:51 AM

Posted 07 May 2013 - 12:10 PM

Download the enclosed file. [attachment=137419:fixlist.txt]

Save it next to FRST.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode. If able, follow these steps:

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
  • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Edited by JSntgRvr, 07 May 2013 - 12:11 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 steelchamps

steelchamps
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 07 May 2013 - 01:34 PM

I ran the fix but it will not boot normal. Please let me know what I should do in that case. Here is the fixlog.

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2013
Ran by SYSTEM at 2013-05-07 13:30:17 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\lxeamon.exe => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EzPrint => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPEnh => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value deleted successfully.
HKEY_USERS\SSTENGER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\JavaInstallRetry => Value not found.
HKEY_USERS\SSTENGER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => Value not found.
HKEY_USERS\SSTENGER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => Value not found.
C:\Windows\Installer\{db194f37-53b3-8ba4-cd34-e7890a9fe1ec} => Moved successfully.
C:\Users\SSTENGER\AppData\Local\{db194f37-53b3-8ba4-cd34-e7890a9fe1ec} => Moved successfully.

==== End of Fixlog ====

 

 

when I try to boot the message says Windows filed to start. A recent hardware or software change might be the cause. It goes on to how to fix it which doesn't work because of the startup problem. As I tried different fixes for the original problem of the startupoffline I received this message now as well. Down at the bottomw it says that Winows failed to load because of the NLS data is missing or corrupt.



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:51 AM

Posted 07 May 2013 - 02:08 PM

Download the enclosed file. [attachment=137425:fixlist.txt]

Save it next to FRST, overwriting the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 steelchamps

steelchamps
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 07 May 2013 - 02:44 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2013
Ran by SYSTEM at 2013-05-07 14:40:46 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

========= bcdedit /enum all /v =========

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
path \bootmgr
description Windows Boot Manager
displayorder {95a2b189-b39f-11e2-9e6f-d917835b7b67}
timeout 10

Windows Boot Loader
-------------------
identifier {95a2b189-b39f-11e2-9e6f-d917835b7b67}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows
osdevice partition=C:
systemroot \Windows

Windows Boot Loader
-------------------
identifier {95a2b18a-b39f-11e2-9e6f-d917835b7b67}
device partition=D:
path \Windows\system32\boot\winload.exe
description Windows ™ Code Name "Longhorn" Preinstallation Environment (recovered)
osdevice partition=D:
systemroot \Windows
detecthal Yes
winpe Yes
custom:46000010 Yes

Windows Boot Loader
-------------------
identifier {95a2b18b-b39f-11e2-9e6f-d917835b7b67}
device ramdisk=[C:]\Recovery\52356ade-2f4c-11e0-9e99-c577e9228067\Winre.wim,{95a2b18c-b39f-11e2-9e6f-d917835b7b67}
path \windows\system32\winload.exe
description Windows Recovery Environment (recovered)
locale
osdevice ramdisk=[C:]\Recovery\52356ade-2f4c-11e0-9e99-c577e9228067\Winre.wim,{95a2b18c-b39f-11e2-9e6f-d917835b7b67}
systemroot \windows
winpe Yes
custom:46000010 Yes

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic

Device options
--------------
identifier {95a2b18c-b39f-11e2-9e6f-d917835b7b67}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\52356ade-2f4c-11e0-9e99-c577e9228067\boot.sdi

========= End of CMD: =========

==== End of Fixlog ====



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:51 AM

Posted 07 May 2013 - 08:56 PM

Boot to the command prompt. Run the following commands:

CHKDSK C: /F
sfc /scannow /offbootdir=c:\ /offwindir=c:\windows


Hint:

Copy and paste the command to a notepad document in the flash drive. Open the document while in the Windows Recovery Command prompt; copy and paste the commands to the command prompt.

Note: These command should take a considerable amount of time. Be patient.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 steelchamps

steelchamps
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 07 May 2013 - 10:43 PM

I have completed the above. What should I do now?



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:51 AM

Posted 08 May 2013 - 10:42 AM

Still unable to boot? If not, Any BSOD or Error message? If still having issues, attempt now the Startup Repair and let me know the outcome.

If still having problems, re-scan with FRST and post its report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 steelchamps

steelchamps
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 08 May 2013 - 11:53 AM

 I scanned again and this is the result.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2013 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM on 08-05-2013 11:49:51
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-25] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]
HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]
HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Dell  DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1118040 2010-10-20] (Dell, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-05-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1151152 2013-02-22] ()
HKU\SSTENGER\...\RunOnce: [JavaInstallRetry] "C:\Users\SSTENGER\AppData\LocalLow\Sun\Java\JRERunOnce.exe" RUNONCE=1 SPONSORS=0 SPONSORS=0 [897448 2013-03-01] (Oracle Corporation)
HKU\SSTENGER\...\RunOnce: [Application Restart #0] C:\Program Files\Windows Sidebar\sidebar.exe  [1475584 2010-11-20] (Microsoft Corporation)
HKU\SSTENGER\...\RunOnce: [Application Restart #1] C:\Program Files (x86)\Internet Explorer\iexplore.exe -restart /WERRESTART [673040 2010-11-20] (Microsoft Corporation)
Startup: C:ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-000000000003}\_SC_Acrobat.exe ()
Startup: C:ProgramData\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\Users\SSTENGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S2 LGE NDIS Connection Service; C:\Program Files (x86)\LG Electronics\LGE LTE Driver\LGVL600SVC.exe [140224 2010-12-13] ()
S2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
S2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408 2012-04-04] (Malwarebytes Corporation)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [237920 2012-07-17] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-07-17] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [177144 2012-07-17] (McAfee, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-25] (IDT, Inc.)
S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-22] ()

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-22] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)
S3 LGELTEBus; C:\Windows\System32\DRIVERS\LGELTEBus.sys [42496 2011-02-16] (LG Electronics )
S3 LGELTEmdm; C:\Windows\System32\DRIVERS\LGELTEmdm.sys [116480 2011-02-16] (LG Electronics )
S3 LGELTEMux; C:\Windows\System32\DRIVERS\LGELTEMux.sys [47104 2011-02-16] (LG Electronics )
S3 LGELTENdis; C:\Windows\System32\DRIVERS\LGELTENdis.sys [52736 2011-02-16] (LG Electronics )
S3 LGELTEprt; C:\Windows\System32\DRIVERS\LGELTEprt.sys [117120 2011-02-16] (LG Electronics )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [235776 2011-10-16] (DEVGURU Co., LTD.)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
 



#12 steelchamps

steelchamps
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 08 May 2013 - 12:00 PM

I am not sure that this makes a difference for any of this but the startup repair has stated that I may have attached a device and this may have caused the problem. It gives the startupoffline error though so it may have nothing to do with it. I did have an iPod charging which I hadn't done before on that laptop. I unplugged when the computer would not boot. Also the laptop was Vista and I upgraded with 7. I think that is about it. I do know that the different fixes I tried before this caused it to boot to the error message that the NLS data was missing or corrupt before it was only the startupoffline error. So I have to boot to the repair tools through the cd now and cannot through F8. Please feel free to ask me whatever you need to help fix this. Hope this sheds some light.



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:51 AM

Posted 08 May 2013 - 03:15 PM

I believe the FRST report is incomplete. Lets check the cntents of the .nls files.

Download the enclosed file. [attachment=137454:fixlist.txt]

Save it next to FRST, overwriting the existing one.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Edited by JSntgRvr, 08 May 2013 - 03:16 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 steelchamps

steelchamps
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:51 AM

Posted 08 May 2013 - 04:30 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2013
Ran by SYSTEM at 2013-05-08 16:31:06 Run:3
Running from G:\
Boot Mode: Recovery
==============================================

HKEY_USERS\SSTENGER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\JavaInstallRetry => Value not found.
HKEY_USERS\SSTENGER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0 => Value not found.
HKEY_USERS\SSTENGER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => Value not found.

=========  Dir /a C:\Windows\System32\*.nls =========

 Volume in drive C has no label.
 Volume Serial Number is A059-21FA

 Directory of C:\Windows\System32

06/10/2009  01:10 PM            66,082 c_28603.nls
06/10/2009  01:10 PM            66,082 C_28605.NLS
06/10/2009  01:10 PM            66,594 C_437.NLS
06/10/2009  01:10 PM            66,082 C_500.NLS
06/10/2009  01:10 PM            66,082 C_708.NLS
06/10/2009  01:10 PM            66,594 C_720.NLS
06/10/2009  01:10 PM            66,594 C_737.NLS
06/10/2009  01:10 PM            66,594 C_775.NLS
06/10/2009  01:10 PM            66,594 C_850.NLS
06/10/2009  01:10 PM            66,594 C_852.NLS
06/10/2009  01:10 PM            66,594 C_855.NLS
06/10/2009  01:10 PM            66,594 C_857.NLS
06/10/2009  01:10 PM            66,594 C_858.NLS
06/10/2009  01:10 PM            66,594 C_860.NLS
06/10/2009  01:10 PM            66,594 C_861.NLS
06/10/2009  01:10 PM            66,594 C_862.NLS
06/10/2009  01:10 PM            66,594 C_863.NLS
06/10/2009  01:10 PM            66,594 C_864.NLS
06/10/2009  01:10 PM            66,594 C_865.NLS
06/10/2009  01:10 PM            66,594 C_866.NLS
06/10/2009  01:10 PM            66,594 C_869.NLS
06/10/2009  01:10 PM            66,082 C_870.NLS
06/10/2009  01:10 PM            66,594 C_874.NLS
06/10/2009  01:10 PM            66,082 C_875.NLS
06/10/2009  01:10 PM           162,850 C_932.NLS
06/10/2009  01:10 PM           196,642 C_936.NLS
06/10/2009  01:10 PM           196,642 C_949.NLS
06/10/2009  01:10 PM           196,642 C_950.NLS
11/29/2012  03:15 PM           420,064 locale.nls
06/10/2009  01:10 PM             9,958 l_intl.nls
06/10/2009  01:10 PM            59,342 normidna.nls
06/10/2009  01:10 PM            47,076 normnfc.nls
06/10/2009  01:10 PM            40,566 normnfd.nls
06/10/2009  01:10 PM            67,808 normnfkc.nls
06/10/2009  01:10 PM            61,718 normnfkd.nls
              35 File(s)      3,054,492 bytes
               0 Dir(s)  236,842,991,616 bytes free

========= End of CMD: =========


==== End of Fixlog ====



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:04:51 AM

Posted 08 May 2013 - 07:48 PM

If I compare the number of NLS files with the ones in my computer, we are talking 35 files vs 120. Chances are there are files missing.

Please run FRST. Allow it to finish and post its report. The last one was kind of short.


Edited by JSntgRvr, 08 May 2013 - 07:57 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users